| |
| |||||||
Log-Analyse und Auswertung: Windows 7 wie kann ich den DHL Trojaner vollständig entfernenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
09.06.2015, 17:50
| #1 |
 |  Windows 7 wie kann ich den DHL Trojaner vollständig entfernen Hallo Team von Trojaner Board, ich habe letze Woche ein mail von DHL bekommen mit einer zipdatei und habe diese entpackt und die pdf Datei angeklickt... ich war so in gedanken und habe überhaupt nicht nachgedacht... beim Anklicken wurde mir klar da stimmt was nicht und ich habe gesehen dass der Absender ein ganz andere war..und auch die Transaktionsnummer gab es dann nicht auf der orginal DHL Seite. Somit ging ich davon aus dass ich den Trojaner aktiviert habe... ich habe nun 3 oder 4 mal das Antivirusporgramm Windows Microsoft Security Essential drüber laufen lassen und es wurden auch Viren gefunden und in Quarantäne geschoben. ich habe diese jedes Mal gelöscht und erst bei driten oder 4. Vollscann kam keine Virusmeldung mehr... Dannach bekam ich am nächsten Tag lauter "Mail delivered emails in meinen Posteingängen waren insgesamt über 300 Emails... Ich habe meine Passwörter alle von einem anderen - virenfreien- Rechner geändert und dann bekam ich heute nur noch 3 oder 4 solche Mail waren vielleicht noch in der Schleife... Der rechner zeigt sonst keine Auffälligkeiten im Moment auch nicht beim booten, aber ich traue der sache nicht und wüsste gerne ob ich wirklich alles erwischt habe und der rechner clean ist.... So hier nun die einzelnen vorbereiteten Dateien: Defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:51 on 08/06/2015
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
------------------------------------------------------------------------
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version:08-06-2015
Ran by ******* ******* at 2015-06-08 21:58:39
Running from C:\Users\******* *******\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2361403017-131952453-2753301349-500 - Administrator - Disabled)
Gast (S-1-5-21-2361403017-131952453-2753301349-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2361403017-131952453-2753301349-1006 - Limited - Enabled)
******* ******* (S-1-5-21-2361403017-131952453-2753301349-1000 - Administrator - Enabled) => C:\Users\******* *******
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Photoshop 6.0 (HKLM-x32\...\Adobe Photoshop 6.0) (Version: 6.0 - Adobe Systems, Inc.)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version: 3.0 - )
Amazon Kindle (HKU\S-1-5-21-2361403017-131952453-2753301349-1000\...\Amazon Kindle) (Version: - Amazon)
Amazon MP3-Downloader 1.0.9 (HKLM-x32\...\Amazon MP3-Downloader) (Version: - )
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 1.2.6 (HKLM-x32\...\Audacity_is1) (Version: - )
Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.15 - Audible, Inc.)
Audiograbber 1.83 SE (HKLM-x32\...\Audiograbber) (Version: 1.83 SE - Audiograbber)
Audiograbber MP3-Plugin (HKLM-x32\...\Audiograbber-Lame) (Version: 1.0 - AG)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
Canon MG5400 series Benutzerregistrierung (HKLM-x32\...\Canon MG5400 series Benutzerregistrierung) (Version: - Canon Inc.)
Canon MG5400 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5400_series) (Version: 1.00 - Canon Inc.)
Canon MG5400 series On-screen Manual (HKLM-x32\...\Canon MG5400 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4291 - CDBurnerXP)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.111.0.62 - Conexant)
CVE-2012-4969 (HKLM\...\{777afb2a-98e5-4f14-b455-378a925cae15}.sdb) (Version: - )
DATA BECKER CD-DVD Druckerei 7 (HKLM-x32\...\CD-DVD Druckerei 7_is1) (Version: 7.50.0.30 - DATA BECKER GmbH & Co. KG)
DivX-Setup (HKLM-x32\...\DivX Setup.divx.com) (Version: 2.5.0.15 - DivX, LLC)
Dropbox (HKU\S-1-5-21-2361403017-131952453-2753301349-1000\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
Energy Management (HKLM-x32\...\{0CE226F3-EB27-4ECD-BBF5-F088716779FD}) (Version: 5.4.1.9 - Lenovo)
ETDWare PS/2-x64 7.0.4.18_WHQL (HKLM\...\Elantech) (Version: 7.0.4.18 - ELAN Microelectronics Corp.)
FileZilla Client 3.10.3 (HKLM-x32\...\FileZilla Client) (Version: 3.10.3 - Tim Kosse)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\Firebird SQL Server D) (Version: 2.0.1.13 - MAGIX AG)
Free YouTube Download version 3.1.25.423 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.1.25.423 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.53.113 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.53.113 - DVDVideoSoft Ltd.)
freeTunes*3.0 (HKLM-x32\...\{447E3935-A085-42D4-0001-8BE5E4034B40}) (Version: 3.0.12.1213 - Engelmann Media GmbH)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation)
Internet Explorer Toolbar 4.8 by SweetPacks (x32 Version: 4.8.0000 - SweetIM Technologies Ltd.) Hidden
Inxmail Professional 4.3 (HKLM-x32\...\Inxmail Professional 4.3) (Version: - )
iSkysoft Video Converter Ultimate(Build 5.4.1.0) (HKLM-x32\...\iSkysoft Video Converter Ultimate_is1) (Version: 5.4.1.0 - iSkysoft Software)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Juniper Networks Host Checker (HKU\S-1-5-21-2361403017-131952453-2753301349-1000\...\Neoteris_Host_Checker) (Version: 7.1.0.20169 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-2361403017-131952453-2753301349-1000\...\Juniper_Setup_Client) (Version: 7.1.6.17115 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Kalender-Excel-8.8.1 (HKLM-x32\...\Kalender-Excel-8.8.1_is1) (Version: 8.8.1 - MSDatec)
Langenscheidt Grammatiktrainer 6.0 Spanisch (HKLM-x32\...\Grammatiktrainer 6.0 Spanisch) (Version: 01.00.00.00 - Langenscheidt)
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.100 - Broadcom Corporation)
Lenovo DirectShare (HKLM-x32\...\InstallShield_{B2164CCB-C002-4B80-8550-7535D80DF237}) (Version: 1.0.1.38 - ArcSoft)
Lenovo DirectShare (x32 Version: 1.0.1.38 - ArcSoft) Hidden
Lenovo EasyCamera (HKLM-x32\...\{FE7AD27A-62B1-44F6-B69C-25D1ECA94F5D}) (Version: 5.38.2.9 - Silicon Motion)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1230 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1230 - CyberLink Corp.) Hidden
Lenovo ReadyComm 5 (HKLM-x32\...\{17542DBF-E17C-4562-BC4D-FA3EF3076C45}) (Version: 5.1.1.20 - Lenovo)
Lenovo ReadyComm 5.0 Service (HKLM-x32\...\{76C66170-C538-4E77-B54D-48E136B5B533}) (Version: 5.0.0.1 - Lenovo Group Limited)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3711 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 3.1.3711 - CyberLink Corp.) Hidden
Lenovo_Wireless_Driver (HKLM-x32\...\{28ABE740-47F3-441B-9437-852F6A64EFF8}) (Version: 1.02.01 - Lenovo)
lingDIALOG (HKLM-x32\...\InstallShield_{071B843C-9A39-40B3-BB01-BBD6A8D2E1C5}) (Version: 3.0908 - WEVOSYS)
lingDIALOG (x32 Version: 3.0908 - WEVOSYS) Hidden
MAGIX Foto Manager 8 6.0.1.457 (D) (HKLM-x32\...\MAGIX Foto Manager 8 D) (Version: 6.0.1.457 - MAGIX AG)
MAGIX Fotobuch 3.6 (HKLM-x32\...\MAGIX Fotobuch) (Version: 3.6 - MAGIX AG)
MAGIX Online Druck Service 3.4.3.0 (D) (HKLM-x32\...\MAGIX Online Druck Service D) (Version: 3.4.3.0 - MAGIX AG)
MAGIX Screenshare 4.3.6.1987 (D) (HKLM-x32\...\MAGIX Screenshare D) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Video deluxe 15 8.0.0.62 (D) (HKLM-x32\...\MAGIX Video deluxe 15 D) (Version: 8.0.0.62 - MAGIX AG)
maxdome Download Manager 4.1.300.78 (HKLM-x32\...\{E948B551-08DB-4163-8995-8C43B03D1B19}) (Version: 4.1.30078 - Prosieben)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Expression Web 4 (HKLM-x32\...\Web_4.0.1460.0) (Version: 4.0.1460.0 - Microsoft Corporation)
Microsoft Office 2000 Premium (HKLM-x32\...\{00000407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2816 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{09298F26-A95C-31E2-9D95-2C60F586F075}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mufin MusicFinder Base 1.5.3.255 (D) (HKLM-x32\...\Mufin MusicFinder Base D) (Version: 1.5.3.255 - MAGIX AG)
MyFreeCodec (HKU\S-1-5-21-2361403017-131952453-2753301349-1000\...\MyFreeCodec) (Version: - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.3.1 - )
Nur Entfernen der CopyTrans Suite möglich (HKU\S-1-5-21-2361403017-131952453-2753301349-1000\...\CopyTrans Suite) (Version: 3.006 - WindSolutions)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.61.39 - NVIDIA Corporation)
Nvu 1.0 (HKLM-x32\...\Nvu_is1) (Version: 1.0 - Thorsten Fritz)
Onekey Theater (HKLM-x32\...\{DFB19121-0609-49C1-92B1-546E5A940FE8}) (Version: 2.0.1.8 - Lenovo)
Opera 12.16 (HKLM-x32\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Play Movie (HKLM-x32\...\{A450831D-25F6-4F42-9662-D000B25E0D82}) (Version: 1.5.1.6121 - CyberLink Corp.)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.4809d4 - CyberLink Corp.)
Protect Disc License Helper 1.0.125 (IE) (HKU\.DEFAULT\...\Protect Disc License Helper) (Version: 1.0.125 - Protect Disc)
Protect Disc License Helper 1.0.125 (IE) (HKU\S-1-5-21-2361403017-131952453-2753301349-1000\...\Protect Disc License Helper) (Version: 1.0.125 - Protect Disc)
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30116 - Realtek Semiconductor Corp.)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Secunia PSI (2.0.0.4003) (HKLM-x32\...\Secunia PSI) (Version: 2.0.0.4003 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
StarMoney (x32 Version: 2.0 - StarFinanz) Hidden
StarMoney (x32 Version: 4.0.0.203 - StarFinanz) Hidden
StarMoney Business 4.0 S-Edition (HKLM-x32\...\{3DE6A16F-DB09-449E-B12E-651F661BB488}) (Version: 4.0 - Star Finanz GmbH)
StarMoney Business 6.0 S-Edition (HKLM-x32\...\{FC477001-3A24-41C8-BA59-13852DECA894}) (Version: 6.0 - Star Finanz GmbH)
STRATO HiDrive (HKLM-x32\...\{3E00C574-B650-401D-A898-4581AAD6CC74}) (Version: 1.0.0 - STRATO AG)
SweetIM Bundle by SweetPacks (HKLM-x32\...\SweetIM Bundle by SweetPacks) (Version: 1.0.0.0 - SweetPacks LTD)
TuneUp Utilities (HKLM-x32\...\TuneUp Utilities) (Version: 9.0.4100.36 - TuneUp Software)
TuneUp Utilities (x32 Version: 9.0.4100.36 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 9.0.4100.36 - TuneUp Software) Hidden
VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0 - DivX, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Vokabeltrainer-Update 6.0.18 (HKLM-x32\...\{5BB72321-F9E7-42C2-9400-AFC195E4F8C6}) (Version: 6.0.18 - Langenscheidt)
Webocton - Scriptly 0.8.95.6 (HKLM-x32\...\Webocton - Scriptly_is1) (Version: 0.8.95.6 - Webocton)
Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000) (HKLM\...\6B8550A319DDC8B17F35F4A89988705E4592349B) (Version: 06/15/2009 6.2.0.9000 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows-Treiberpaket - Lenovo (ACPIVPC) System (10/19/2009 5.4.0.1) (HKLM\...\0A4175B489A1B4A6E07E11B063A6263480C51D71) (Version: 10/19/2009 5.4.0.1 - Lenovo)
WinRAR 4.20 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2361403017-131952453-2753301349-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2361403017-131952453-2753301349-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2361403017-131952453-2753301349-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2361403017-131952453-2753301349-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2361403017-131952453-2753301349-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2361403017-131952453-2753301349-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2361403017-131952453-2753301349-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2361403017-131952453-2753301349-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2361403017-131952453-2753301349-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2361403017-131952453-2753301349-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
==================== Restore Points =========================
05-06-2015 07:21:07 Geplanter Prüfpunkt
08-06-2015 21:19:14 Windows Update
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {081BD915-8196-4DE0-BC8E-54D3F734B254} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {1CA3D3E7-A0EB-4DF3-85F5-F79CC85EC4A9} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance => C:\Program Files (x86)\TuneUp Utilities 2010\OneClick.exe [2010-05-10] (TuneUp Software)
Task: {2E42311C-CED5-4D60-8BAD-88CB42AB868E} - System32\Tasks\{7693949C-A2E9-4CCA-80FE-31A2CD043C87} => pcalua.exe -a "C:\Users\******* *******\AppData\Roaming\webssearches\UninstallManager.exe" -c -ptid=tugs <==== ATTENTION
Task: {4F2C44CE-875B-4DD2-82FD-0A58AC37FC78} - System32\Tasks\AdobeAAMUpdater-1.0-Laptop*******-******* ******* => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-03-21] (Adobe Systems Incorporated)
Task: {563D3DE8-68BC-4EB0-B27B-53921030EFCE} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {57B5279F-9950-4FA0-978B-E422F1FF26F8} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-11] (CyberLink)
Task: {5F2992FE-7099-467D-BC0D-AF4465F2B8C5} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {61A9FD26-BC8F-4C12-B656-569F68885C58} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-10-07] (Oracle Corporation)
Task: {681DC04C-1C98-49A8-AF51-F1F5A8E32D20} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2012-07-18] (Microsoft Corporation)
Task: {785D922F-7D2B-4813-8D5A-C9A8059DE065} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: {798B4A27-F2E7-4CB5-B750-557905AC80EC} - System32\Tasks\DSite => C:\Users\*******~1\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {7C191AA8-1FAD-4A86-9522-2428AC3AE259} - System32\Tasks\{4C0194EE-5537-4843-BF98-35E386F7AF29} => pcalua.exe -a "C:\Users\******* *******\Downloads\jxpiinstall(2).exe" -d "C:\Users\******* *******\Downloads"
Task: {86B704FE-543E-4592-AF0C-59FA38C2049C} - System32\Tasks\QtraxPlayer => 1100543380.portal.qtrax.com
Task: {89B60E71-5723-40D5-9AE2-085B88429DB8} - System32\Tasks\{FD219611-8DDF-4579-B780-03A680E4B801} => pcalua.exe -a F:\Setup.exe -d F:\
Task: {8B6F2A58-7B0F-48F8-9FCC-9C017F0F1461} - System32\Tasks\{D00D62CE-151C-418D-8CE5-7F8E7C5AADF9} => pcalua.exe -a "C:\Users\******* *******\Downloads\AudibleDM_iTunesSetup(1).exe" -d "C:\Users\******* *******\Downloads"
Task: {8F202157-4DB7-450F-BDE4-9237CA717E2E} - System32\Tasks\{8AADBB6C-24F7-4A73-9ADB-11100F00F1A5} => pcalua.exe -a "C:\Program Files (x86)\sweetpacks bundle uninstaller\uninstaller.exe" -c "/appName=SweetIM Bundle by SweetPacks" "/linkurl=hxxp://lp.sweetim.com/SweetPacksBundleUninstaller" "/sweettext=SweetIM (SweetIM for Messenger, Toolbar, Update Manager)"
Task: {A23B1418-EC13-46DC-841E-0803EBAE2455} - System32\Tasks\{6C8D082B-2E0E-47F7-8AE1-F0B82A491C80} => pcalua.exe -a F:\setup.exe -d F:\
Task: {B0D4189C-9C9F-46EC-A7DB-E3D6260BE0C2} - System32\Tasks\4815 => Wscript.exe C:\Users\*******~1\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {C8B9888B-9034-4E7E-B751-CF75A1FC868D} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {D8015C09-7A25-4FA4-8A07-7D884828C692} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
Task: {DB58FCD4-A756-48CF-8AAB-94420D59BC69} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E341CB5D-1B58-4ED4-A235-C973BB57199A} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {E735D288-00C2-414C-99B1-64AEA6BC488F} - System32\Tasks\{D475E93F-77B6-4201-B4EA-954BB9D8EBE5} => pcalua.exe -a "C:\Users\******* *******\Downloads\AudibleDM_iTunesSetup(3).exe" -d "C:\Users\******* *******\Downloads"
Task: {F1E6B4FA-3393-4C65-9939-95DF21E5D556} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-17] (Adobe Systems Incorporated)
Task: {F544CF95-285C-439E-9472-9EE09603C945} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
Task: {F854969B-9DD6-44A6-A1ED-30696D6AF1F1} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2014-08-28 12:58 - 2012-03-28 14:49 - 00140456 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2009-08-11 18:59 - 2009-08-11 18:59 - 00173344 _____ () C:\Program Files\Lenovo\Bluetooth Software\btkeyind.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2015-03-29 12:25 - 2015-03-29 12:25 - 00043480 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2009-05-01 17:58 - 2009-05-01 17:58 - 01057512 _____ () C:\Program Files (x86)\maxdome\DCBin\PocoFoundation.dll
2009-05-01 17:58 - 2009-05-01 17:58 - 00627944 _____ () C:\Program Files (x86)\maxdome\DCBin\PocoNet.dll
2009-05-01 17:58 - 2009-05-01 17:58 - 00514352 _____ () C:\Program Files (x86)\maxdome\DCBin\sqlite3.dll
2009-05-01 17:58 - 2009-05-01 17:58 - 00517352 _____ () C:\Program Files (x86)\maxdome\DCBin\PocoXML.dll
2014-07-27 22:38 - 2011-01-13 10:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney Business 6.0 S-Edition\ouservice\PATCHW32.dll
2010-08-17 10:31 - 2010-04-20 22:41 - 00318976 _____ () C:\windows\system32\370prop.ax
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-10-04 21:42 - 2014-08-05 10:22 - 01489408 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\DAQExp.dll
2014-10-04 21:42 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\CBSCreateVC.dll
2015-06-08 21:07 - 2015-06-08 21:07 - 00043008 _____ () c:\Users\******* *******\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxrvfwh.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\******* *******\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\******* *******\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\******* *******\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\******* *******\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-02-14 16:46 - 2013-02-14 16:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2014-10-22 23:31 - 2014-10-22 23:31 - 00170496 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3d576cbc4ffc5ad06fd61510c5d8f326\IsdiInterop.ni.dll
2010-08-17 10:18 - 2010-03-03 22:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2015-03-29 12:25 - 2015-03-29 12:25 - 00039384 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2361403017-131952453-2753301349-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\******* *******\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 192.168.0.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{5761E1F0-A1E8-4F33-8CBE-EB9127C61DBD}] => (Allow) C:\Program Files (x86)\Lenovo\PlayMovie\PlayMovie.exe
FirewallRules: [{B5D35172-AF0C-408C-8DA9-22472454AC31}] => (Allow) C:\Program Files (x86)\Lenovo\PlayMovie\PMVService.exe
FirewallRules: [{3CDB0F72-B965-4EBF-8B3E-38A057E71AC1}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{C68AF74B-49DB-497D-8FF4-B350B32C5BA5}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{267868FF-88F0-44BB-9466-968D89E23090}] => (Allow) C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe
FirewallRules: [{0B187981-CC75-46D9-91B8-F7B8B8F1A51A}] => (Allow) C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe
FirewallRules: [{5441AE00-64B6-4911-9DC5-C79BEDA4FFFB}] => (Allow) C:\windows\System32\IgrsSvcs.exe
FirewallRules: [{32CA0032-763C-41D0-AF80-504B2ADD9CB5}] => (Allow) C:\windows\System32\IgrsSvcs.exe
FirewallRules: [{2D48B278-0A58-4C15-818F-8949D72E3669}] => (Allow) C:\Program Files\Lenovo\ReadyComm\ReadyCom.exe
FirewallRules: [{3903A43D-8C84-4319-B438-485D2B22B41C}] => (Allow) C:\Program Files\Lenovo\ReadyComm\ReadyComm.exe
FirewallRules: [{ED1ABDF5-2B04-459D-8AAC-056D4BD84D1F}] => (Allow) C:\Program Files\Lenovo\ReadyComm\Projectionist.exe
FirewallRules: [{AA47AE03-BB9D-44B4-9B5E-2026C94F876A}] => (Allow) C:\Program Files\Lenovo\ReadyComm\Projectionist.exe
FirewallRules: [{9D2AB2B0-AA2D-49ED-AE0D-47DA6529B1F0}] => (Allow) C:\Program Files\Lenovo\ReadyComm\AppSvc.exe
FirewallRules: [{6DBF2D53-3411-4F12-A69C-8E5511407677}] => (Allow) C:\Program Files\Lenovo\ReadyComm\AppSvc.exe
FirewallRules: [{ECE394B8-303E-45A7-91C8-15828BD08833}] => (Allow) C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe
FirewallRules: [{CF8044D5-9209-4C41-8A68-B8F6F4277793}] => (Allow) C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe
FirewallRules: [{E38C05F4-8156-46AA-8F33-36AD466D1CD8}] => (Allow) C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe
FirewallRules: [{D7AD91D8-BEE9-4B13-ADBA-409E9D3D60E3}] => (Allow) C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe
FirewallRules: [{5BA4E51D-E6D3-402E-8520-032D7D07ACCC}] => (Allow) C:\Program Files (x86)\StarMoney Business 4.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{78F30922-FF1D-4EA7-9EBB-2DB455A9502B}] => (Allow) C:\Program Files (x86)\StarMoney Business 4.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{5928519A-2F1B-43F8-8B89-8B537E2CA522}] => (Allow) C:\Program Files (x86)\StarMoney Business 4.0 S-Edition\app\StarMoney.exe
FirewallRules: [{77302389-FB7E-4E55-88E6-8AC45AE61007}] => (Allow) C:\Program Files (x86)\StarMoney Business 4.0 S-Edition\app\StarMoney.exe
FirewallRules: [{DA3315BC-7717-463E-9982-04110E3870A6}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{D40D7D3E-21D7-44CC-89B4-CF6D4332438E}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{E3950429-5B1D-4103-AD9B-EC9EF99E05B1}] => (Allow) C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{2CCD9CC8-E416-4EBF-8A6D-BE9EC286FD42}] => (Allow) C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{1697D3A7-7BDE-4A3B-B272-4FE4FE213959}C:\program files (x86)\opera\opera.exe] => (Block) C:\program files (x86)\opera\opera.exe
FirewallRules: [UDP Query User{002AAE78-C9A9-45CE-91EB-BC0C6667400D}C:\program files (x86)\opera\opera.exe] => (Block) C:\program files (x86)\opera\opera.exe
FirewallRules: [{8661FE83-5E1D-4834-BA56-9108F1B6B980}] => (Allow) C:\Program Files (x86)\StarMoney Business 6.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{6D1B1E5D-B933-4B84-8AF0-ECE2F454F119}] => (Allow) C:\Program Files (x86)\StarMoney Business 6.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{044EE441-A44D-4A87-81FB-4CF04C83EE0E}] => (Allow) C:\Program Files (x86)\StarMoney Business 6.0 S-Edition\app\StarMoney.exe
FirewallRules: [{92088180-83B8-4550-9ECB-3A966B7B2E99}] => (Allow) C:\Program Files (x86)\StarMoney Business 6.0 S-Edition\app\StarMoney.exe
FirewallRules: [TCP Query User{80BDCAB3-EC76-4895-9FE1-5CD917460CAE}C:\users\******* *******\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\******* *******\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{9721C51A-DA40-4EBD-BED1-AD010FECB3FE}C:\users\******* *******\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\******* *******\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{0125153B-57D7-445F-A1DF-7122D405BEF9}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{6D5FD094-9C19-45A2-AE78-845640D5122F}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{DA158FA4-F244-4BD2-B1CE-E2A0ABF5B5D3}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{29DE43EB-91B4-43B0-8AE5-DBD34649C6D7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2CAA98C0-F0B6-4279-8FBA-5FD836022442}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8952BD8E-D5B3-4E32-BB88-1ECAACC813BC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2B1C94AD-1440-4E26-BCBC-14869A0C5806}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E7FCD578-277A-4DDB-861E-D626D232EFF4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CA94CC17-233D-4050-9316-F13E5341BC1F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6555282B-B9B7-4FA2-A75F-AA7E23731C89}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{D8C3E479-96CF-4A1F-8B96-3E5EF8B9C04A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{6DE18905-F47E-4040-93E3-7FE3A7E1804D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{05CA5064-89CE-4E33-AEA9-8C7BA1413E52}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
Name: Microsoft-Adapter für Miniports virtueller WiFis
Description: Microsoft-Adapter für Miniports virtueller WiFis
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Broadcom BCM2070 Bluetooth 2.1+EDR USB Device
Description: Broadcom BCM2070 Bluetooth 2.1+EDR USB Device
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/08/2015 09:24:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: b6c
Startzeit: 01d0a21e10da9b08
Endzeit: 2813
Anwendungspfad: C:\windows\Explorer.EXE
Berichts-ID: eb5165e0-0e13-11e5-b4c4-d4a9d9bbbea3
Error: (06/08/2015 09:15:08 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "E:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"
Error: (06/08/2015 09:10:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DATA BECKER Update Service.exe, Version: 0.0.3.8, Zeitstempel: 0x4cd2c1c1
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b3e0
Ausnahmecode: 0xc0000374
Fehleroffset: 0x000cea0b
ID des fehlerhaften Prozesses: 0x1bc8
Startzeit der fehlerhaften Anwendung: 0xDATA BECKER Update Service.exe0
Pfad der fehlerhaften Anwendung: DATA BECKER Update Service.exe1
Pfad des fehlerhaften Moduls: DATA BECKER Update Service.exe2
Berichtskennung: DATA BECKER Update Service.exe3
Error: (06/05/2015 07:15:47 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "UCCAPI,processorArchitecture="x86",type="win32",version="2.0.0.0"1".
Die abhängige Assemblierung "UCCAPI,processorArchitecture="x86",type="win32",version="2.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (06/05/2015 07:15:21 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (06/04/2015 04:40:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: OneClick.exe, Version: 9.0.4100.36, Zeitstempel: 0x4be7eab5
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b3e0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002dfe4
ID des fehlerhaften Prozesses: 0x540
Startzeit der fehlerhaften Anwendung: 0xOneClick.exe0
Pfad der fehlerhaften Anwendung: OneClick.exe1
Pfad des fehlerhaften Moduls: OneClick.exe2
Berichtskennung: OneClick.exe3
Error: (06/04/2015 07:03:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21809938
Error: (06/04/2015 07:03:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21809938
Error: (06/04/2015 07:03:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (06/04/2015 07:03:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21808893
System errors:
=============
Error: (06/08/2015 09:08:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ReadyComm.DirectRouter" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (06/08/2015 09:06:04 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (06/05/2015 10:57:42 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
Neue Signaturversion:
Vorherige Signaturversion: 114.21.0.0
Aktualisierungsquelle: %NT-AUTORITÄT51
Aktualisierungsphase: 4.8.0204.00
Quellpfad: 4.8.0204.01
Signaturtyp: %NT-AUTORITÄT602
Aktualisierungstyp: %NT-AUTORITÄT604
Benutzer: NT-AUTORITÄT\NETZWERKDIENST
Aktuelle Modulversion: %NT-AUTORITÄT605
Vorherige Modulversion: %NT-AUTORITÄT606
Fehlercode: %NT-AUTORITÄT607
Fehlerbeschreibung: %NT-AUTORITÄT608
Error: (06/05/2015 10:57:42 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
Neue Signaturversion:
Vorherige Signaturversion: 1.199.1629.0
Aktualisierungsquelle: %NT-AUTORITÄT51
Aktualisierungsphase: 4.8.0204.00
Quellpfad: 4.8.0204.01
Signaturtyp: %NT-AUTORITÄT602
Aktualisierungstyp: %NT-AUTORITÄT604
Benutzer: NT-AUTORITÄT\NETZWERKDIENST
Aktuelle Modulversion: %NT-AUTORITÄT605
Vorherige Modulversion: %NT-AUTORITÄT606
Fehlercode: %NT-AUTORITÄT607
Fehlerbeschreibung: %NT-AUTORITÄT608
Error: (06/05/2015 10:57:42 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
Neue Signaturversion:
Vorherige Signaturversion: 1.199.1629.0
Aktualisierungsquelle: %NT-AUTORITÄT51
Aktualisierungsphase: 4.8.0204.00
Quellpfad: 4.8.0204.01
Signaturtyp: %NT-AUTORITÄT602
Aktualisierungstyp: %NT-AUTORITÄT604
Benutzer: NT-AUTORITÄT\NETZWERKDIENST
Aktuelle Modulversion: %NT-AUTORITÄT605
Vorherige Modulversion: %NT-AUTORITÄT606
Fehlercode: %NT-AUTORITÄT607
Fehlerbeschreibung: %NT-AUTORITÄT608
Error: (06/05/2015 10:57:41 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
Neue Signaturversion:
Vorherige Signaturversion: 1.199.1629.0
Aktualisierungsquelle: %NT-AUTORITÄT59
Aktualisierungsphase: 4.8.0204.00
Quellpfad: 4.8.0204.01
Signaturtyp: %NT-AUTORITÄT602
Aktualisierungstyp: %NT-AUTORITÄT604
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion: %NT-AUTORITÄT605
Vorherige Modulversion: %NT-AUTORITÄT606
Fehlercode: %NT-AUTORITÄT607
Fehlerbeschreibung: %NT-AUTORITÄT608
Error: (06/05/2015 10:49:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ReadyComm.DirectRouter" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (06/05/2015 10:46:36 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (06/05/2015 09:22:27 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (06/04/2015 05:04:10 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureCommand" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Microsoft Office:
=========================
Error: (06/08/2015 09:24:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.17567b6c01d0a21e10da9b082813C:\windows\Explorer.EXEeb5165e0-0e13-11e5-b4c4-d4a9d9bbbea3
Error: (06/08/2015 09:15:08 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: E:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)
Error: (06/08/2015 09:10:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DATA BECKER Update Service.exe0.0.3.84cd2c1c1ntdll.dll6.1.7601.187985507b3e0c0000374000cea0b1bc801d0a21eb667e434C:\Program Files (x86)\Common Files\DATA BECKER Shared\DATA BECKER Update Service.exeC:\windows\SysWOW64\ntdll.dllf6d68526-0e11-11e5-b4c4-d4a9d9bbbea3
Error: (06/05/2015 07:15:47 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: UCCAPI,processorArchitecture="x86",type="win32",version="2.0.0.0"c:\program files (x86)\windows live\messenger\wlcsdk.exe
Error: (06/05/2015 07:15:21 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8
Error: (06/04/2015 04:40:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: OneClick.exe9.0.4100.364be7eab5ntdll.dll6.1.7601.187985507b3e0c00000050002dfe454001d09e89eca024f1C:\Program Files (x86)\TuneUp Utilities 2010\OneClick.exeC:\windows\SysWOW64\ntdll.dllaf7c6d73-0ac7-11e5-8dee-d5ee7b4cb1ac
Error: (06/04/2015 07:03:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21809938
Error: (06/04/2015 07:03:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21809938
Error: (06/04/2015 07:03:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (06/04/2015 07:03:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21808893
CodeIntegrity Errors:
===================================
Date: 2014-10-21 17:35:09.377
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-10-21 17:35:09.153
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-06-23 11:55:55.996
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-06-23 11:55:55.811
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5 CPU M 450 @ 2.40GHz
Percentage of memory in use: 47%
Total physical RAM: 3958.85 MB
Available physical RAM: 2086.73 MB
Total Pagefile: 7915.89 MB
Available Pagefile: 5573.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:552.22 GB) (Free:84.4 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:27.66 GB) NTFS
Drive g: (INTENSO) (Removable) (Total:14.44 GB) (Free:11.57 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 0DD185C2)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=552.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)
========================================================
Disk: 1 (Size: 14.5 GB) (Disk ID: 80E6F3FA)
Partition 1: (Not Active) - (Size=14.5 GB) - (Type=0B)
==================== End of log ============================
FRST frst.txt Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-06-2015
Ran by ******* ******* (administrator) on LAPTOP******* on 08-06-2015 21:57:56
Running from C:\Users\******* *******\Downloads
Loaded Profiles: ******* ******* (Available Profiles: ******* *******)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(DATA BECKER GmbH & Co KG) C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Entriq, Inc.) C:\Program Files (x86)\maxdome\DCBin\DCService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney Business 6.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Audible, Inc.) C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(iSkySoft) C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Dropbox, Inc.) C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Dropbox.exe
(STRATO) C:\Program Files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [521272 2010-03-22] (Conexant Systems, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [TrayServer] => C:\Program Files (x86)\MAGIX\Video_deluxe_15\TrayServer.exe [90112 2008-08-07] (MAGIX AG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2014208 2014-08-05] (iSkySoft)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\iSkysoft\Video Converter Ultimate\DelayPluginI.exe [1960336 2014-09-26] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-2361403017-131952453-2753301349-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-2361403017-131952453-2753301349-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2015-03-18] (Microsoft Corporation)
HKU\S-1-5-21-2361403017-131952453-2753301349-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-07-17] (Google Inc.)
HKU\S-1-5-21-2361403017-131952453-2753301349-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-2361403017-131952453-2753301349-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-18\...\RunOnce: [WLStart] => C:\Program Files (x86)\Windows Live\Installer\wlstart.exe [786760 2009-07-26] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk [2014-10-03]
ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2010-08-17]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2012-03-24]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\******* *******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012-09-13]
ShortcutTarget: Dropbox.lnk -> C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\******* *******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\STRATO HiDrive.lnk [2013-10-03]
ShortcutTarget: STRATO HiDrive.lnk -> C:\Program Files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive.exe (STRATO)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1398624985&from=tugs&uid=WDCXWD6400BEVT-24A0RT0_WD-WX31A40H7188H7188&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1398624985&from=tugs&uid=WDCXWD6400BEVT-24A0RT0_WD-WX31A40H7188H7188&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1398624985&from=tugs&uid=WDCXWD6400BEVT-24A0RT0_WD-WX31A40H7188H7188
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1398624985&from=tugs&uid=WDCXWD6400BEVT-24A0RT0_WD-WX31A40H7188H7188
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1398624985&from=tugs&uid=WDCXWD6400BEVT-24A0RT0_WD-WX31A40H7188H7188&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1398624985&from=tugs&uid=WDCXWD6400BEVT-24A0RT0_WD-WX31A40H7188H7188&q={searchTerms}
HKU\S-1-5-21-2361403017-131952453-2753301349-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}
HKU\S-1-5-21-2361403017-131952453-2753301349-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1398624985&from=tugs&uid=WDCXWD6400BEVT-24A0RT0_WD-WX31A40H7188H7188&q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1398624985&from=tugs&uid=WDCXWD6400BEVT-24A0RT0_WD-WX31A40H7188H7188&q={searchTerms}
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&ptr=100&q={searchTerms}&crg=3.1010000.10039&barid={62D5D87B-D5AA-11E2-BBC0-C44619C07852}
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-19] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2015-01-13] (DVDVideoSoft Ltd.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-05-23] (DivX, LLC)
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll [2014-04-11] (Thinknice Co. Limited)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-05] (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-19] (Google Inc.)
BHO-x32: iSkysoft Video Converter Ultimate 5.1.0 -> {AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} -> C:\ProgramData\iSkysoft\Video Converter Ultimate\WSBrowserAppMgr.dll [2014-09-26] (Wondershare)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-05] (Oracle Corporation)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2015-01-13] (DVDVideoSoft Ltd.)
BHO-x32: SweetPacks Browser Helper -> {EEE6C35C-6118-11DC-9C72-001320C79847} -> C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2013-03-18] (SweetIM Technologies Ltd.)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-19] (Google Inc.)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2013-03-18] (SweetIM Technologies Ltd.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-19] (Google Inc.)
Toolbar: HKU\S-1-5-21-2361403017-131952453-2753301349-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-2361403017-131952453-2753301349-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKU\S-1-5-21-2361403017-131952453-2753301349-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-19] (Google Inc.)
Toolbar: HKU\S-1-5-21-2361403017-131952453-2753301349-1000 -> No Name - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No File
Toolbar: HKU\S-1-5-21-2361403017-131952453-2753301349-1000 -> No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
DPF: HKLM {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-04-29] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-04-29] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-04-29] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-04-29] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-04-29] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-04-29] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-04-29] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 - No File
Tcpip\..\Interfaces\{AF4B7A41-3583-463C-B531-3C89CE481D19}: [NameServer] 8.8.8.8,192.168.0.1
Tcpip\..\Interfaces\{DF2B36DA-9763-40AB-827C-61CD9F3CFD95}: [NameServer] 8.8.8.8,192.168.0.1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1398624985&from=tugs&uid=WDCXWD6400BEVT-24A0RT0_WD-WX31A40H7188H7188
FireFox:
========
FF ProfilePath: C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default
FF NewTab: chrome://quick_start/content/index.html
FF SearchEngineOrder.1: Search Results
FF SelectedSearchEngine: webssearches
FF Homepage: hxxp://istart.webssearches.com/?type=hppp&ts=1422705841&from=tugs&uid=WDCXWD6400BEVT-24A0RT0_WD-WX31A40H7188H7188
FF Keyword.URL: hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=410&sr=0&q=
FF NetworkProxy: "ftp", "194.110.219.43"
FF NetworkProxy: "ftp_port", 3129
FF NetworkProxy: "gopher", "194.110.219.43"
FF NetworkProxy: "gopher_port", 3129
FF NetworkProxy: "http", "194.110.219.43"
FF NetworkProxy: "http_port", 3129
FF NetworkProxy: "socks", "194.110.219.43"
FF NetworkProxy: "socks_port", 3129
FF NetworkProxy: "ssl", "194.110.219.43"
FF NetworkProxy: "ssl_port", 3129
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-17] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\windows\system32\npDeployJava1.dll [2012-06-17] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2013-03-21] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-17] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-05-25] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-05] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-24] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-24] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2013-03-21] (Adobe Systems)
FF Plugin HKU\.DEFAULT: @protectdisc.com/NPPDLicenseHelper -> C:\windows\system32\config\systemprofile\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll No File
FF Plugin HKU\S-1-5-21-2361403017-131952453-2753301349-1000: @protectdisc.com/NPPDLicenseHelper -> C:\Users\******* *******\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll [2009-06-25] ( )
FF user.js: detected! => C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\user.js [2014-04-27]
FF SearchPlugin: C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\searchplugins\delta.xml [2013-06-14]
FF SearchPlugin: C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\searchplugins\Search_Results.xml [2015-01-17]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml [2015-06-08]
FF Extension: Fast Start - C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\Extensions\faststartff@gmail.com [2014-07-27]
FF Extension: Proxy-Listen.de - Proxyswitcher - C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\Extensions\admin@proxy-listen.de.xpi [2014-01-20]
FF Extension: Best Proxy Switcher - C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\Extensions\bestproxyswitcher@bestproxyswitcher.com.xpi [2014-01-20]
FF Extension: anonymoX - C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\Extensions\client@anonymox.net.xpi [2014-01-20]
FF Extension: Firebug - C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\Extensions\firebug@software.joehewitt.com.xpi [2014-05-16]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2015-01-17]
FF Extension: Adblock Plus - C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-06]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011-07-31]
FF HKLM-x32\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\quick_start@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [ISVCU@iSkysoft.com] - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com
FF Extension: iSkysoft Video Converter Ultimate - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com [2014-10-04]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2015-05-24] <==== ATTENTION
Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.210.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U21) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Protect Disc License Acquisition Plugin) - C:\Users\******* *******\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Profile: C:\Users\******* *******\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\******* *******\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-08]
CHR Extension: (Google Search) - C:\Users\******* *******\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-08]
CHR Extension: (Google Wallet) - C:\Users\******* *******\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-27]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\******* *******\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-01-08]
CHR Extension: (Gmail) - C:\Users\******* *******\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-08]
CHR Extension: (Extutil) - C:\Users\*******~1\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B [2014-04-27]
CHR Extension: (Managera) - C:\Users\*******~1\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42 [2014-04-27]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-05-23]
CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\******* *******\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-04-27]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [864032 2009-08-11] (Broadcom Corporation.)
R2 DBService; C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe [2650112 2010-05-28] (DATA BECKER GmbH & Co KG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®) [File not signed]
R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [705136 2014-04-11] (Cherished Technololgy LIMITED)
S3 IGRS; C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-14] (Lenovo Group Limited)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [509192 2009-08-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [579400 2009-09-22] (Lenovo Group Limited)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 Prosieben; C:\Program Files (x86)\maxdome\DCBin\DCService.exe [77032 2009-05-01] (Entriq, Inc.)
S3 PS_MDP; C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-16] (Lenovo Group Limited)
S2 ReadyComm.DirectRouter; C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll [103688 2009-07-14] (Lenovo Group Limited)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [994360 2011-10-14] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-10-14] (Secunia)
S3 StarMoney Business 4.0 OnlineUpdate; C:\Program Files (x86)\StarMoney Business 4.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [554160 2011-11-08] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 StarMoney Business 6.0 OnlineUpdate; C:\Program Files (x86)\StarMoney Business 6.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 TuneUp.Defrag; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe [607048 2011-07-16] (TuneUp Software)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [1403208 2010-05-10] (TuneUp Software)
S3 UPnPService; C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [544768 2006-12-14] (Magix AG) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation)
S3 Bridge0; C:\Windows\System32\drivers\WDBridge.sys [79376 2009-07-16] (Lenovo)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [11856 2009-10-14] (TuneUp Software)
R3 usbsmi; C:\Windows\System32\DRIVERS\SMIksdrv.sys [200704 2010-04-20] (SMI)
R3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [11280 2009-07-16] (Lenovo)
S3 WsAudio_Device(1); C:\Windows\System32\drivers\VirtualAudio1.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(2); C:\Windows\System32\drivers\VirtualAudio2.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(3); C:\Windows\System32\drivers\VirtualAudio3.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(4); C:\Windows\System32\drivers\VirtualAudio4.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(5); C:\Windows\System32\drivers\VirtualAudio5.sys [31080 2013-01-25] (Wondershare)
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files (x86)\Lenovo\PlayMovie\000.fcl [146928 2010-01-21] (CyberLink Corp.)
U3 BcmSqlStartupSvc; No ImagePath
U2 IviRegMgr; No ImagePath
S3 MsgPlusDriver; system32\DRIVERS\MsgPlusDriver.sys [X]
U2 RichVideo; No ImagePath
U3 SQLWriter; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-08 21:56 - 2015-06-08 21:57 - 00052853 _____ C:\Users\******* *******\Downloads\Addition.txt
2015-06-08 21:54 - 2015-06-08 21:58 - 00000000 ____D C:\FRST
2015-06-08 21:54 - 2015-06-08 21:57 - 00036297 _____ C:\Users\******* *******\Downloads\FRST.txt
2015-06-08 21:53 - 2015-06-08 21:53 - 02108928 _____ (Farbar) C:\Users\******* *******\Downloads\FRST64.exe
2015-06-08 21:50 - 2015-06-08 21:50 - 00000000 _____ C:\Users\******* *******\defogger_reenable
2015-06-04 16:41 - 2015-06-04 16:41 - 00000000 ____D C:\Users\******* *******\AppData\Local\CrashDumps
2015-06-03 21:55 - 2015-06-03 21:55 - 00000000 ____D C:\12bf32d59e7e9d01b7adf8
2015-06-03 21:29 - 2015-06-03 21:29 - 00000000 ____D C:\windows\TempF16AF546-20B3-53CA-3D77-3D0C91573871-Signatures
2015-06-03 21:05 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-06-03 21:05 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-24 12:50 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-05-24 12:50 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-05-24 12:50 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-05-24 12:50 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-05-24 12:50 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-05-24 12:50 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-05-24 12:50 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-05-24 12:50 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-05-24 12:50 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-05-24 12:50 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-05-24 12:50 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-05-24 12:50 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-05-24 12:50 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-05-24 12:50 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-05-24 12:50 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-05-24 12:50 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-05-24 12:50 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-05-24 12:50 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-05-24 12:50 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-05-24 12:50 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-05-24 12:50 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-05-24 12:50 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-05-24 12:50 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-05-24 12:50 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-05-24 12:50 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-05-24 12:50 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-05-24 12:50 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-05-24 12:50 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-05-24 12:50 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-05-24 12:50 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-05-24 12:50 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-05-24 12:50 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-05-24 12:50 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-05-24 12:50 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-05-24 12:50 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-05-24 12:50 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-05-24 12:50 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-05-24 12:50 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-05-24 12:50 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-05-24 12:50 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-05-24 12:50 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-05-24 12:50 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-05-24 12:50 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-05-24 12:50 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-05-24 12:50 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-05-24 12:50 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-05-24 12:50 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-24 12:50 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-05-24 12:50 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-05-24 12:50 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-05-24 12:50 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-05-24 12:50 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-05-24 12:50 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-05-24 12:50 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-05-24 12:50 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-05-24 12:50 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-05-24 12:50 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-05-24 12:50 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-05-24 12:50 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-05-24 12:50 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-05-24 12:50 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-05-24 12:50 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-05-24 12:50 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-05-24 12:50 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-05-24 12:50 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2015-05-24 12:50 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-05-24 12:50 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2015-05-24 12:50 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2015-05-24 12:50 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2015-05-24 12:50 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\jnwmon.dll
2015-05-24 12:50 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\windows\SysWOW64\InkEd.dll
2015-05-24 12:50 - 2015-04-04 05:29 - 00155576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-05-24 12:50 - 2015-04-04 05:29 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-05-24 12:50 - 2015-04-04 05:22 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-05-24 12:50 - 2015-04-04 05:22 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-05-24 12:50 - 2015-04-04 05:22 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-05-24 12:50 - 2015-04-04 05:22 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-05-24 12:50 - 2015-04-04 05:22 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-05-24 12:50 - 2015-04-04 05:22 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-05-24 12:50 - 2015-04-04 05:22 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-05-24 12:50 - 2015-04-04 05:22 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-05-24 12:50 - 2015-04-04 05:22 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-05-24 12:50 - 2015-04-04 05:22 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-05-24 12:50 - 2015-04-04 05:20 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-05-24 12:50 - 2015-04-04 05:20 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-05-24 12:50 - 2015-04-04 05:17 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-05-24 12:50 - 2015-04-04 05:17 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-05-24 12:50 - 2015-04-04 05:15 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-05-24 12:50 - 2015-04-04 05:05 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-05-24 12:50 - 2015-04-04 05:05 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-05-24 12:50 - 2015-04-04 05:05 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-05-24 12:50 - 2015-04-04 05:05 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-05-24 12:50 - 2015-04-04 05:05 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-05-24 12:50 - 2015-04-04 05:05 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-05-24 12:50 - 2015-04-04 05:05 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-05-24 12:50 - 2015-04-04 05:04 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-05-24 12:50 - 2015-04-04 05:04 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-05-24 12:50 - 2015-04-04 05:01 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-05-24 12:50 - 2015-04-04 05:01 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-05-24 12:50 - 2015-04-04 04:59 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-05-24 12:48 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\windows\system32\services.exe
2015-05-24 12:46 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\windows\system32\wpdshext.dll
2015-05-24 12:46 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\windows\SysWOW64\wpdshext.dll
2015-05-24 12:43 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\apphelp.dll
2015-05-24 12:43 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\windows\system32\aelupsvc.dll
2015-05-24 12:43 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\windows\system32\sdbinst.exe
2015-05-24 12:43 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\shimeng.dll
2015-05-24 12:43 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\shimeng.dll
2015-05-24 12:43 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\windows\SysWOW64\apphelp.dll
2015-05-24 12:43 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\windows\SysWOW64\sdbinst.exe
2015-05-24 12:43 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\windows\SysWOW64\poqexec.exe
2015-05-24 12:43 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe
2015-05-24 10:54 - 2015-05-24 10:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-08 21:51 - 2011-07-17 22:33 - 00001110 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-08 21:50 - 2011-07-17 10:22 - 00000000 ____D C:\Users\******* *******\Documents\Outlook-Dateien
2015-06-08 21:50 - 2011-07-14 16:42 - 00000000 ____D C:\Users\******* *******
2015-06-08 21:43 - 2010-08-17 09:59 - 01091502 _____ C:\windows\WindowsUpdate.log
2015-06-08 21:42 - 2011-08-19 10:08 - 00000000 ____D C:\Users\******* *******\AppData\Roaming\Skype
2015-06-08 21:38 - 2013-05-22 21:08 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-06-08 21:31 - 2011-07-15 00:08 - 00000000 ____D C:\Users\******* *******\AppData\Local\Adobe
2015-06-08 21:16 - 2009-07-14 06:45 - 00022464 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-08 21:16 - 2009-07-14 06:45 - 00022464 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-08 21:09 - 2010-08-17 01:39 - 00699682 _____ C:\windows\system32\perfh007.dat
2015-06-08 21:09 - 2010-08-17 01:39 - 00149790 _____ C:\windows\system32\perfc007.dat
2015-06-08 21:09 - 2009-07-14 07:13 - 01620684 _____ C:\windows\system32\PerfStringBackup.INI
2015-06-08 21:08 - 2012-09-13 21:27 - 00000000 ___RD C:\Users\******* *******\Dropbox
2015-06-08 21:08 - 2012-09-13 21:22 - 00000000 ____D C:\Users\******* *******\AppData\Roaming\Dropbox
2015-06-08 21:07 - 2011-10-21 17:06 - 00000000 ____D C:\Users\******* *******\AppData\Local\13EFF61B-C0BE-4E7C-A631-8DB65ADD1790.aplzod
2015-06-08 21:04 - 2014-12-15 22:49 - 00007119 _____ C:\windows\setupact.log
2015-06-08 21:04 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-06-05 10:58 - 2009-07-14 05:20 - 00000000 ____D C:\windows\system32\NDF
2015-06-05 07:22 - 2009-07-14 05:20 - 00000000 ____D C:\windows\rescache
2015-06-04 16:47 - 2015-01-17 21:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Audio Pack
2015-06-03 22:47 - 2009-07-14 06:45 - 05057440 _____ C:\windows\system32\FNTCACHE.DAT
2015-06-03 22:45 - 2012-05-16 15:27 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-06-03 22:45 - 2012-05-16 15:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-06-03 22:43 - 2015-04-05 20:46 - 00000000 ___SD C:\windows\SysWOW64\GWX
2015-06-03 22:43 - 2015-04-05 20:46 - 00000000 ___SD C:\windows\system32\GWX
2015-06-03 22:43 - 2009-07-29 09:23 - 00000000 ____D C:\Program Files\Windows Journal
2015-06-03 22:43 - 2009-07-14 05:20 - 00000000 ____D C:\windows\system32\AdvancedInstallers
2015-06-03 22:42 - 2012-06-28 17:58 - 00002077 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-06-03 22:42 - 2012-06-28 17:53 - 00001912 _____ C:\windows\epplauncher.mif
2015-06-03 22:41 - 2012-06-28 17:58 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-06-03 22:41 - 2012-06-28 17:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2015-06-03 22:11 - 2013-08-15 23:08 - 00000000 ____D C:\windows\system32\MRT
2015-06-03 22:11 - 2011-08-21 11:56 - 140425016 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-06-03 22:11 - 2011-07-14 16:53 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-03 21:40 - 2014-08-28 12:57 - 00000000 ____D C:\ProgramData\CanonIJPLM
2015-06-03 21:04 - 2013-03-18 22:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-06-02 23:41 - 2013-04-08 21:57 - 00000000 ____D C:\Program Files (x86)\StarMoney Business 6.0 S-Edition
2015-05-27 21:12 - 2014-05-16 23:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-24 12:46 - 2011-07-17 22:33 - 00004106 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-24 12:46 - 2011-07-17 22:33 - 00003854 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-24 12:46 - 2011-07-17 22:33 - 00001106 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-10 22:21 - 2013-05-20 22:41 - 00000000 ____D C:\Users\******* *******\AppData\Local\Deployment
2015-05-10 10:10 - 2012-09-13 21:23 - 00000000 ____D C:\Users\******* *******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
==================== Files in the root of some directories =======
2011-01-12 02:00 - 2011-01-12 02:00 - 0146944 _____ () C:\Program Files (x86)\Common Files\dsfFLACDecoder.dll
2011-01-12 02:00 - 2011-01-12 02:00 - 0221184 _____ () C:\Program Files (x86)\Common Files\dsfFLACEncoder.dll
2011-01-12 02:00 - 2011-01-12 02:00 - 0204800 _____ () C:\Program Files (x86)\Common Files\dsfNativeFLACSource.dll
2012-05-11 14:16 - 2012-05-11 14:16 - 0171520 _____ () C:\Program Files (x86)\Common Files\dsfOggDemux2.dll
2011-01-12 02:00 - 2011-01-12 02:00 - 0240128 _____ () C:\Program Files (x86)\Common Files\dsfVorbisDecoder.dll
2009-07-11 23:08 - 2009-07-11 23:08 - 0001860 _____ () C:\Program Files (x86)\Common Files\Microsoft.VC90.CRT.manifest
2011-04-18 22:51 - 2011-04-18 22:51 - 0569680 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\MSVCP90.dll
2011-04-18 22:51 - 2011-04-18 22:51 - 0653136 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\MSVCR90.dll
2010-12-16 21:39 - 2010-12-16 21:39 - 0412672 _____ (Google) C:\Program Files (x86)\Common Files\vp8decoder.dll
2010-12-16 21:39 - 2010-12-16 21:39 - 0701440 _____ (Google) C:\Program Files (x86)\Common Files\vp8encoder.dll
2010-12-16 21:39 - 2010-12-16 21:39 - 0302592 _____ (Google) C:\Program Files (x86)\Common Files\webmmux.dll
2010-12-16 21:39 - 2010-12-16 21:39 - 0292352 _____ (Google) C:\Program Files (x86)\Common Files\webmsplit.dll
2011-01-12 02:00 - 2011-01-12 02:00 - 0030208 _____ () C:\Program Files (x86)\Common Files\wmpinfo.dll
2013-08-02 18:51 - 2013-08-02 18:51 - 0000132 _____ () C:\Users\******* *******\AppData\Roaming\Adobe CS6-GIF-Format - Voreinstellungen
2013-08-02 18:48 - 2015-04-27 20:13 - 0000132 _____ () C:\Users\******* *******\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2011-10-06 22:37 - 2011-10-06 22:38 - 0013003 _____ () C:\Users\******* *******\AppData\Roaming\Kommagetrennte Werte (DOS).CAL
2013-09-18 21:50 - 2013-09-18 23:38 - 145672688 _____ () C:\Users\******* *******\AppData\Local\ACCCx2_1_2_232.zip.aamdownload
2013-09-18 21:50 - 2013-09-18 23:38 - 0001817 _____ () C:\Users\******* *******\AppData\Local\ACCCx2_1_2_232.zip.aamdownload.aamd
2013-06-29 18:43 - 2013-06-29 18:43 - 0001456 _____ () C:\Users\******* *******\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2015-02-08 21:28 - 2015-02-08 21:28 - 0003560 _____ () C:\Users\******* *******\AppData\Local\recently-used.xbel
2011-07-14 17:34 - 2011-07-14 17:34 - 0000088 _____ () C:\ProgramData\profile.xml
Some files in TEMP:
====================
C:\Users\******* *******\AppData\Local\Temp\-bjjkz3q.dll
C:\Users\******* *******\AppData\Local\Temp\11d731b32dae4aaabac29fa6cd68ed90.dll
C:\Users\******* *******\AppData\Local\Temp\2024c4f2375c4b3fa39a075ca1bf550e.dll
C:\Users\******* *******\AppData\Local\Temp\25af56168c444d588a323ab502fb30e9.dll
C:\Users\******* *******\AppData\Local\Temp\2e1a786f20324ab3b52a967ee0fa6c63.dll
C:\Users\******* *******\AppData\Local\Temp\344f8714c90a4aeeb9c71b700f094ede.dll
C:\Users\******* *******\AppData\Local\Temp\356153d7dd074f8382e840e60e5c7711.dll
C:\Users\******* *******\AppData\Local\Temp\3DA.exe
C:\Users\******* *******\AppData\Local\Temp\40dfcefa5214443c89de2b48cb0e6ff2.dll
C:\Users\******* *******\AppData\Local\Temp\4d848098574649ad8ebecad588f5deba.dll
C:\Users\******* *******\AppData\Local\Temp\5573343603ea4dcc9c657f5ad86aeb06.dll
C:\Users\******* *******\AppData\Local\Temp\5BAA.exe
C:\Users\******* *******\AppData\Local\Temp\5c7e87fc1dd94e36a85a69dc11121f52.dll
C:\Users\******* *******\AppData\Local\Temp\60b3cd74ce7a4234bed495fb46c65858.dll
C:\Users\******* *******\AppData\Local\Temp\64A.exe
C:\Users\******* *******\AppData\Local\Temp\6522f064d51a47ee8fee4fdd6cf06e07.dll
C:\Users\******* *******\AppData\Local\Temp\66cccb2b73484c0691d3a6eec3ed4a57.dll
C:\Users\******* *******\AppData\Local\Temp\6916c4df8b4443828171ffd3e7eaf079.dll
C:\Users\******* *******\AppData\Local\Temp\7107ff45b98343c8a9759303d8d0fce7.dll
C:\Users\******* *******\AppData\Local\Temp\76469894716c4c7e9606a13d8f33847b.dll
C:\Users\******* *******\AppData\Local\Temp\78748e3476c94da6b4e423dfff3471bd.dll
C:\Users\******* *******\AppData\Local\Temp\7z920.exe
C:\Users\******* *******\AppData\Local\Temp\89a2d4818f5e428eb504a8a90fa6f5cf.dll
C:\Users\******* *******\AppData\Local\Temp\8c927caeef9e40af80ad1309befc1c63.dll
C:\Users\******* *******\AppData\Local\Temp\8D51~.exe
C:\Users\******* *******\AppData\Local\Temp\8D52~.exe
C:\Users\******* *******\AppData\Local\Temp\8D53~.exe
C:\Users\******* *******\AppData\Local\Temp\8d7e8090ae5d47e0be37088ee26dd7c6.dll
C:\Users\******* *******\AppData\Local\Temp\98407e817f454e9ab178a8ecacc8c488.dll
C:\Users\******* *******\AppData\Local\Temp\a0828cc18e2e446da21b2f95a7701351.dll
C:\Users\******* *******\AppData\Local\Temp\aafe3bf435a141e9b84aa4a10d1d1526.dll
C:\Users\******* *******\AppData\Local\Temp\aca029aeca9e4165a613f5450eea5553.dll
C:\Users\******* *******\AppData\Local\Temp\ad4b788ac29d4b28b20eb8afeffb71a4.dll
C:\Users\******* *******\AppData\Local\Temp\AdobeApplicationManager.exe
C:\Users\******* *******\AppData\Local\Temp\ae755d928a804f86b21bfde9058c83ae.dll
C:\Users\******* *******\AppData\Local\Temp\AskSLib.dll
C:\Users\******* *******\AppData\Local\Temp\b2a97147f6af4411ac0caf80e03f3581.dll
C:\Users\******* *******\AppData\Local\Temp\b578c9e8a4cf4a8eb8686e5bc67be014.dll
C:\Users\******* *******\AppData\Local\Temp\BackupSetup.exe
C:\Users\******* *******\AppData\Local\Temp\bi_cleaner.exe
C:\Users\******* *******\AppData\Local\Temp\bundlesweetimsetup.exe
C:\Users\******* *******\AppData\Local\Temp\c245d2ad13874b02be2ee206ae9cd9f5.dll
C:\Users\******* *******\AppData\Local\Temp\c8409dc2d47d435c819077d790ecb908.dll
C:\Users\******* *******\AppData\Local\Temp\c9b053c0c0784f90b1bd48f0d0b39960.dll
C:\Users\******* *******\AppData\Local\Temp\ChilkatDotNet2.dll
C:\Users\******* *******\AppData\Local\Temp\cp6zmeg8.dll
C:\Users\******* *******\AppData\Local\Temp\dc5dcf91d8ef4ed5ae5ce4fb9787591a.dll
C:\Users\******* *******\AppData\Local\Temp\DeleteVF.exe
C:\Users\******* *******\AppData\Local\Temp\DeltaTB.exe
C:\Users\******* *******\AppData\Local\Temp\DivXSetup.exe
C:\Users\******* *******\AppData\Local\Temp\dp.exe
C:\Users\******* *******\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxrvfwh.dll
C:\Users\******* *******\AppData\Local\Temp\dsHostCheckerSetup.exe
C:\Users\******* *******\AppData\Local\Temp\e8eb3fcd2ad94a528cfc5ca4a5562d19.dll
C:\Users\******* *******\AppData\Local\Temp\f3687dbf2c0d448598e8aee19cfc7bb6.dll
C:\Users\******* *******\AppData\Local\Temp\FileSystemView.dll
C:\Users\******* *******\AppData\Local\Temp\freetunes3_full.exe
C:\Users\******* *******\AppData\Local\Temp\FreeYouTubeToMP3Converter.exe
C:\Users\******* *******\AppData\Local\Temp\GenericUninstall.exe
C:\Users\******* *******\AppData\Local\Temp\ICReinstall_CodecPack.exe
C:\Users\******* *******\AppData\Local\Temp\ICReinstall_Firefox_Setup_16.0.1.exe
C:\Users\******* *******\AppData\Local\Temp\ICReinstall_ImageEditorSetup.exe
C:\Users\******* *******\AppData\Local\Temp\ITapi3.dll
C:\Users\******* *******\AppData\Local\Temp\mgsqlite3.dll
C:\Users\******* *******\AppData\Local\Temp\mgxfonts.exe
C:\Users\******* *******\AppData\Local\Temp\MgxVistaTools.dll
C:\Users\******* *******\AppData\Local\Temp\mpam-81557672.exe
C:\Users\******* *******\AppData\Local\Temp\MSETUP4.EXE
C:\Users\******* *******\AppData\Local\Temp\MsgPlusUninstall.exe
C:\Users\******* *******\AppData\Local\Temp\nsd106E.exe
C:\Users\******* *******\AppData\Local\Temp\nsi81EB.exe
C:\Users\******* *******\AppData\Local\Temp\nsi85E2.exe
C:\Users\******* *******\AppData\Local\Temp\nsiC48.exe
C:\Users\******* *******\AppData\Local\Temp\nst7D97.exe
C:\Users\******* *******\AppData\Local\Temp\nsy14E2.exe
C:\Users\******* *******\AppData\Local\Temp\nsy1E8C.exe
C:\Users\******* *******\AppData\Local\Temp\ose00000.exe
C:\Users\******* *******\AppData\Local\Temp\sdan.exe
C:\Users\******* *******\AppData\Local\Temp\sdapk.exe
C:\Users\******* *******\AppData\Local\Temp\sdaspwn.exe
C:\Users\******* *******\AppData\Local\Temp\SkypeSetup.exe
C:\Users\******* *******\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\******* *******\AppData\Local\Temp\uf0kqdwe.dll
C:\Users\******* *******\AppData\Local\Temp\uninst1.exe
C:\Users\******* *******\AppData\Local\Temp\uninstall.exe
C:\Users\******* *******\AppData\Local\Temp\uninstaller.exe
C:\Users\******* *******\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\******* *******\AppData\Local\Temp\vcredist_x64.exe
C:\Users\******* *******\AppData\Local\Temp\wajam_install.exe
C:\Users\******* *******\AppData\Local\Temp\WEB.DE_Sicherheitsupdate_Sep2012_Setup.exe
C:\Users\******* *******\AppData\Local\Temp\WEB.DE_Toolbar_IE_Setup.exe
C:\Users\******* *******\AppData\Local\Temp\WEB.DE_Toolbar_IE_Setup_quiet.exe
C:\Users\******* *******\AppData\Local\Temp\wgtiicyi.dll
C:\Users\******* *******\AppData\Local\Temp\WSSetup.exe
C:\Users\******* *******\AppData\Local\Temp\xmlUpdater.exe
C:\Users\******* *******\AppData\Local\Temp\_TinDel.exe
C:\Users\******* *******\AppData\Local\Temp\{0F806C95-AB71-4ACB-A648-B6B10128888C}-27.0.1453.116_27.0.1453.110_chrome_updater.exe
C:\Users\******* *******\AppData\Local\Temp\{3FE870E9-3DC5-4376-8618-040A43C2C532}-30.0.1599.69_29.0.1547.76_chrome_updater.exe
C:\Users\******* *******\AppData\Local\Temp\{CDC5965D-C94C-4ACC-8E97-7BEEFE8497DD}-29.0.1547.66_29.0.1547.62_chrome_updater.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-05 07:14
==================== End of log ============================
|
|
09.06.2015, 18:01
| #2 |
| | Windows 7 wie kann ich den DHL Trojaner vollständig entfernen GMER gmer.txt
__________________Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-06-08 22:28:57
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD64 rev.01.0 596,17GB
Running: Gmer-19357.exe; Driver: C:\Users\*******~1\AppData\Local\Temp\uxtiqpow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[3900] C:\windows\syswow64\kernel32.dll!FindResourceW 0000000076335911 5 bytes JMP 0000000100440980
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[3900] C:\windows\syswow64\kernel32.dll!FindResourceA 000000007634e95b 5 bytes JMP 0000000100440930
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[3900] C:\windows\syswow64\user32.DLL!LoadStringW 0000000076b28eb9 5 bytes JMP 0000000100440fd0
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[3900] C:\windows\syswow64\user32.DLL!LoadStringA 0000000076b2db21 5 bytes JMP 0000000100441110
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[3900] C:\windows\syswow64\user32.DLL!LoadMenuW 0000000076b34391 5 bytes JMP 0000000100440b40
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[3900] C:\windows\syswow64\user32.DLL!LoadMenuA 0000000076b44eef 5 bytes JMP 0000000100440ad0
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[3900] C:\windows\syswow64\user32.DLL!CreateDialogParamA 0000000076b45246 5 bytes JMP 00000001004409d0
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[3900] C:\windows\syswow64\user32.DLL!CreateDialogParamW 0000000076b510dc 5 bytes JMP 0000000100440a50
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[4640] C:\windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076338769 4 bytes JMP 0000000162dc86d5
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[4640] C:\windows\syswow64\ole32.dll!OleLoadFromStream 00000000764d6143 4 bytes JMP 00000001632b3057
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[4640] C:\windows\syswow64\OLEAUT32.dll!SysFreeString 00000000766d3e59 4 bytes JMP 0000000162dfa1aa
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[4640] C:\windows\syswow64\OLEAUT32.dll!VariantClear 00000000766d3eae 4 bytes JMP 0000000162e08168
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[4640] C:\windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 00000000766d4731 4 bytes JMP 0000000162e04734
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[4640] C:\windows\syswow64\OLEAUT32.dll!VariantChangeType 00000000766d5dee 4 bytes JMP 0000000162e3529f
? C:\windows\system32\mssprxy.dll [4640] entry point in ".rdata" section 00000000534171e6
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[4640] C:\Program Files (x86)\Microsoft Office\Office14\BCSProxy32.dll!ReleaseMutex + 215 0000000052b42338 4 bytes [9A, EE, 80, 4E]
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[4640] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000777b1401 2 bytes JMP 7635b1ef C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[4640] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000777b1419 2 bytes JMP 7635b31a C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[4640] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000777b1431 2 bytes JMP 763d8f09 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[4640] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000777b144a 2 bytes CALL 76334885 C:\windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[4640] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000777b14dd 2 bytes JMP 763d8802 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[4640] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000777b14f5 2 bytes JMP 763d89d8 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[4640] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000777b150d 2 bytes JMP 763d86f8 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[4640] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000777b1525 2 bytes JMP 763d8ac2 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[4640] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000777b153d 2 bytes JMP 7634fc78 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[4640] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000777b1555 2 bytes JMP 763568bf C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[4640] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000777b156d 2 bytes JMP 763d8fc1 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[4640] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000777b1585 2 bytes JMP 763d8b22 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[4640] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000777b159d 2 bytes JMP 763d86bc C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[4640] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000777b15b5 2 bytes JMP 7634fd11 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[4640] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000777b15cd 2 bytes JMP 7635b2b0 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[4640] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000777b16b2 2 bytes JMP 763d8e84 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[4640] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000777b16bd 2 bytes JMP 763d8651 C:\windows\syswow64\kernel32.dll
---- Processes - GMER 2.1 ----
Library c:\users\*******~1\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxrvfwh.dll (*** suspicious ***) @ C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Dropbox.exe [3628](2015-06-08 19:07:44) 0000000004f00000
Library C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Qt5Core.dll (*** suspicious ***) @ C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Dropbox.exe [3628] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:24) 000000006a4f0000
Library C:\Users\******* *******\AppData\Roaming\Dropbox\bin\icuin52.dll (*** suspicious ***) @ C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Dropbox.exe [3628] (ICU I18N DLL/The ICU Project)(2015-03-04 21:45:30) 000000004a900000
Library C:\Users\******* *******\AppData\Roaming\Dropbox\bin\icuuc52.dll (*** suspicious ***) @ C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Dropbox.exe [3628] (ICU Common DLL/The ICU Project)(2015-03-04 21:45:30) 0000000006000000
Library C:\Users\******* *******\AppData\Roaming\Dropbox\bin\icudt52.dll (*** suspicious ***) @ C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Dropbox.exe [3628] (ICU Data DLL/The ICU Project)(2015-03-04 21:45:30) 000000004ad00000
Library C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Dropbox.exe [3628] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:28) 0000000069f80000
Library C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Qt5Gui.dll (*** suspicious ***) @ C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Dropbox.exe [3628] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000069c90000
Library C:\Users\******* *******\AppData\Roaming\Dropbox\bin\libGLESv2.dll (*** suspicious ***) @ C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Dropbox.exe [3628](2015-03-04 21:45:30) 0000000069bd0000
Library C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Qt5Network.dll (*** suspicious ***) @ C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Dropbox.exe [3628] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 00000000699f0000
Library C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Qt5WebKit.dll (*** suspicious ***) @ C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Dropbox.exe [3628] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 00000000659b0000
Library C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Qt5Quick.dll (*** suspicious ***) @ C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Dropbox.exe [3628] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000068ed0000
Library C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Qt5Qml.dll (*** suspicious ***) @ C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Dropbox.exe [3628] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000068c70000
Library C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Qt5Sql.dll (*** suspicious ***) @ C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Dropbox.exe [3628] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 00000000699c0000
Library C:\Users\******* *******\AppData\Roaming\Dropbox\bin\libEGL.dll (*** suspicious ***) @ C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Dropbox.exe [3628](2015-03-04 21:45:30) 000000006dbd0000
Library C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Qt5WebKitWidgets.dll (*** suspicious ***) @ C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Dropbox.exe [3628] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:28) 0000000069990000
Library C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Qt5OpenGL.dll (*** suspicious ***) @ C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Dropbox.exe [3628] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000069950000
Library C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Qt5PrintSupport.dll (*** suspicious ***) @ C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Dropbox.exe [3628] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000069900000
Library C:\Users\******* *******\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll (*** suspicious ***) @ C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Dropbox.exe [3628](2015-03-04 21:45:30) 0000000068b90000
Library C:\Users\******* *******\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll (*** suspicious ***) @ C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Dropbox.exe [3628](2015-03-04 21:45:30) 0000000068720000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269ec2d88
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c44619c07852
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269ec2d88 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c44619c07852 (not active ControlSet)
---- EOF - GMER 2.1 ----
Code:
ATTFilter Die Konfiguration von Microsoft-Antischadsoftware hat sich geändert. Handelt es sich um ein unerwartetes Ereignis, müssen die Einstellungen überprüft werden, da die Änderung ggf. auf Schadsoftware zurückzuführen ist.
Alter Wert: HKLM\SOFTWARE\Microsoft\Microsoft Antimalware\SpyNet\SpyNetReportingLocation =
SOAP:https://spynet2.microsoft.com/AntiMalwareServices/2/SpynetReportSrvc.asmx
SOAP:https://spynetalt.microsoft.com/AntiMalwareServices/2/SpynetReportSrvc.asmx
REST:https://spynetalt.microsoft.com/spyNet.svc/submitReport
BOND:https://spynet2.microsoft.com/spyNet.svc/bond/submitreport
BOND:https://spynetalt.microsoft.com/spyNet.svc/bond/submitreport
REST:https://spynet2.microsoft.com/spyNet.svc/submitReport
Neuer Wert: HKLM\SOFTWARE\Microsoft\Microsoft Antimalware\SpyNet\SpyNetReportingLocation =
SOAP:https://spynet2.microsoft.com/AntiMalwareServices/2/SpynetReportSrvc.asmx
SOAP:https://spynetalt.microsoft.com/AntiMalwareServices/2/SpynetReportSrvc.asmx
REST:https://spynet2.microsoft.com/spyNet.svc/submitReport
REST:https://spynetalt.microsoft.com/spyNet.svc/submitReport
BOND:https://spynet2.microsoft.com/spyNet.svc/bond/submitreport
BOND:https://spynetalt.microsoft.com/spyNet.svc/bond/submitreport
Code:
ATTFilter Von Microsoft-Antischadsoftware wurde Schadsoftware oder andere potenziell unerwünschte Software entdeckt.
Weitere Informationen finden Sie hier:
hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Emotet.G&threatid=2147691939&enterprise=0
Name: Trojan:Win32/Emotet.G
ID: 2147691939
Schweregrad: Schwerwiegend
Kategorie: Trojaner
Pfad: file:_C:\Users\++++++++\AppData\Local\3fe82f3b963b5bcf36ee658a80c09fe7.exe
Ursprung der Erkennung: Lokaler Computer
Typ der Erkennung: Konkret
Quelle der Erkennung: Echtzeitschutz
Benutzer: Laptop
Prozessname: C:\Windows\explorer.exe
Signaturversion: AV: 1.199.1629.0, AS: 1.199.1629.0, NIS: 114.21.0.0
logfile 03.06.2015 Code:
ATTFilter Von Microsoft-Antischadsoftware wurden Maßnahmen zum Schutz des Computers vor Schadsoftware oder anderer potenziell unerwünschter Software ergriffen.
Weitere Informationen finden Sie hier:
hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Emotet.G&threatid=2147691939&enterprise=0
Name: Trojan:Win32/Emotet.G
ID: 2147691939
Schweregrad: Schwerwiegend
Kategorie: Trojaner
Pfad: file:_C:\Users\+++++++\AppData\Local\3fe82f3b963b5bcf36ee658a80c09fe7.exe;regkey:_HKCU@S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\3fe82f3b963b5bcf36ee658a80c09fe7;runkey:_HKCU@S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\3fe82f3b963b5bcf36ee658a80c09fe7
Ursprung der Erkennung: Lokaler Computer
Typ der Erkennung: Konkret
Quelle der Erkennung: Echtzeitschutz
Benutzer: NT-AUTORITÄT\SYSTEM
Prozessname: C:\Windows\explorer.exe
Aktion: Quarantäne
Aktionsstatus: Führen Sie eine vollständige Überprüfung aus, um das Entfernen von Schadsoftware und anderer potenziell unerwünschter Software abzuschließen. Informationen zu Überprüfungsoptionen finden Sie unter "Hilfe und Support".
Starten Sie den Computer neu, um das Entfernen von Schadsoftware und anderer potenziell unerwünschter Software abzuschließen.
Fehlercode: 0x00000000
Fehlerbeschreibung: Der Vorgang wurde erfolgreich beendet.
Signaturversion: AV: 1.199.1629.0, AS: 1.199.1629.0, NIS: 114.21.0.0
Modulversion: AM: 1.1.11701.0, NIS: 2.1.11502.0
Code:
ATTFilter Von Microsoft-Antischadsoftware wurde Schadsoftware oder andere potenziell unerwünschte Software entdeckt.
Weitere Informationen finden Sie hier:
hxxp://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/KipodToolsCby&threatid=2147695193&enterprise=0
Name: BrowserModifier:Win32/KipodToolsCby
ID: 2147695193
Schweregrad: Hoch
Kategorie: Browserveränderer
Pfad: clsid:_HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{066F86D8-D35A-48FB-85D6-1A203DAE80F2};clsid:_HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{0F8B624E-49E8-4597-A4A7-5348DCAADD32};clsid:_HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{108BD590-972F-4522-B436-01F29D3FF0BF};clsid:_HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{1D45275A-BC14-4895-A248-BD29203C246F};clsid:_HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{31315407-D66C-4425-A652-5BCC67B28E1C};clsid:_HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{37CFB851-58F0-4B15-9CF3-1D37DB676D77};clsid:_HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{3CE9D5BD-A8E3-4E9B-9400-CE689BA79A3E};clsid:_HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{410112FD-9BAA-47A6-8498-567207484756};clsid:_HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{4C15F2BD-08B2-4363-B81C-BF7ECD1A221A};clsid:_HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{5BE733B3-9159-4713-9274-CCF46A4C4077};clsid:_HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{6247EC17-5617-472B-8C0D-A35C8B63E47D};clsid:_HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{97F44E1A-A58A-453C-B38E-E1F6E
Ursprung der Erkennung: Lokaler Computer
Typ der Erkennung: Konkret
Quelle der Erkennung: Benutzer
Benutzer: Laptop
Prozessname: Unknown
Signaturversion: AV: 1.199.1629.0, AS: 1.199.1629.0, NIS: 114.21.0.0
Code:
ATTFilter Von Microsoft-Antischadsoftware wurde Schadsoftware oder andere potenziell unerwünschte Software entdeckt.
Weitere Informationen finden Sie hier:
hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Adware:Win32/AddLyrics&threatid=195750&enterprise=0
Name: Adware:Win32/AddLyrics
ID: 195750
Schweregrad: Hoch
Kategorie: Adware
Pfad: containerfile:_C:\Users\Simone Melcher\AppData\Local\Temp\is357113909\LyricsFinder.exe;file:_C:\Users\Simone Melcher\AppData\Local\Temp\is357113909\LyricsFinder.exe->(nsis-6-chrome.crx)->[ChromeCrxPackage]->contentscript.js;file:_C:\Users\Simone Melcher\AppData\Local\Temp\is357113909\LyricsFinder.exe->(nsis-6-lfind.dll);file:_C:\Users\+++++\AppData\Local\Temp\is357113909\LyricsFinder.exe->(nsis-6-LyricsFinderUpdater.exe);file:_C:\Users\Simone Melcher\AppData\Local\Temp\is357113909\LyricsFinder.exe->(nsis-6-main.js)
Ursprung der Erkennung: Lokaler Computer
Typ der Erkennung: Konkret
Quelle der Erkennung: Benutzer
Benutzer: Laptop
Prozessname: Unknown
Signaturversion: AV: 1.199.1629.0, AS: 1.199.1629.0, NIS: 114.21.0.0
Code:
ATTFilter Von Microsoft-Antischadsoftware wurde Schadsoftware oder andere potenziell unerwünschte Software entdeckt.
Weitere Informationen finden Sie hier:
hxxp://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Kuluoz.B&threatid=2147657460&enterprise=0
Name: TrojanDownloader:Win32/Kuluoz.B
ID: 2147657460
Schweregrad: Schwerwiegend
Kategorie: Downloadtrojaner
Pfad: containerfile:_C:\Users\******* *******\AppData\Roaming\Apple Computer\MobileSync\Backup\f2e9bfa1566755b9ffe1f783ef62f6f9d2b64c94\07ee005e3685d5456ec02e80db6c2e10f6f912ae;containerfile:_C:\Users\******* *******\AppData\Roaming\Apple Computer\MobileSync\Backup\f2e9bfa1566755b9ffe1f783ef62f6f9d2b64c94\130a6ec83c0b242c790d689faa1a876b303612e7;file:_C:\Users\******* *******\AppData\Roaming\Apple Computer\MobileSync\Backup\f2e9bfa1566755b9ffe1f783ef62f6f9d2b64c94\07ee005e3685d5456ec02e80db6c2e10f6f912ae->Postetikett_DE_#56472724.exe;file:_C:\Users\******* *******\AppData\Roaming\Apple Computer\MobileSync\Backup\f2e9bfa1566755b9ffe1f783ef62f6f9d2b64c94\130a6ec83c0b242c790d689faa1a876b303612e7->Postetikett_DE_#56472724.exe;file:_C:\Users\******* *******\AppData\Roaming\Apple Computer\MobileSync\Backup\f2e9bfa1566755b9ffe1f783ef62f6f9d2b64c94\fc5a078f1673eae9d77642d85a36c284906f3080
Ursprung der Erkennung: Lokaler Computer
Typ der Erkennung: Konkret
Quelle der Erkennung: Benutzer
Benutzer: Laptop*******\******* *******
Prozessname: Unknown
Signaturversion: AV: 1.199.1629.0, AS: 1.199.1629.0, NIS: 114.21.0.0
Modulversion: AM: 1.1.11701.0, NIS: 2.1.11502.0
Code:
ATTFilter Weitere Informationen finden Sie hier:
hxxp://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/KipodToolsCby&threatid=2147695193&enterprise=0
Name: BrowserModifier:Win32/KipodToolsCby
ID: 2147695193
Schweregrad: Hoch
Kategorie: Browserveränderer
Pfad: clsid:_HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{066F86D8-D35A-48FB-85D6-1A203DAE80F2};clsid:_HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{0F8B624E-49E8-4597-A4A7-5348DCAADD32};clsid:_HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{108BD590-972F-4522-B436-01F29D3FF0BF};clsid:_HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{1D45275A-BC14-4895-A248-BD29203C246F};clsid:_HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{31315407-D66C-4425-A652-5BCC67B28E1C};clsid:_HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{37CFB851-58F0-4B15-9CF3-1D37DB676D77};clsid:_HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{3CE9D5BD-A8E3-4E9B-9400-CE689BA79A3E};clsid:_HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{410112FD-9BAA-47A6-8498-567207484756};clsid:_HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{4C15F2BD-08B2-4363-B81C-BF7ECD1A221A};clsid:_HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{5BE733B3-9159-4713-9274-CCF46A4C4077};clsid:_HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{6247EC17-5617-472B-8C0D-A35C8B63E47D};clsid:_HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{97F44E1A-A58A-453C-B38E-E1F6E
Ursprung der Erkennung: Lokaler Computer
Typ der Erkennung: Konkret
Quelle der Erkennung: Benutzer
Benutzer: Laptop*******\******* *******
Prozessname: Unknown
Signaturversion: AV: 1.199.1629.0, AS: 1.199.1629.0, NIS: 114.21.0.0
ich sage schon mal herzlichen Dank für die Hilfe hier habe ich noch 2 Informationen mehr gefunden logfile 04.04.2015 Code:
ATTFilter Von Microsoft-Antischadsoftware wurde Schadsoftware oder andere potenziell unerwünschte Software entdeckt.
Weitere Informationen finden Sie hier:
hxxp://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/KipodToolsCby&threatid=2147695193&enterprise=0
Name: BrowserModifier:Win32/KipodToolsCby
ID: 2147695193
Schweregrad: Hoch
Kategorie: Browserveränderer
Pfad: file:_C:\Users\******* *******\AppData\Local\Temp\installhelper.dll
Ursprung der Erkennung: Lokaler Computer
Typ der Erkennung: Konkret
Quelle der Erkennung: Echtzeitschutz
Benutzer: NT-AUTORITÄT\SYSTEM
Prozessname: C:\Windows\System32\SearchProtocolHost.exe
Signaturversion: AV: 1.199.1629.0, AS: 1.199.1629.0, NIS: 114.21.0.0
Von Microsoft-Antischadsoftware wurde Schadsoftware oder andere potenziell unerwünschte Software entdeckt. Weitere Informationen finden Sie hier: BrowserModifier:Win32/KipodToolsCby Name: BrowserModifier:Win32/KipodToolsCby ID: 2147695193 Schweregrad: Hoch Kategorie: Browserveränderer Pfad: file:_C:\Program Files (x86)\Free mp3 Wma Converter\Easy Audio Cutter\AudioCutter.exe;file:_C:\Program Files (x86)\Free mp3 Wma Converter\Easy Audio Cutter\AudioCutter.exe.manifest;file:_C:\Program Files (x86)\Free mp3 Wma Converter\Easy Audio Cutter\COPYING.LGPLv2;file:_C:\Program Files (x86)\Free mp3 Wma Converter\Easy Audio Cutter\Lang\English.lng;file:_C:\Program Files (x86)\Free mp3 Wma Converter\Easy Audio Cutter\Lang\French.lng;file:_C:\Program Files (x86)\Free mp3 Wma Converter\Easy Audio Cutter\Lang\Portuguese.lng;file:_C:\Program Files (x86)\Free mp3 Wma Converter\Easy Audio Cutter\Lang\Spanish.lng;file:_C:\Program Files (x86)\Free mp3 Wma Converter\Easy Audio Cutter\license.txt;file:_C:\Program Files (x86)\Free mp3 Wma Converter\Easy Audio Cutter\NCTWMAProfiles.prx;file:_C:\Program Files (x86)\Free mp3 Wma Converter\Free CD Ripper\aspi32.exe;file:_C:\Program Files (x86)\Free mp3 Wma Converter\Free CD Ripper\COPYING.LGPLv2;file:_C:\Program Files (x86)\Free mp3 Wma Converter\Free CD Ripper\flac lice Ursprung der Erkennung: Lokaler Computer Typ der Erkennung: Konkret Quelle der Erkennung: Echtzeitschutz Benutzer: NT-AUTORITÄT\SYSTEM Prozessname: C:\Windows\System32\SearchProtocolHost.exe Signaturversion: AV: 1.199.1629.0, AS: 1.199.1629.0, NIS: 114.21.0.0 Modulversion: AM: 1.1.11701.0, NIS: 2.1.11502.0 |
|
10.06.2015, 05:32
| #3 |
| /// the machine /// TB-Ausbilder    | Windows 7 wie kann ich den DHL Trojaner vollständig entfernen hi,
__________________Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
11.06.2015, 21:32
| #4 |
| | Windows 7 wie kann ich den DHL Trojaner vollständig entfernen Hallo schrauber hier die ersten Logfiles: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org
Database version:
main: v2015.06.11.03
rootkit: v2015.06.02.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17843
Simone Melcher :: LAPTOPSIMONE [administrator]
11.06.2015 18:50:24
mbar-log-2015-06-11 (18-50-24).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 439154
Time elapsed: 1 hour(s), 42 minute(s), 13 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\Simone Melcher\AppData\Local\Temp\android\android.exe (Backdoor.Bot) -> Delete on reboot. [e9861a9f5a301b1b12eda201d52c1fe1]
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org
Database version:
main: v2015.06.11.04
rootkit: v2015.06.02.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17843
Simone Melcher :: LAPTOPSIMONE [administrator]
11.06.2015 20:46:38
mbar-log-2015-06-11 (20-46-38).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 439022
Time elapsed: 1 hour(s), 27 minute(s), 34 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
so hier nun der rest von TDSS Scan Code:
ATTFilter 22:19:34.0676 0x1588 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
22:19:47.0028 0x1588 ============================================================
22:19:47.0028 0x1588 Current date / time: 2015/06/11 22:19:47.0028
22:19:47.0028 0x1588 SystemInfo:
22:19:47.0028 0x1588
22:19:47.0028 0x1588 OS Version: 6.1.7601 ServicePack: 1.0
22:19:47.0028 0x1588 Product type: Workstation
22:19:47.0028 0x1588 ComputerName: LAPTOPSIMONE
22:19:47.0028 0x1588 UserName: Simone Melcher
22:19:47.0028 0x1588 Windows directory: C:\windows
22:19:47.0028 0x1588 System windows directory: C:\windows
22:19:47.0028 0x1588 Running under WOW64
22:19:47.0028 0x1588 Processor architecture: Intel x64
22:19:47.0028 0x1588 Number of processors: 4
22:19:47.0028 0x1588 Page size: 0x1000
22:19:47.0028 0x1588 Boot type: Normal boot
22:19:47.0028 0x1588 ============================================================
22:19:47.0438 0x1588 KLMD registered as C:\windows\system32\drivers\55487027.sys
22:19:48.0128 0x1588 System UUID: {D1560C40-B450-2B1B-F8EC-99EF7A7011C5}
22:19:49.0478 0x1588 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 ( 596.17 Gb ), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:19:49.0488 0x1588 ============================================================
22:19:49.0488 0x1588 \Device\Harddisk0\DR0:
22:19:49.0488 0x1588 MBR partitions:
22:19:49.0488 0x1588 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
22:19:49.0488 0x1588 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x45073000
22:19:49.0508 0x1588 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x450D8000, BlocksNum 0x39FD800
22:19:49.0508 0x1588 ============================================================
22:19:49.0589 0x1588 C: <-> \Device\Harddisk0\DR0\Partition2
22:19:49.0789 0x1588 D: <-> \Device\Harddisk0\DR0\Partition3
22:19:49.0839 0x1588 ============================================================
Code:
ATTFilter 22:19:49.0839 0x1588 Initialize success
22:19:49.0839 0x1588 ============================================================
22:19:58.0431 0x16f4 ============================================================
22:19:58.0431 0x16f4 Scan started
22:19:58.0431 0x16f4 Mode: Manual;
22:19:58.0431 0x16f4 ============================================================
22:19:58.0431 0x16f4 KSN ping started
22:20:01.0301 0x16f4 KSN ping finished: true
22:20:01.0861 0x16f4 ================ Scan system memory ========================
22:20:01.0861 0x16f4 System memory - ok
22:20:01.0861 0x16f4 ================ Scan services =============================
22:20:02.0141 0x16f4 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\windows\system32\DRIVERS\1394ohci.sys
22:20:02.0151 0x16f4 1394ohci - ok
22:20:02.0211 0x16f4 [ E0A8525A951ADDB4655BC2068566407D, 7C08B9DB7C281422FD64219DF81B7064CE16EA53CF00EB1FC33CB0741CE6605F ] 61883 C:\windows\system32\DRIVERS\61883.sys
22:20:02.0221 0x16f4 61883 - ok
22:20:02.0251 0x16f4 [ A3769020F7E8A70FD3E824C050F33306, BAAB18DD28C753EC90E9552BD5FFC316AD8815505A7998BCE51D21448B373D86 ] acedrv11 C:\windows\system32\drivers\acedrv11.sys
22:20:04.0012 0x16f4 acedrv11 - ok
22:20:04.0082 0x16f4 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\windows\system32\drivers\ACPI.sys
22:20:04.0092 0x16f4 ACPI - ok
22:20:04.0122 0x16f4 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
22:20:04.0122 0x16f4 AcpiPmi - ok
22:20:04.0162 0x16f4 [ DC201246A14CB3B274DF59FAF539AB07, D4DAED256E9EDD5ADD7384E9FD9F8DC2B1029543BC894367B582BA7119FABD94 ] ACPIVPC C:\windows\system32\DRIVERS\AcpiVpc.sys
22:20:04.0162 0x16f4 ACPIVPC - ok
22:20:04.0292 0x16f4 [ 00CC35F515079F5F94FABC3AC5C7D363, 7CE8B1715009602059DEDD6CBCA9C18EF079EDA344E7809813D6C0A395622B82 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:20:04.0302 0x16f4 AdobeFlashPlayerUpdateSvc - ok
22:20:04.0352 0x16f4 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
22:20:04.0382 0x16f4 adp94xx - ok
22:20:04.0462 0x16f4 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
22:20:04.0482 0x16f4 adpahci - ok
22:20:04.0573 0x16f4 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
22:20:04.0583 0x16f4 adpu320 - ok
22:20:04.0643 0x16f4 [ 83BFCCAC53795E8A5055A93672D0C46C, B2B03473D950A5BA9DE59D81E7B14C1FAFF17B2A4D8A5808588F5CC21D63B291 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
22:20:04.0643 0x16f4 AeLookupSvc - ok
22:20:04.0693 0x16f4 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\windows\system32\drivers\afd.sys
22:20:04.0723 0x16f4 AFD - ok
22:20:04.0783 0x16f4 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\windows\system32\drivers\agp440.sys
22:20:04.0783 0x16f4 agp440 - ok
22:20:04.0813 0x16f4 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\windows\System32\alg.exe
22:20:04.0823 0x16f4 ALG - ok
22:20:04.0843 0x16f4 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\windows\system32\drivers\aliide.sys
22:20:04.0843 0x16f4 aliide - ok
22:20:04.0873 0x16f4 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\windows\system32\drivers\amdide.sys
22:20:04.0873 0x16f4 amdide - ok
22:20:04.0893 0x16f4 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
22:20:04.0903 0x16f4 AmdK8 - ok
22:20:04.0913 0x16f4 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
22:20:04.0913 0x16f4 AmdPPM - ok
22:20:04.0983 0x16f4 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\windows\system32\drivers\amdsata.sys
22:20:04.0993 0x16f4 amdsata - ok
22:20:05.0013 0x16f4 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
22:20:05.0023 0x16f4 amdsbs - ok
22:20:05.0043 0x16f4 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\windows\system32\drivers\amdxata.sys
22:20:05.0043 0x16f4 amdxata - ok
22:20:05.0073 0x16f4 [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID C:\windows\system32\drivers\appid.sys
22:20:05.0083 0x16f4 AppID - ok
22:20:05.0093 0x16f4 [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc C:\windows\System32\appidsvc.dll
22:20:05.0103 0x16f4 AppIDSvc - ok
22:20:05.0133 0x16f4 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\windows\System32\appinfo.dll
22:20:05.0133 0x16f4 Appinfo - ok
22:20:05.0233 0x16f4 [ 650D03E40F93FAE323CB841F80368E5C, F67B97CFDCE2EE9294977725268EFDB0DD724BD16E7ED5BFCA45375AA8EBA5BB ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:20:05.0233 0x16f4 Apple Mobile Device - ok
22:20:05.0263 0x16f4 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\windows\system32\DRIVERS\arc.sys
22:20:05.0273 0x16f4 arc - ok
22:20:05.0283 0x16f4 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
22:20:05.0293 0x16f4 arcsas - ok
22:20:06.0063 0x16f4 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:20:06.0123 0x16f4 aspnet_state - ok
22:20:06.0143 0x16f4 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
22:20:06.0143 0x16f4 AsyncMac - ok
22:20:06.0173 0x16f4 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\windows\system32\drivers\atapi.sys
22:20:06.0173 0x16f4 atapi - ok
22:20:06.0613 0x16f4 [ D6CAD7E5B05055BB8226BDCB1644DA27, 053DBE95BE044C2674825561619A188660865AFCC4FD3C1D1E4F08972F5CC8DF ] athr C:\windows\system32\DRIVERS\athrx.sys
22:20:06.0703 0x16f4 athr - ok
22:20:06.0823 0x16f4 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
22:20:06.0863 0x16f4 AudioEndpointBuilder - ok
22:20:06.0893 0x16f4 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv C:\windows\System32\Audiosrv.dll
22:20:06.0923 0x16f4 AudioSrv - ok
22:20:06.0983 0x16f4 [ 16FABE84916623D0607E4A975544032C, 9D960CAE27B1769ED5B024C0A3375912432521C73C1F59E21111596A7981BDC3 ] Avc C:\windows\system32\DRIVERS\avc.sys
22:20:06.0983 0x16f4 Avc - ok
22:20:07.0023 0x16f4 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\windows\System32\AxInstSV.dll
22:20:07.0033 0x16f4 AxInstSV - ok
22:20:07.0083 0x16f4 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
22:20:07.0123 0x16f4 b06bdrv - ok
22:20:07.0143 0x16f4 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
22:20:07.0163 0x16f4 b57nd60a - ok
22:20:07.0213 0x16f4 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\windows\System32\bdesvc.dll
22:20:07.0223 0x16f4 BDESVC - ok
22:20:07.0233 0x16f4 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\windows\system32\drivers\Beep.sys
22:20:07.0233 0x16f4 Beep - ok
22:20:07.0293 0x16f4 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\windows\System32\bfe.dll
22:20:07.0343 0x16f4 BFE - ok
22:20:07.0423 0x16f4 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\windows\System32\qmgr.dll
22:20:07.0503 0x16f4 BITS - ok
22:20:07.0523 0x16f4 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
22:20:07.0523 0x16f4 blbdrive - ok
22:20:07.0643 0x16f4 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:20:07.0663 0x16f4 Bonjour Service - ok
22:20:07.0703 0x16f4 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\windows\system32\DRIVERS\bowser.sys
22:20:07.0703 0x16f4 bowser - ok
22:20:07.0723 0x16f4 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
22:20:07.0733 0x16f4 BrFiltLo - ok
22:20:07.0743 0x16f4 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
22:20:07.0753 0x16f4 BrFiltUp - ok
22:20:07.0773 0x16f4 [ 34F786535F9245E4028C57B28248C9D8, 95CB2B765BF4388A9204A8A974DCFF431CBC26E7274937386720514FF23871CB ] Bridge0 C:\windows\system32\drivers\WDBridge.sys
22:20:07.0783 0x16f4 Bridge0 - ok
22:20:07.0813 0x16f4 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\windows\System32\browser.dll
22:20:07.0823 0x16f4 Browser - ok
22:20:07.0863 0x16f4 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\windows\system32\DRIVERS\BrSerId.sys
22:20:07.0873 0x16f4 Brserid - ok
22:20:07.0893 0x16f4 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
22:20:07.0893 0x16f4 BrSerWdm - ok
22:20:07.0913 0x16f4 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
22:20:07.0913 0x16f4 BrUsbMdm - ok
22:20:07.0923 0x16f4 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\windows\system32\DRIVERS\BrUsbSer.sys
22:20:07.0923 0x16f4 BrUsbSer - ok
22:20:07.0953 0x16f4 [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
22:20:07.0963 0x16f4 BthEnum - ok
22:20:07.0983 0x16f4 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
22:20:07.0983 0x16f4 BTHMODEM - ok
22:20:08.0003 0x16f4 [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
22:20:08.0013 0x16f4 BthPan - ok
22:20:08.0073 0x16f4 [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
22:20:08.0103 0x16f4 BTHPORT - ok
22:20:08.0123 0x16f4 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\windows\system32\bthserv.dll
22:20:08.0133 0x16f4 bthserv - ok
22:20:08.0163 0x16f4 [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
22:20:08.0173 0x16f4 BTHUSB - ok
22:20:08.0213 0x16f4 [ 6E04458E98DAF28826482E41A7A62DF5, 995B371E7384CC05D3A0B462B31A3EA56D8715A93D15B45DB3A78C7F7CF13A40 ] btusbflt C:\windows\system32\drivers\btusbflt.sys
22:20:08.0213 0x16f4 btusbflt - ok
22:20:08.0243 0x16f4 [ 6BCFDC2B5B7F66D484486D4BD4B39A6B, 2A2039DD524E989EA91B7C91D5F295C663D1E27ABD64777D2F3137EB1C42C258 ] btwaudio C:\windows\system32\drivers\btwaudio.sys
22:20:08.0243 0x16f4 btwaudio - ok
22:20:08.0263 0x16f4 [ 82DC8B7C626E526681C1BEBED2BC3FF9, 58260E88CDD7388ABA563F9B8F2F3FA17022DB9E4C56EBA0761E99B919A8EAF8 ] btwavdt C:\windows\system32\drivers\btwavdt.sys
22:20:08.0273 0x16f4 btwavdt - ok
22:20:08.0333 0x16f4 [ C73EB036BFC5A27B9CB87B29F7ED88C3, ED303B500F24C7F647400F5377B20CB92567B1771F0947B500C61907292495F7 ] btwdins C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
22:20:08.0373 0x16f4 btwdins - ok
22:20:08.0403 0x16f4 [ 6149301DC3F81D6F9667A3FBAC410975, 120E201AFB07054C7F6321461D194843C695012431DBD791E36BBF73FDD41E8A ] btwl2cap C:\windows\system32\DRIVERS\btwl2cap.sys
22:20:08.0403 0x16f4 btwl2cap - ok
22:20:08.0413 0x16f4 [ 28E105AD3B79F440BF94780F507BF66A, EF4E6CCAB16765E2C88666625C13CB3299B668159A94CB201E3B44701A30640A ] btwrchid C:\windows\system32\DRIVERS\btwrchid.sys
22:20:08.0413 0x16f4 btwrchid - ok
22:20:08.0433 0x16f4 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
22:20:08.0443 0x16f4 cdfs - ok
22:20:08.0473 0x16f4 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\windows\system32\drivers\cdrom.sys
22:20:08.0473 0x16f4 cdrom - ok
22:20:08.0513 0x16f4 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\windows\System32\certprop.dll
22:20:08.0543 0x16f4 CertPropSvc - ok
22:20:08.0583 0x16f4 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\windows\system32\DRIVERS\circlass.sys
22:20:08.0583 0x16f4 circlass - ok
22:20:08.0623 0x16f4 [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS C:\windows\system32\CLFS.sys
22:20:08.0653 0x16f4 CLFS - ok
22:20:08.0783 0x16f4 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:20:08.0803 0x16f4 clr_optimization_v2.0.50727_32 - ok
22:20:08.0843 0x16f4 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:20:08.0853 0x16f4 clr_optimization_v2.0.50727_64 - ok
22:20:08.0933 0x16f4 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:20:08.0933 0x16f4 clr_optimization_v4.0.30319_32 - ok
22:20:08.0963 0x16f4 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:20:09.0023 0x16f4 clr_optimization_v4.0.30319_64 - ok
22:20:09.0043 0x16f4 [ 50F92C943F18B070F166D019DFAB3D9A, A997EAFFC1598B1D0A9E1A4475F25418CA8AA6B703B53A71B1AF028E247C9950 ] clwvd C:\windows\system32\DRIVERS\clwvd.sys
22:20:09.0043 0x16f4 clwvd - ok
22:20:09.0073 0x16f4 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
22:20:09.0073 0x16f4 CmBatt - ok
22:20:09.0103 0x16f4 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\windows\system32\drivers\cmdide.sys
22:20:09.0113 0x16f4 cmdide - ok
22:20:09.0183 0x16f4 [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG C:\windows\system32\Drivers\cng.sys
22:20:09.0223 0x16f4 CNG - ok
22:20:09.0363 0x16f4 [ 7247A4D0875F5F28919E0787E11B7B57, 9F79077619E626A8DAE74D9EF819BF1D061455CBCAD23C491EC595A2F6C21DED ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys
22:20:09.0403 0x16f4 CnxtHdAudService - ok
22:20:09.0433 0x16f4 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
22:20:09.0433 0x16f4 Compbatt - ok
22:20:09.0473 0x16f4 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
22:20:09.0483 0x16f4 CompositeBus - ok
22:20:09.0483 0x16f4 COMSysApp - ok
22:20:09.0513 0x16f4 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
22:20:09.0513 0x16f4 crcdisk - ok
22:20:09.0553 0x16f4 [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc C:\windows\system32\cryptsvc.dll
22:20:09.0563 0x16f4 CryptSvc - ok
22:20:09.0743 0x16f4 [ BD989CFC6E296373A7EA59514E17A199, 2259B966B8780B08EF6B8E27039C8125D5A751E3C01AB92F20E77F5467B40DEC ] DBService C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe
22:20:09.0893 0x16f4 DBService - ok
22:20:10.0003 0x16f4 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\windows\system32\rpcss.dll
22:20:10.0023 0x16f4 DcomLaunch - ok
22:20:10.0063 0x16f4 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\windows\System32\defragsvc.dll
22:20:10.0083 0x16f4 defragsvc - ok
22:20:10.0113 0x16f4 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\windows\system32\Drivers\dfsc.sys
22:20:10.0123 0x16f4 DfsC - ok
22:20:10.0163 0x16f4 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\windows\system32\dhcpcore.dll
22:20:10.0183 0x16f4 Dhcp - ok
22:20:10.0623 0x16f4 [ AA5319FA8602676B5D3A2B4A1355896D, 57532E16FF0DDE3D62B6B6DC35E2598DD453140E9277247965A1E835645E588A ] DiagTrack C:\windows\system32\diagtrack.dll
22:20:10.0703 0x16f4 DiagTrack - ok
22:20:10.0783 0x16f4 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\windows\system32\drivers\discache.sys
22:20:10.0783 0x16f4 discache - ok
22:20:10.0823 0x16f4 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\windows\system32\DRIVERS\disk.sys
22:20:10.0823 0x16f4 Disk - ok
22:20:10.0873 0x16f4 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\windows\System32\dnsrslvr.dll
22:20:10.0893 0x16f4 Dnscache - ok
22:20:10.0943 0x16f4 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\windows\System32\dot3svc.dll
22:20:10.0953 0x16f4 dot3svc - ok
22:20:10.0983 0x16f4 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\windows\system32\dps.dll
22:20:10.0983 0x16f4 DPS - ok
22:20:11.0023 0x16f4 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
22:20:11.0023 0x16f4 drmkaud - ok
22:20:11.0133 0x16f4 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
22:20:11.0193 0x16f4 DXGKrnl - ok
22:20:11.0243 0x16f4 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\windows\System32\eapsvc.dll
22:20:11.0243 0x16f4 EapHost - ok
22:20:11.0483 0x16f4 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
22:20:11.0643 0x16f4 ebdrv - ok
22:20:11.0713 0x16f4 [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] EFS C:\windows\System32\lsass.exe
22:20:11.0713 0x16f4 EFS - ok
22:20:11.0833 0x16f4 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\windows\ehome\ehRecvr.exe
22:20:11.0863 0x16f4 ehRecvr - ok
22:20:11.0903 0x16f4 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\windows\ehome\ehsched.exe
22:20:11.0903 0x16f4 ehSched - ok
22:20:11.0963 0x16f4 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
22:20:11.0993 0x16f4 elxstor - ok
22:20:12.0023 0x16f4 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\windows\system32\drivers\errdev.sys
22:20:12.0023 0x16f4 ErrDev - ok
22:20:12.0073 0x16f4 [ FB558CEBEA17A6B63205985DFF39E662, D62375B81E76A48B4BCF747384B650D17773CF03C4FA2EF7D5FA88A763C655C0 ] ETD C:\windows\system32\DRIVERS\ETD.sys
22:20:12.0083 0x16f4 ETD - ok
22:20:12.0143 0x16f4 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\windows\system32\es.dll
22:20:12.0163 0x16f4 EventSystem - ok
22:20:12.0233 0x16f4 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\windows\system32\drivers\exfat.sys
22:20:12.0243 0x16f4 exfat - ok
22:20:12.0263 0x16f4 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\windows\system32\drivers\fastfat.sys
22:20:12.0273 0x16f4 fastfat - ok
22:20:12.0333 0x16f4 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\windows\system32\fxssvc.exe
22:20:12.0403 0x16f4 Fax - ok
22:20:12.0453 0x16f4 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\windows\system32\DRIVERS\fdc.sys
22:20:12.0453 0x16f4 fdc - ok
22:20:12.0543 0x16f4 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\windows\system32\fdPHost.dll
22:20:12.0543 0x16f4 fdPHost - ok
22:20:12.0633 0x16f4 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\windows\system32\fdrespub.dll
22:20:12.0633 0x16f4 FDResPub - ok
22:20:12.0653 0x16f4 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\windows\system32\drivers\fileinfo.sys
22:20:12.0653 0x16f4 FileInfo - ok
22:20:12.0673 0x16f4 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\windows\system32\drivers\filetrace.sys
22:20:12.0683 0x16f4 Filetrace - ok
22:20:13.0323 0x16f4 [ 167D24A045499EBEF438F231976158DF, 237F1495BA79D9082D6B383FE9AC5C6154A6F76F181000401F5790236EB57301 ] FirebirdServerMAGIXInstance C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe
22:20:13.0413 0x16f4 FirebirdServerMAGIXInstance - ok
22:20:13.0483 0x16f4 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
22:20:13.0483 0x16f4 flpydisk - ok
22:20:13.0673 0x16f4 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
22:20:13.0683 0x16f4 FltMgr - ok
22:20:13.0843 0x16f4 [ E612E86FA15EA1EF9A52433A2743C447, 8A66164541D2EE2334B6DE3995C31138EA85E3A06BC7FD901E60D345E4E1E8A8 ] FontCache C:\windows\system32\FntCache.dll
22:20:13.0903 0x16f4 FontCache - ok
22:20:14.0003 0x16f4 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:20:14.0003 0x16f4 FontCache3.0.0.0 - ok
22:20:14.0143 0x16f4 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\windows\system32\drivers\FsDepends.sys
22:20:14.0143 0x16f4 FsDepends - ok
22:20:14.0303 0x16f4 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
22:20:14.0303 0x16f4 Fs_Rec - ok
22:20:14.0523 0x16f4 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
22:20:14.0633 0x16f4 fvevol - ok
22:20:14.0753 0x16f4 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
22:20:14.0763 0x16f4 gagp30kx - ok
22:20:14.0833 0x16f4 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
22:20:14.0833 0x16f4 GEARAspiWDM - ok
22:20:15.0173 0x16f4 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\windows\System32\gpsvc.dll
22:20:15.0223 0x16f4 gpsvc - ok
22:20:15.0413 0x16f4 [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:20:15.0423 0x16f4 gupdate - ok
22:20:15.0433 0x16f4 [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:20:15.0433 0x16f4 gupdatem - ok
22:20:15.0683 0x16f4 [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
22:20:15.0693 0x16f4 gusvc - ok
22:20:15.0753 0x16f4 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
22:20:15.0753 0x16f4 hcw85cir - ok
22:20:15.0813 0x16f4 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
22:20:15.0823 0x16f4 HdAudAddService - ok
22:20:15.0883 0x16f4 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
22:20:15.0883 0x16f4 HDAudBus - ok
22:20:16.0003 0x16f4 [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64 C:\windows\system32\DRIVERS\HECIx64.sys
22:20:16.0003 0x16f4 HECIx64 - ok
22:20:16.0103 0x16f4 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
22:20:16.0103 0x16f4 HidBatt - ok
22:20:16.0153 0x16f4 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
22:20:16.0153 0x16f4 HidBth - ok
22:20:16.0243 0x16f4 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\windows\system32\DRIVERS\hidir.sys
22:20:16.0243 0x16f4 HidIr - ok
22:20:16.0323 0x16f4 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\windows\system32\hidserv.dll
22:20:16.0323 0x16f4 hidserv - ok
22:20:16.0403 0x16f4 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
22:20:16.0413 0x16f4 HidUsb - ok
22:20:16.0463 0x16f4 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\windows\system32\kmsvc.dll
22:20:16.0473 0x16f4 hkmsvc - ok
22:20:16.0583 0x16f4 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\windows\system32\ListSvc.dll
22:20:16.0603 0x16f4 HomeGroupListener - ok
22:20:16.0703 0x16f4 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\windows\system32\provsvc.dll
22:20:16.0713 0x16f4 HomeGroupProvider - ok
22:20:16.0793 0x16f4 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
22:20:16.0793 0x16f4 HpSAMD - ok
22:20:16.0903 0x16f4 [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP C:\windows\system32\drivers\HTTP.sys
22:20:16.0973 0x16f4 HTTP - ok
22:20:17.0053 0x16f4 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
22:20:17.0053 0x16f4 hwpolicy - ok
22:20:17.0113 0x16f4 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\windows\system32\drivers\i8042prt.sys
22:20:17.0123 0x16f4 i8042prt - ok
22:20:17.0423 0x16f4 [ ABBF174CB394F5C437410A788B7E404A, 95554F675329E7062F0936E4E902FEFF2456CAD95D6C9B60DCC213EF6E4C62D8 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
22:20:17.0443 0x16f4 iaStor - ok
22:20:17.0643 0x16f4 [ 31A0E93CDF29007D6C6FFFB632F375ED, CA464928E9868B9A09C324DBBC8DA41A01C5C486B43578FC695250D523DE555B ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
22:20:17.0643 0x16f4 IAStorDataMgrSvc - ok
22:20:17.0863 0x16f4 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
22:20:17.0913 0x16f4 iaStorV - ok
22:20:18.0323 0x16f4 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:20:18.0443 0x16f4 idsvc - ok
22:20:18.0453 0x16f4 IEEtwCollectorService - ok
22:20:18.0643 0x16f4 IePluginService - ok
22:20:19.0053 0x16f4 [ A87261EF1546325B559374F5689CF5BC, 8DE48A8A13A32AAAC54CDDF58F3F61BE3E2802C1D9CA1CA98E57EB0D65FB6002 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
22:20:19.0393 0x16f4 igfx - ok
22:20:19.0664 0x16f4 [ D951D20153E51928F9DB2227D6FF5C7A, 8D49F3D85452C65D5188C9516E89631E718A07E34176CF6FA0B1E02D8C18ABDB ] IGRS C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe
22:20:19.0664 0x16f4 IGRS - ok
22:20:19.0724 0x16f4 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
22:20:19.0724 0x16f4 iirsp - ok
22:20:19.0784 0x16f4 [ EDCCC8C13B1EB882F77BA0ABB84566E7, DB299C1D2CFC197CF2FE69358F5EEDE94DCC4C919AF5D2CDFFF0DE476612C988 ] IJPLMSVC C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
22:20:19.0794 0x16f4 IJPLMSVC - ok
22:20:20.0034 0x16f4 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\windows\System32\ikeext.dll
22:20:20.0114 0x16f4 IKEEXT - ok
22:20:20.0164 0x16f4 [ DD587A55390ED2295BCE6D36AD567DA9, AEB7DCB8EF89BEE8D9649A05FC482B1E4E3F44243D57A2577C862EB69166C48E ] Impcd C:\windows\system32\DRIVERS\Impcd.sys
22:20:20.0174 0x16f4 Impcd - ok
22:20:20.0234 0x16f4 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\windows\system32\drivers\intelide.sys
22:20:20.0244 0x16f4 intelide - ok
22:20:20.0264 0x16f4 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
22:20:20.0274 0x16f4 intelppm - ok
22:20:20.0324 0x16f4 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\windows\system32\ipbusenum.dll
22:20:20.0324 0x16f4 IPBusEnum - ok
Code:
ATTFilter 22:20:20.0354 0x16f4 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
22:20:20.0354 0x16f4 IpFilterDriver - ok
22:20:20.0414 0x16f4 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\windows\System32\iphlpsvc.dll
22:20:20.0444 0x16f4 iphlpsvc - ok
22:20:20.0504 0x16f4 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
22:20:20.0514 0x16f4 IPMIDRV - ok
22:20:20.0544 0x16f4 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\windows\system32\drivers\ipnat.sys
22:20:20.0544 0x16f4 IPNAT - ok
22:20:20.0644 0x16f4 [ 7FAE5B6CDB18B0B2E81F32869F595022, D873A7EE94749E1700E8F6B8BB7B485AE1B0B83388D63BE06335720498D4794F ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
22:20:20.0714 0x16f4 iPod Service - ok
22:20:20.0794 0x16f4 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\windows\system32\drivers\irenum.sys
22:20:20.0794 0x16f4 IRENUM - ok
22:20:20.0824 0x16f4 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\windows\system32\drivers\isapnp.sys
22:20:20.0824 0x16f4 isapnp - ok
22:20:20.0864 0x16f4 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
22:20:20.0874 0x16f4 iScsiPrt - ok
22:20:20.0964 0x16f4 [ 7DBAFE10C1B777305C80BEA42FBDA710, 768638FAD1FF94F2C15E2F1558F9A03730195B041CCBBC82241EC1F92CD7D46F ] k57nd60a C:\windows\system32\DRIVERS\k57nd60a.sys
22:20:20.0974 0x16f4 k57nd60a - ok
22:20:21.0004 0x16f4 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\windows\system32\drivers\kbdclass.sys
22:20:21.0014 0x16f4 kbdclass - ok
22:20:21.0054 0x16f4 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
22:20:21.0054 0x16f4 kbdhid - ok
22:20:21.0114 0x16f4 [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] KeyIso C:\windows\system32\lsass.exe
22:20:21.0114 0x16f4 KeyIso - ok
22:20:21.0144 0x16f4 [ BF69D973523D539A35807946C6DA7E16, 38F2C59B0857131961DBEA48C4A5DFA9BE7B564941935086B8DC8DBEF896F3EC ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
22:20:21.0154 0x16f4 KSecDD - ok
22:20:21.0184 0x16f4 [ 272C27711C8AA6E7815EE33F8ACA9C66, 0A5A10A7A3E87DB92E06395A6676B94FE8B7AD6704864075D443CDC9BABDB4DF ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
22:20:21.0194 0x16f4 KSecPkg - ok
22:20:21.0254 0x16f4 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\windows\system32\drivers\ksthunk.sys
22:20:21.0254 0x16f4 ksthunk - ok
22:20:21.0304 0x16f4 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\windows\system32\msdtckrm.dll
22:20:21.0324 0x16f4 KtmRm - ok
22:20:21.0394 0x16f4 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\windows\system32\srvsvc.dll
22:20:21.0404 0x16f4 LanmanServer - ok
22:20:21.0464 0x16f4 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
22:20:21.0474 0x16f4 LanmanWorkstation - ok
22:20:21.0704 0x16f4 [ 7FCB3EC66361F157BCD5B5C33CE2AC16, F4A96124AE0B4BEB1B7A8F7865B9FE474DD87B9C409681A2DDFAA3AADE562B13 ] Lenovo ReadyComm AppSvc C:\Program Files\Lenovo\ReadyComm\AppSvc.exe
22:20:21.0734 0x16f4 Lenovo ReadyComm AppSvc - ok
22:20:21.0824 0x16f4 [ 5287074E79E4BA82510886F684DC5F72, 76C884617FBDEBEE61B33997CA93C2A2B9B902692B84E2D897E56C54833CFD1E ] Lenovo ReadyComm ConnSvc C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe
22:20:21.0894 0x16f4 Lenovo ReadyComm ConnSvc - ok
22:20:21.0924 0x16f4 [ BE166935083F9C38EDFDC21B9A7A679B, 89C64DBE58E1B974208AAAA5CC757C599B1439C205C3C48BF16BA054A06DBC94 ] LHDmgr C:\windows\system32\DRIVERS\LhdX64.sys
22:20:21.0934 0x16f4 LHDmgr - ok
22:20:21.0994 0x16f4 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
22:20:22.0004 0x16f4 lltdio - ok
22:20:22.0064 0x16f4 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\windows\System32\lltdsvc.dll
22:20:22.0094 0x16f4 lltdsvc - ok
22:20:22.0134 0x16f4 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\windows\System32\lmhsvc.dll
22:20:22.0134 0x16f4 lmhosts - ok
22:20:22.0244 0x16f4 [ 1E2F802846EB944E0333EFEE7C9532A8, 86EB59BF238E3DB8AF9E379B0BAE5AEC734C15598E665062B2E19C0A58BEF783 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
22:20:22.0254 0x16f4 LMS - ok
22:20:22.0314 0x16f4 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
22:20:22.0314 0x16f4 LSI_FC - ok
22:20:22.0374 0x16f4 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
22:20:22.0374 0x16f4 LSI_SAS - ok
22:20:22.0414 0x16f4 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
22:20:22.0414 0x16f4 LSI_SAS2 - ok
22:20:22.0434 0x16f4 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
22:20:22.0434 0x16f4 LSI_SCSI - ok
22:20:22.0474 0x16f4 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\windows\system32\drivers\luafv.sys
22:20:22.0484 0x16f4 luafv - ok
22:20:22.0625 0x16f4 [ 0307CF4184F4F22DB75F36ACCCEF7ED1, 32EAC5DADDD70175EA7AD4FC0A8624BECB138B9ED9E66AF74AC4A06EEB3EB4B7 ] mbamchameleon C:\windows\system32\drivers\mbamchameleon.sys
22:20:22.0635 0x16f4 mbamchameleon - ok
22:20:22.0685 0x16f4 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
22:20:22.0685 0x16f4 Mcx2Svc - ok
22:20:22.0735 0x16f4 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\windows\system32\DRIVERS\megasas.sys
22:20:22.0735 0x16f4 megasas - ok
22:20:22.0775 0x16f4 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
22:20:22.0795 0x16f4 MegaSR - ok
22:20:22.0865 0x16f4 Microsoft SharePoint Workspace Audit Service - ok
22:20:22.0915 0x16f4 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\windows\system32\mmcss.dll
22:20:22.0925 0x16f4 MMCSS - ok
22:20:22.0935 0x16f4 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\windows\system32\drivers\modem.sys
22:20:22.0935 0x16f4 Modem - ok
22:20:22.0975 0x16f4 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\windows\system32\DRIVERS\monitor.sys
22:20:22.0975 0x16f4 monitor - ok
22:20:23.0015 0x16f4 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
22:20:23.0025 0x16f4 mouclass - ok
22:20:23.0035 0x16f4 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
22:20:23.0035 0x16f4 mouhid - ok
22:20:23.0075 0x16f4 [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr C:\windows\system32\drivers\mountmgr.sys
22:20:23.0085 0x16f4 mountmgr - ok
22:20:23.0145 0x16f4 [ DD370A8148862150BA81A3F5C56A1E40, F56B84297BDC32266CB69D10FB2D66B8B332D60CAB7E64E4E3AC2BB749BBD31B ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:20:23.0155 0x16f4 MozillaMaintenance - ok
22:20:23.0245 0x16f4 [ 73150F67D20270FF95A021A22E64F28A, A8878DEFBE437FB453F8E9243FB5C787D07AC7415A4475388D479C10417C524F ] MpFilter C:\windows\system32\DRIVERS\MpFilter.sys
22:20:23.0255 0x16f4 MpFilter - ok
22:20:23.0344 0x16f4 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\windows\system32\drivers\mpio.sys
22:20:23.0352 0x16f4 mpio - ok
22:20:23.0414 0x16f4 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
22:20:23.0418 0x16f4 mpsdrv - ok
22:20:23.0488 0x16f4 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\windows\system32\mpssvc.dll
22:20:23.0568 0x16f4 MpsSvc - ok
22:20:23.0653 0x16f4 [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
22:20:23.0660 0x16f4 MRxDAV - ok
22:20:23.0696 0x16f4 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
22:20:23.0704 0x16f4 mrxsmb - ok
22:20:23.0779 0x16f4 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
22:20:23.0803 0x16f4 mrxsmb10 - ok
22:20:23.0820 0x16f4 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
22:20:23.0826 0x16f4 mrxsmb20 - ok
22:20:23.0848 0x16f4 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\windows\system32\drivers\msahci.sys
22:20:23.0850 0x16f4 msahci - ok
22:20:23.0878 0x16f4 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\windows\system32\drivers\msdsm.sys
22:20:23.0885 0x16f4 msdsm - ok
22:20:23.0912 0x16f4 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\windows\System32\msdtc.exe
22:20:23.0921 0x16f4 MSDTC - ok
22:20:23.0994 0x16f4 [ 72949A24D37A20A54B3D4D3DADBB55E9, 580B59EF2DFA4F6EE27BA37904F0705CBCD74F9B07D2D795093C045F94AE6DB5 ] MSDV C:\windows\system32\DRIVERS\msdv.sys
22:20:23.0997 0x16f4 MSDV - ok
22:20:24.0029 0x16f4 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\windows\system32\drivers\Msfs.sys
22:20:24.0032 0x16f4 Msfs - ok
22:20:24.0042 0x16f4 MsgPlusDriver - ok
22:20:24.0061 0x16f4 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
22:20:24.0063 0x16f4 mshidkmdf - ok
22:20:24.0096 0x16f4 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\windows\system32\drivers\msisadrv.sys
22:20:24.0098 0x16f4 msisadrv - ok
22:20:24.0176 0x16f4 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\windows\system32\iscsiexe.dll
22:20:24.0185 0x16f4 MSiSCSI - ok
22:20:24.0196 0x16f4 msiserver - ok
22:20:24.0231 0x16f4 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
22:20:24.0233 0x16f4 MSKSSRV - ok
22:20:24.0279 0x16f4 [ CE996C1821021ADF8E28E80A54E846A8, 99042E895B6C2EA80F3BA65563A12C8EBA882E3AD6A21DD8E799B0112C75DDD2 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
22:20:24.0281 0x16f4 MsMpSvc - ok
22:20:24.0295 0x16f4 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
22:20:24.0297 0x16f4 MSPCLOCK - ok
22:20:24.0308 0x16f4 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\windows\system32\drivers\MSPQM.sys
22:20:24.0310 0x16f4 MSPQM - ok
22:20:24.0359 0x16f4 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
22:20:24.0377 0x16f4 MsRPC - ok
22:20:24.0433 0x16f4 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
22:20:24.0437 0x16f4 mssmbios - ok
22:20:24.0470 0x16f4 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\windows\system32\drivers\MSTEE.sys
22:20:24.0471 0x16f4 MSTEE - ok
22:20:24.0484 0x16f4 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
22:20:24.0487 0x16f4 MTConfig - ok
22:20:24.0511 0x16f4 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\windows\system32\Drivers\mup.sys
22:20:24.0514 0x16f4 Mup - ok
22:20:24.0579 0x16f4 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\windows\system32\qagentRT.dll
22:20:24.0624 0x16f4 napagent - ok
22:20:24.0687 0x16f4 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
22:20:24.0707 0x16f4 NativeWifiP - ok
22:20:24.0785 0x16f4 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\windows\system32\drivers\ndis.sys
22:20:24.0840 0x16f4 NDIS - ok
22:20:24.0881 0x16f4 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
22:20:24.0884 0x16f4 NdisCap - ok
22:20:24.0908 0x16f4 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
22:20:24.0910 0x16f4 NdisTapi - ok
22:20:24.0952 0x16f4 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
22:20:24.0957 0x16f4 Ndisuio - ok
22:20:25.0003 0x16f4 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
22:20:25.0010 0x16f4 NdisWan - ok
22:20:25.0027 0x16f4 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
22:20:25.0031 0x16f4 NDProxy - ok
22:20:25.0053 0x16f4 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
22:20:25.0057 0x16f4 NetBIOS - ok
22:20:25.0104 0x16f4 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
22:20:25.0116 0x16f4 NetBT - ok
22:20:25.0137 0x16f4 [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] Netlogon C:\windows\system32\lsass.exe
22:20:25.0140 0x16f4 Netlogon - ok
22:20:25.0186 0x16f4 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\windows\System32\netman.dll
22:20:25.0208 0x16f4 Netman - ok
22:20:25.0264 0x16f4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:20:25.0288 0x16f4 NetMsmqActivator - ok
22:20:25.0304 0x16f4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:20:25.0310 0x16f4 NetPipeActivator - ok
22:20:25.0359 0x16f4 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\windows\System32\netprofm.dll
22:20:25.0393 0x16f4 netprofm - ok
22:20:25.0409 0x16f4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:20:25.0415 0x16f4 NetTcpActivator - ok
22:20:25.0434 0x16f4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:20:25.0440 0x16f4 NetTcpPortSharing - ok
22:20:25.0868 0x16f4 [ 64428DFDAF6E88366CB51F45A79C5F69, 31187D38C1AB52120A3CB7AC3CE47ED9682AC37B0F06B9A9610C0065DD4E7B13 ] netw5v64 C:\windows\system32\DRIVERS\netw5v64.sys
22:20:26.0136 0x16f4 netw5v64 - ok
22:20:26.0208 0x16f4 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
22:20:26.0213 0x16f4 nfrd960 - ok
22:20:26.0271 0x16f4 [ 4774AD83C650001B337B92E5E5DA337B, 138ECC7F556D8A12AE58B78B68F6515BE4C00F9F062596B48B6CA6C010F13035 ] NisDrv C:\windows\system32\DRIVERS\NisDrvWFP.sys
22:20:26.0277 0x16f4 NisDrv - ok
22:20:26.0319 0x16f4 [ 96B7D15161A778B359E707796CCEA646, 9E4A25D9848FAECC517474EAD548E7975CBE3F41AAA964E5245E78F2A723925E ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
22:20:26.0342 0x16f4 NisSrv - ok
22:20:26.0384 0x16f4 [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\windows\System32\nlasvc.dll
22:20:26.0408 0x16f4 NlaSvc - ok
22:20:26.0443 0x16f4 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\windows\system32\drivers\Npfs.sys
22:20:26.0446 0x16f4 Npfs - ok
22:20:26.0482 0x16f4 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\windows\system32\nsisvc.dll
22:20:26.0487 0x16f4 nsi - ok
22:20:26.0521 0x16f4 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
22:20:26.0524 0x16f4 nsiproxy - ok
22:20:26.0746 0x16f4 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
22:20:26.0825 0x16f4 Ntfs - ok
22:20:26.0861 0x16f4 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\windows\system32\drivers\Null.sys
22:20:26.0863 0x16f4 Null - ok
22:20:26.0902 0x16f4 [ CDDD4478757288DF4BB1494BFD084259, 2063A1B4F24BD466A501198B12574D830BC4696ED53CDFF96C1EE91EE8CD1BB0 ] NVHDA C:\windows\system32\drivers\nvhda64v.sys
22:20:26.0907 0x16f4 NVHDA - ok
22:20:27.0859 0x16f4 [ B8A1174BFD21AF0379B4807BFC85FA66, FEA45F8DF69EC026760560D2A16988F1E2EFAED6A3B6E9DE1040083568E51631 ] nvlddmkm C:\windows\system32\DRIVERS\nvlddmkm.sys
22:20:28.0536 0x16f4 nvlddmkm - ok
22:20:28.0646 0x16f4 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\windows\system32\drivers\nvraid.sys
22:20:28.0653 0x16f4 nvraid - ok
22:20:28.0708 0x16f4 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\windows\system32\drivers\nvstor.sys
22:20:28.0716 0x16f4 nvstor - ok
22:20:28.0828 0x16f4 [ 8C639660B1CB88A966674FC13B8F43A2, C794554D771CA61746F21D2CF73A7F0B5919FCB6EEE2A1A88B3EFA5CA7AFE662 ] nvsvc C:\windows\system32\nvvsvc.exe
22:20:28.0848 0x16f4 nvsvc - ok
22:20:28.0928 0x16f4 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\windows\system32\drivers\nv_agp.sys
22:20:28.0934 0x16f4 nv_agp - ok
22:20:28.0983 0x16f4 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
22:20:28.0987 0x16f4 ohci1394 - ok
22:20:29.0082 0x16f4 [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:20:29.0088 0x16f4 ose - ok
22:20:29.0410 0x16f4 [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:20:29.0679 0x16f4 osppsvc - ok
22:20:29.0754 0x16f4 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\windows\system32\pnrpsvc.dll
22:20:29.0772 0x16f4 p2pimsvc - ok
22:20:29.0822 0x16f4 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\windows\system32\p2psvc.dll
22:20:29.0845 0x16f4 p2psvc - ok
22:20:29.0885 0x16f4 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\windows\system32\DRIVERS\parport.sys
22:20:29.0891 0x16f4 Parport - ok
22:20:29.0930 0x16f4 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\windows\system32\drivers\partmgr.sys
22:20:29.0934 0x16f4 partmgr - ok
22:20:29.0970 0x16f4 [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc C:\windows\System32\pcasvc.dll
22:20:29.0980 0x16f4 PcaSvc - ok
22:20:30.0009 0x16f4 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\windows\system32\drivers\pci.sys
22:20:30.0017 0x16f4 pci - ok
22:20:30.0057 0x16f4 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\windows\system32\drivers\pciide.sys
22:20:30.0060 0x16f4 pciide - ok
22:20:30.0095 0x16f4 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
22:20:30.0106 0x16f4 pcmcia - ok
22:20:30.0131 0x16f4 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\windows\system32\drivers\pcw.sys
22:20:30.0135 0x16f4 pcw - ok
22:20:30.0210 0x16f4 [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH C:\windows\system32\drivers\peauth.sys
22:20:30.0241 0x16f4 PEAUTH - ok
22:20:30.0817 0x16f4 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\windows\SysWow64\perfhost.exe
22:20:30.0821 0x16f4 PerfHost - ok
22:20:30.0990 0x16f4 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\windows\system32\pla.dll
22:20:31.0069 0x16f4 pla - ok
22:20:31.0141 0x16f4 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\windows\system32\umpnpmgr.dll
22:20:31.0160 0x16f4 PlugPlay - ok
22:20:31.0196 0x16f4 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
22:20:31.0200 0x16f4 PNRPAutoReg - ok
22:20:31.0231 0x16f4 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\windows\system32\pnrpsvc.dll
22:20:31.0245 0x16f4 PNRPsvc - ok
22:20:31.0307 0x16f4 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
22:20:31.0339 0x16f4 PolicyAgent - ok
22:20:31.0399 0x16f4 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\windows\system32\umpo.dll
22:20:31.0409 0x16f4 Power - ok
22:20:31.0471 0x16f4 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
22:20:31.0476 0x16f4 PptpMiniport - ok
22:20:31.0516 0x16f4 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\windows\system32\DRIVERS\processr.sys
22:20:31.0520 0x16f4 Processor - ok
22:20:31.0564 0x16f4 [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\windows\system32\profsvc.dll
22:20:31.0576 0x16f4 ProfSvc - ok
22:20:31.0649 0x16f4 [ 9CC2C93394241E602DA63826413055FF, 844FA885A2FF59758D5E97084AD81C48DFA2BBC39E4CDE7B04D200820426D7EA ] Prosieben C:\Program Files (x86)\maxdome\DCBin\DCService.exe
22:20:31.0653 0x16f4 Prosieben - ok
22:20:31.0670 0x16f4 [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] ProtectedStorage C:\windows\system32\lsass.exe
22:20:31.0673 0x16f4 ProtectedStorage - ok
22:20:31.0723 0x16f4 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\windows\system32\DRIVERS\pacer.sys
22:20:31.0730 0x16f4 Psched - ok
22:20:31.0775 0x16f4 [ FB46E9A827A8799EBD7BFA9128C91F37, 7C40E9C1720522D76AF45A588DFF47BDF0E2A99AF3A396854A00F1273EA13193 ] PSI C:\windows\system32\DRIVERS\psi_mf.sys
22:20:31.0824 0x16f4 PSI - ok
22:20:31.0836 0x16f4 PS_MDP - ok
22:20:32.0016 0x16f4 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
22:20:32.0127 0x16f4 ql2300 - ok
22:20:32.0155 0x16f4 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
22:20:32.0161 0x16f4 ql40xx - ok
22:20:32.0253 0x16f4 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\windows\system32\qwave.dll
22:20:32.0267 0x16f4 QWAVE - ok
22:20:32.0339 0x16f4 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
22:20:32.0342 0x16f4 QWAVEdrv - ok
22:20:32.0407 0x16f4 [ A55E7D0D873B2C97585B3B5926AC6ADE, 3BE3895DA7F0888E85B1941525878BA0846A8F215AD39ED8138BB39615468E32 ] RapiMgr C:\windows\WindowsMobile\rapimgr.dll
22:20:32.0417 0x16f4 RapiMgr - ok
22:20:32.0469 0x16f4 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
22:20:32.0471 0x16f4 RasAcd - ok
22:20:32.0506 0x16f4 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
22:20:32.0510 0x16f4 RasAgileVpn - ok
22:20:32.0656 0x16f4 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\windows\System32\rasauto.dll
22:20:32.0664 0x16f4 RasAuto - ok
22:20:32.0700 0x16f4 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
22:20:32.0707 0x16f4 Rasl2tp - ok
22:20:32.0836 0x16f4 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\windows\System32\rasmans.dll
22:20:32.0860 0x16f4 RasMan - ok
22:20:32.0957 0x16f4 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
22:20:32.0962 0x16f4 RasPppoe - ok
22:20:32.0979 0x16f4 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
22:20:32.0983 0x16f4 RasSstp - ok
22:20:33.0050 0x16f4 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
22:20:33.0072 0x16f4 rdbss - ok
22:20:33.0131 0x16f4 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
22:20:33.0133 0x16f4 rdpbus - ok
22:20:33.0151 0x16f4 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
22:20:33.0154 0x16f4 RDPCDD - ok
22:20:33.0176 0x16f4 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
22:20:33.0179 0x16f4 RDPENCDD - ok
22:20:33.0200 0x16f4 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
22:20:33.0202 0x16f4 RDPREFMP - ok
22:20:33.0321 0x16f4 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\windows\system32\drivers\RDPWD.sys
22:20:33.0331 0x16f4 RDPWD - ok
22:20:33.0395 0x16f4 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\windows\system32\drivers\rdyboost.sys
22:20:33.0406 0x16f4 rdyboost - ok
22:20:33.0419 0x16f4 ReadyComm.DirectRouter - ok
22:20:33.0511 0x16f4 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\windows\System32\mprdim.dll
22:20:33.0519 0x16f4 RemoteAccess - ok
22:20:33.0616 0x16f4 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\windows\system32\regsvc.dll
22:20:33.0626 0x16f4 RemoteRegistry - ok
22:20:33.0667 0x16f4 [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
22:20:33.0675 0x16f4 RFCOMM - ok
22:20:33.0726 0x16f4 [ CAF88D6573D21CD2AA27001DDBFDC74D, 8256B93E586953F1B594BFFA1F005DB08325CAF1729A93820B09F60DAA998C97 ] RMCAST C:\windows\system32\DRIVERS\RMCAST.sys
22:20:33.0734 0x16f4 RMCAST - ok
22:20:33.0779 0x16f4 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
22:20:33.0784 0x16f4 RpcEptMapper - ok
22:20:33.0825 0x16f4 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\windows\system32\locator.exe
22:20:33.0828 0x16f4 RpcLocator - ok
22:20:33.0888 0x16f4 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\windows\system32\rpcss.dll
22:20:33.0911 0x16f4 RpcSs - ok
22:20:34.0000 0x16f4 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
22:20:34.0004 0x16f4 rspndr - ok
22:20:34.0047 0x16f4 [ 5AAB4808E8CCAE8C2ECDA5B791260616, EFA49ADD657D209AFE73CE0E9184E319D5F7A8A0C6B60BEFA0AAB172B2D397BA ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
22:20:34.0059 0x16f4 RSUSBSTOR - ok
22:20:34.0094 0x16f4 [ 4FBDA07EF0A3097CE14C5CABF723B278, 6F1E21362F0057E9C6A180D9189AEB51761F4C019A6835E50E4AD19ED1F58FE6 ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
22:20:34.0111 0x16f4 RTL8167 - ok
22:20:34.0137 0x16f4 [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] SamSs C:\windows\system32\lsass.exe
22:20:34.0140 0x16f4 SamSs - ok
22:20:34.0193 0x16f4 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\windows\system32\drivers\sbp2port.sys
22:20:34.0199 0x16f4 sbp2port - ok
22:20:34.0250 0x16f4 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\windows\System32\SCardSvr.dll
22:20:34.0262 0x16f4 SCardSvr - ok
22:20:34.0310 0x16f4 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
22:20:34.0313 0x16f4 scfilter - ok
22:20:34.0403 0x16f4 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\windows\system32\schedsvc.dll
22:20:34.0494 0x16f4 Schedule - ok
22:20:34.0548 0x16f4 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\windows\System32\certprop.dll
22:20:34.0552 0x16f4 SCPolicySvc - ok
22:20:34.0593 0x16f4 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\windows\System32\SDRSVC.dll
22:20:34.0604 0x16f4 SDRSVC - ok
22:20:34.0638 0x16f4 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\windows\system32\drivers\secdrv.sys
22:20:34.0641 0x16f4 secdrv - ok
22:20:34.0671 0x16f4 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\windows\system32\seclogon.dll
22:20:34.0675 0x16f4 seclogon - ok
22:20:34.0828 0x16f4 [ 5B66DB4877BBAC9F7493AA8D84421E49, D1FCE833A9140E5EC3106373A6FF42335A9A20EBBE020E757B55F032DA0FA7AE ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
22:20:34.0927 0x16f4 Secunia PSI Agent - ok
22:20:35.0000 0x16f4 [ 0E88FDF474F2CDD370A4A6CE77D018F0, D01DA8FF7ADB073E4EECDBDF4F5FE595D6AC70F8C57AFC9ED5C51486CFCECC50 ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
22:20:35.0018 0x16f4 Secunia Update Agent - ok
22:20:35.0067 0x16f4 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\windows\System32\sens.dll
22:20:35.0073 0x16f4 SENS - ok
22:20:35.0097 0x16f4 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\windows\system32\sensrsvc.dll
22:20:35.0101 0x16f4 SensrSvc - ok
22:20:35.0131 0x16f4 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\windows\system32\DRIVERS\serenum.sys
22:20:35.0133 0x16f4 Serenum - ok
22:20:35.0176 0x16f4 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\windows\system32\DRIVERS\serial.sys
22:20:35.0182 0x16f4 Serial - ok
22:20:35.0221 0x16f4 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
22:20:35.0224 0x16f4 sermouse - ok
22:20:35.0300 0x16f4 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\windows\system32\sessenv.dll
22:20:35.0308 0x16f4 SessionEnv - ok
22:20:35.0340 0x16f4 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\windows\system32\drivers\sffdisk.sys
22:20:35.0342 0x16f4 sffdisk - ok
22:20:35.0362 0x16f4 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
22:20:35.0365 0x16f4 sffp_mmc - ok
22:20:35.0379 0x16f4 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
22:20:35.0381 0x16f4 sffp_sd - ok
22:20:35.0408 0x16f4 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
22:20:35.0411 0x16f4 sfloppy - ok
22:20:35.0490 0x16f4 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\windows\System32\ipnathlp.dll
22:20:35.0508 0x16f4 SharedAccess - ok
22:20:35.0580 0x16f4 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\windows\System32\shsvcs.dll
22:20:35.0603 0x16f4 ShellHWDetection - ok
22:20:35.0632 0x16f4 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
22:20:35.0635 0x16f4 SiSRaid2 - ok
22:20:35.0656 0x16f4 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
22:20:35.0661 0x16f4 SiSRaid4 - ok
22:20:35.0831 0x16f4 [ 704B4F81729F676BBF034529FC334D82, 1E50DAF97836807A500284385D99272780A8B69CA88761250451060B207824F8 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
22:20:35.0846 0x16f4 SkypeUpdate - ok
22:20:35.0896 0x16f4 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\windows\system32\DRIVERS\smb.sys
22:20:35.0901 0x16f4 Smb - ok
22:20:35.0971 0x16f4 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\windows\System32\snmptrap.exe
22:20:35.0975 0x16f4 SNMPTRAP - ok
22:20:36.0021 0x16f4 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\windows\system32\drivers\spldr.sys
22:20:36.0023 0x16f4 spldr - ok
22:20:36.0081 0x16f4 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\windows\System32\spoolsv.exe
22:20:36.0108 0x16f4 Spooler - ok
22:20:36.0366 0x16f4 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\windows\system32\sppsvc.exe
22:20:36.0561 0x16f4 sppsvc - ok
22:20:36.0670 0x16f4 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\windows\system32\sppuinotify.dll
22:20:36.0676 0x16f4 sppuinotify - ok
22:20:36.0733 0x16f4 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\windows\system32\DRIVERS\srv.sys
22:20:36.0755 0x16f4 srv - ok
22:20:36.0803 0x16f4 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
22:20:36.0848 0x16f4 srv2 - ok
22:20:36.0890 0x16f4 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
22:20:36.0898 0x16f4 srvnet - ok
22:20:36.0967 0x16f4 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
22:20:36.0978 0x16f4 SSDPSRV - ok
22:20:37.0004 0x16f4 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\windows\system32\sstpsvc.dll
22:20:37.0011 0x16f4 SstpSvc - ok
22:20:37.0249 0x16f4 [ E8606BF6BE3B7481D95F1DD2E4F3FCBA, 522646B5266C3E18AF909CB49F411ABB10F5DCD02A2B923C1EA209529AFD1A94 ] StarMoney Business 4.0 OnlineUpdate C:\Program Files (x86)\StarMoney Business 4.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
22:20:37.0367 0x16f4 StarMoney Business 4.0 OnlineUpdate - ok
22:20:37.0518 0x16f4 [ 3BF022F8064A83A23DF90971DD78CA83, 85754DF1C6DE745ADF9A0BAB1948AFF2CA16C4569128DA90AF610D199E621BF4 ] StarMoney Business 6.0 OnlineUpdate C:\Program Files (x86)\StarMoney Business 6.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
22:20:37.0550 0x16f4 StarMoney Business 6.0 OnlineUpdate - ok
22:20:37.0614 0x16f4 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
22:20:37.0632 0x16f4 stexstor - ok
22:20:37.0729 0x16f4 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\windows\System32\wiaservc.dll
22:20:37.0771 0x16f4 stisvc - ok
22:20:37.0813 0x16f4 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\windows\system32\drivers\swenum.sys
22:20:37.0814 0x16f4 swenum - ok
22:20:37.0940 0x16f4 [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
22:20:37.0965 0x16f4 SwitchBoard - ok
22:20:38.0019 0x16f4 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\windows\System32\swprv.dll
22:20:38.0048 0x16f4 swprv - ok
22:20:38.0215 0x16f4 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\windows\system32\sysmain.dll
22:20:38.0318 0x16f4 SysMain - ok
22:20:38.0385 0x16f4 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\windows\System32\TabSvc.dll
22:20:38.0393 0x16f4 TabletInputService - ok
22:20:38.0435 0x16f4 [ BCD6A90D6FD757CE9C29DDC850F7F231, 8E736A42B28BE11EC524C40DFA1C7A88BBE10CBC97320F128BCBE44051BBCC81 ] tap0901 C:\windows\system32\DRIVERS\tap0901.sys
22:20:38.0438 0x16f4 tap0901 - ok
22:20:38.0487 0x16f4 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\windows\System32\tapisrv.dll
22:20:38.0510 0x16f4 TapiSrv - ok
22:20:38.0567 0x16f4 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\windows\System32\tbssvc.dll
22:20:38.0573 0x16f4 TBS - ok
22:20:38.0817 0x16f4 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\windows\system32\drivers\tcpip.sys
22:20:38.0926 0x16f4 Tcpip - ok
22:20:39.0098 0x16f4 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
22:20:39.0175 0x16f4 TCPIP6 - ok
22:20:39.0279 0x16f4 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
22:20:39.0282 0x16f4 tcpipreg - ok
22:20:39.0339 0x16f4 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
22:20:39.0341 0x16f4 TDPIPE - ok
22:20:39.0386 0x16f4 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
22:20:39.0389 0x16f4 TDTCP - ok
22:20:39.0435 0x16f4 [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx C:\windows\system32\DRIVERS\tdx.sys
22:20:39.0442 0x16f4 tdx - ok
22:20:39.0489 0x16f4 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\windows\system32\drivers\termdd.sys
22:20:39.0494 0x16f4 TermDD - ok
22:20:39.0608 0x16f4 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\windows\System32\termsrv.dll
22:20:39.0678 0x16f4 TermService - ok
22:20:39.0747 0x16f4 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\windows\system32\themeservice.dll
22:20:39.0752 0x16f4 Themes - ok
22:20:39.0787 0x16f4 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\windows\system32\mmcss.dll
22:20:39.0791 0x16f4 THREADORDER - ok
22:20:39.0841 0x16f4 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\windows\System32\trkwks.dll
22:20:39.0849 0x16f4 TrkWks - ok
22:20:39.0914 0x16f4 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
22:20:39.0924 0x16f4 TrustedInstaller - ok
22:20:39.0992 0x16f4 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
22:20:39.0995 0x16f4 tssecsrv - ok
22:20:40.0060 0x16f4 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
22:20:40.0064 0x16f4 TsUsbFlt - ok
22:20:40.0624 0x16f4 [ 92010D59383302086C635B7D25A05A33, 9E51BF0EA4705A86C3D8D0D5989438C55CC43D2880A6FA0C9FEA30388EA88537 ] TuneUp.Defrag C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
22:20:40.0674 0x16f4 TuneUp.Defrag - ok
22:20:40.0798 0x16f4 [ 6525DD751ECBE7FEAFF75E3B178AACC1, 87FFF30E8807515A13C74351B7D7F45785BA7B37DEA89DE1A86A6740B8F23D2F ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
22:20:40.0883 0x16f4 TuneUp.UtilitiesSvc - ok
22:20:40.0988 0x16f4 [ DCC94C51D27C7EC0DADECA8F64C94FCF, 90C978C2284C9BDE3EFA1124616D824E0C361C388293FA22DBC8C3B70C920574 ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys
22:20:40.0990 0x16f4 TuneUpUtilitiesDrv - ok
22:20:41.0060 0x16f4 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
22:20:41.0066 0x16f4 tunnel - ok
22:20:41.0188 0x16f4 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
22:20:41.0192 0x16f4 uagp35 - ok
22:20:41.0250 0x16f4 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\windows\system32\DRIVERS\udfs.sys
22:20:41.0272 0x16f4 udfs - ok
22:20:41.0348 0x16f4 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\windows\system32\UI0Detect.exe
22:20:41.0354 0x16f4 UI0Detect - ok
22:20:41.0434 0x16f4 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
22:20:41.0438 0x16f4 uliagpkx - ok
22:20:41.0610 0x16f4 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\windows\system32\DRIVERS\umbus.sys
22:20:41.0614 0x16f4 umbus - ok
22:20:41.0684 0x16f4 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\windows\system32\DRIVERS\umpass.sys
22:20:41.0686 0x16f4 UmPass - ok
22:20:42.0664 0x16f4 [ AF905F4966CFC8B973623AB150CD4B2B, E1BF0481A584C10AE4A927A01A1E6B76036C18FAF7AB38D9B78641F5808D9888 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
22:20:42.0822 0x16f4 UNS - ok
22:20:43.0043 0x16f4 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\windows\System32\upnphost.dll
22:20:43.0059 0x16f4 upnphost - ok
22:20:43.0153 0x16f4 [ 7CE0FE34FD8FB7F52D1E503B0C1E4FA9, B54B558136FF621A4C63945CF982780CD9C61F3CB15143D73B550E6D0C14A246 ] UPnPService C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
22:20:43.0345 0x16f4 UPnPService - ok
22:20:43.0401 0x16f4 [ 5C3BE22E485B9BF11FCEFDC676C728D0, F55061066ECF6920D56518A677BB538C18B7F1BB150ED6DB3591408F44E8D53A ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys
22:20:43.0405 0x16f4 USBAAPL64 - ok
22:20:43.0465 0x16f4 [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\windows\system32\drivers\usbaudio.sys
22:20:43.0471 0x16f4 usbaudio - ok
22:20:43.0516 0x16f4 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
22:20:43.0522 0x16f4 usbccgp - ok
22:20:43.0580 0x16f4 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\windows\system32\drivers\usbcir.sys
22:20:43.0585 0x16f4 usbcir - ok
22:20:43.0616 0x16f4 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\windows\system32\drivers\usbehci.sys
22:20:43.0619 0x16f4 usbehci - ok
22:20:43.0683 0x16f4 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
22:20:43.0780 0x16f4 usbhub - ok
22:20:43.0981 0x16f4 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\windows\system32\drivers\usbohci.sys
22:20:43.0984 0x16f4 usbohci - ok
22:20:44.0058 0x16f4 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
22:20:44.0061 0x16f4 usbprint - ok
22:20:44.0123 0x16f4 [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
22:20:44.0126 0x16f4 usbscan - ok
22:20:44.0226 0x16f4 [ 310ABD644511CBEEE16814095759D670, 416935D68882822DEFFD1CEEC2EEC8F8FC27E76414C2C529C82F84DF15C21F71 ] usbsmi C:\windows\system32\DRIVERS\SMIksdrv.sys
22:20:44.0236 0x16f4 usbsmi - ok
22:20:44.0333 0x16f4 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
22:20:44.0338 0x16f4 USBSTOR - ok
22:20:44.0439 0x16f4 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\windows\system32\drivers\usbuhci.sys
22:20:44.0441 0x16f4 usbuhci - ok
22:20:44.0588 0x16f4 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
22:20:44.0623 0x16f4 usbvideo - ok
22:20:44.0711 0x16f4 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\windows\System32\uxsms.dll
22:20:44.0715 0x16f4 UxSms - ok
22:20:44.0784 0x16f4 [ C8EB4193D33A48A4AD2D5D7CA121CF88, 057AB74992D342839337B9057462517B0FD622D521A160D895220ABCC23DD3BC ] UxTuneUp C:\windows\System32\uxtuneup.dll
22:20:44.0788 0x16f4 UxTuneUp - ok
22:20:44.0815 0x16f4 [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] VaultSvc C:\windows\system32\lsass.exe
22:20:44.0817 0x16f4 VaultSvc - ok
22:20:44.0846 0x16f4 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
22:20:44.0849 0x16f4 vdrvroot - ok
22:20:45.0057 0x16f4 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\windows\System32\vds.exe
22:20:45.0084 0x16f4 vds - ok
22:20:45.0155 0x16f4 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\windows\system32\DRIVERS\vgapnp.sys
22:20:45.0158 0x16f4 vga - ok
22:20:45.0228 0x16f4 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\windows\System32\drivers\vga.sys
22:20:45.0230 0x16f4 VgaSave - ok
22:20:45.0341 0x16f4 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\windows\system32\drivers\vhdmp.sys
22:20:45.0351 0x16f4 vhdmp - ok
22:20:45.0418 0x16f4 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\windows\system32\drivers\viaide.sys
22:20:45.0420 0x16f4 viaide - ok
22:20:45.0471 0x16f4 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\windows\system32\drivers\volmgr.sys
22:20:45.0475 0x16f4 volmgr - ok
22:20:45.0619 0x16f4 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\windows\system32\drivers\volmgrx.sys
22:20:45.0636 0x16f4 volmgrx - ok
22:20:45.0786 0x16f4 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\windows\system32\drivers\volsnap.sys
22:20:45.0800 0x16f4 volsnap - ok
22:20:45.0922 0x16f4 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
22:20:45.0930 0x16f4 vsmraid - ok
22:20:46.0079 0x16f4 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\windows\system32\vssvc.exe
22:20:46.0152 0x16f4 VSS - ok
22:20:46.0179 0x16f4 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
22:20:46.0181 0x16f4 vwifibus - ok
22:20:46.0221 0x16f4 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
22:20:46.0224 0x16f4 vwififlt - ok
22:20:46.0283 0x16f4 [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
22:20:46.0286 0x16f4 vwifimp - ok
22:20:46.0342 0x16f4 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\windows\system32\w32time.dll
22:20:46.0364 0x16f4 W32Time - ok
22:20:46.0423 0x16f4 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
22:20:46.0425 0x16f4 WacomPen - ok
22:20:46.0478 0x16f4 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
22:20:46.0482 0x16f4 WANARP - ok
22:20:46.0499 0x16f4 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
22:20:46.0504 0x16f4 Wanarpv6 - ok
22:20:46.0744 0x16f4 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
22:20:46.0853 0x16f4 WatAdminSvc - ok
22:20:47.0446 0x16f4 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\windows\system32\wbengine.exe
22:20:47.0540 0x16f4 wbengine - ok
22:20:47.0700 0x16f4 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\windows\System32\wbiosrvc.dll
22:20:47.0712 0x16f4 WbioSrvc - ok
22:20:47.0815 0x16f4 [ 8BDA6DB43AA54E8BB5E0794541DDC209, 8753C507BE77B019A3403AF5252434A01DB9F9332E58AC3783ABCE3D21AD9DD4 ] WcesComm C:\windows\WindowsMobile\wcescomm.dll
22:20:47.0834 0x16f4 WcesComm - ok
22:20:48.0049 0x16f4 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\windows\System32\wcncsvc.dll
22:20:48.0068 0x16f4 wcncsvc - ok
22:20:48.0121 0x16f4 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
22:20:48.0126 0x16f4 WcsPlugInService - ok
22:20:48.0190 0x16f4 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\windows\system32\DRIVERS\wd.sys
22:20:48.0193 0x16f4 Wd - ok
22:20:48.0301 0x16f4 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
22:20:48.0368 0x16f4 Wdf01000 - ok
22:20:48.0457 0x16f4 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost C:\windows\system32\wdi.dll
22:20:48.0464 0x16f4 WdiServiceHost - ok
22:20:48.0512 0x16f4 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost C:\windows\system32\wdi.dll
22:20:48.0518 0x16f4 WdiSystemHost - ok
22:20:48.0634 0x16f4 [ 2A444ACF7DD446505BCC801F8F6AE5FD, A257CBA8D1B96D4E8C2085DB5D28C5D4FFA64767ABA5FE764F1AA2697D0E994B ] wdmirror C:\windows\system32\DRIVERS\WDMirror.sys
22:20:48.0635 0x16f4 wdmirror - ok
22:20:48.0697 0x16f4 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\windows\System32\webclnt.dll
22:20:48.0711 0x16f4 WebClient - ok
22:20:48.0838 0x16f4 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\windows\system32\wecsvc.dll
22:20:48.0853 0x16f4 Wecsvc - ok
22:20:48.0900 0x16f4 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\windows\System32\wercplsupport.dll
22:20:48.0907 0x16f4 wercplsupport - ok
22:20:48.0999 0x16f4 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\windows\System32\WerSvc.dll
22:20:49.0011 0x16f4 WerSvc - ok
22:20:49.0078 0x16f4 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
22:20:49.0080 0x16f4 WfpLwf - ok
22:20:49.0131 0x16f4 [ B14EF15BD757FA488F9C970EEE9C0D35, F27DF2D47E7076786AE7C396583D7A1C56B93E766711066C900964FC7313E794 ] WimFltr C:\windows\system32\DRIVERS\wimfltr.sys
22:20:49.0139 0x16f4 WimFltr - ok
22:20:49.0165 0x16f4 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\windows\system32\drivers\wimmount.sys
22:20:49.0167 0x16f4 WIMMount - ok
22:20:49.0201 0x16f4 WinDefend - ok
22:20:49.0240 0x16f4 WinHttpAutoProxySvc - ok
22:20:49.0324 0x16f4 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
22:20:49.0337 0x16f4 Winmgmt - ok
22:20:49.0850 0x16f4 [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\windows\system32\WsmSvc.dll
22:20:50.0001 0x16f4 WinRM - ok
22:20:50.0159 0x16f4 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\windows\system32\drivers\WinUsb.sys
22:20:50.0177 0x16f4 WinUsb - ok
22:20:50.0302 0x16f4 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\windows\System32\wlansvc.dll
22:20:50.0357 0x16f4 Wlansvc - ok
22:20:50.0412 0x16f4 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
22:20:50.0414 0x16f4 WmiAcpi - ok
22:20:50.0578 0x16f4 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
22:20:50.0587 0x16f4 wmiApSrv - ok
22:20:50.0699 0x16f4 WMPNetworkSvc - ok
22:20:50.0751 0x16f4 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\windows\System32\wpcsvc.dll
22:20:50.0756 0x16f4 WPCSvc - ok
22:20:50.0855 0x16f4 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
22:20:50.0863 0x16f4 WPDBusEnum - ok
22:20:50.0929 0x16f4 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
22:20:50.0932 0x16f4 ws2ifsl - ok
22:20:51.0016 0x16f4 [ ADD2FE1A9F4EE41A6D724819550D4E1F, EE8320496D611F6D264AC21684EACB5DC6F9DD82E055726073C7782D0993AFB3 ] WsAudio_Device(1) C:\windows\system32\drivers\VirtualAudio1.sys
22:20:51.0042 0x16f4 WsAudio_Device(1) - ok
22:20:51.0140 0x16f4 [ ADD2FE1A9F4EE41A6D724819550D4E1F, EE8320496D611F6D264AC21684EACB5DC6F9DD82E055726073C7782D0993AFB3 ] WsAudio_Device(2) C:\windows\system32\drivers\VirtualAudio2.sys
22:20:51.0188 0x16f4 WsAudio_Device(2) - ok
22:20:51.0248 0x16f4 [ ADD2FE1A9F4EE41A6D724819550D4E1F, EE8320496D611F6D264AC21684EACB5DC6F9DD82E055726073C7782D0993AFB3 ] WsAudio_Device(3) C:\windows\system32\drivers\VirtualAudio3.sys
22:20:51.0284 0x16f4 WsAudio_Device(3) - ok
22:20:51.0331 0x16f4 [ ADD2FE1A9F4EE41A6D724819550D4E1F, EE8320496D611F6D264AC21684EACB5DC6F9DD82E055726073C7782D0993AFB3 ] WsAudio_Device(4) C:\windows\system32\drivers\VirtualAudio4.sys
22:20:51.0366 0x16f4 WsAudio_Device(4) - ok
22:20:51.0403 0x16f4 [ ADD2FE1A9F4EE41A6D724819550D4E1F, EE8320496D611F6D264AC21684EACB5DC6F9DD82E055726073C7782D0993AFB3 ] WsAudio_Device(5) C:\windows\system32\drivers\VirtualAudio5.sys
22:20:51.0438 0x16f4 WsAudio_Device(5) - ok
22:20:51.0498 0x16f4 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\windows\System32\wscsvc.dll
22:20:51.0520 0x16f4 wscsvc - ok
22:20:51.0597 0x16f4 [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice C:\windows\system32\DRIVERS\WSDPrint.sys
22:20:51.0600 0x16f4 WSDPrintDevice - ok
22:20:51.0646 0x16f4 [ 4A2A5C50DD1A63577D3ACA94269FBC7F, F75C1906D431CF871AD954218DF32A0F206E45FF49332DEF9F13C0A36A407047 ] WSDScan C:\windows\system32\DRIVERS\WSDScan.sys
22:20:51.0649 0x16f4 WSDScan - ok
22:20:51.0674 0x16f4 WSearch - ok
22:20:51.0754 0x16f4 [ 83575C43B2BFE9AB0661A7F957E843C0, 6FCE62721902A4F35F1A4CED8AF60A0346CFAB657ED92DE4CEFF19BDB830D32D ] wsvd C:\windows\system32\DRIVERS\wsvd.sys
22:20:51.0768 0x16f4 wsvd - ok
22:20:52.0072 0x16f4 [ 0814A74C853F50B354F08F83DDA9F7FB, 0A63BAA8DE451B8C2C71FEF961718E769B9BAC305C76D24048C664CB27D0DF28 ] wuauserv C:\windows\system32\wuaueng.dll
22:20:52.0233 0x16f4 wuauserv - ok
22:20:52.0297 0x16f4 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\windows\system32\drivers\WudfPf.sys
22:20:52.0302 0x16f4 WudfPf - ok
22:20:52.0343 0x16f4 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\windows\system32\drivers\WUDFRd.sys
22:20:52.0354 0x16f4 WUDFRd - ok
22:20:52.0396 0x16f4 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\windows\System32\WUDFSvc.dll
22:20:52.0417 0x16f4 wudfsvc - ok
22:20:52.0461 0x16f4 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\windows\System32\wwansvc.dll
22:20:52.0476 0x16f4 WwanSvc - ok
22:20:52.0704 0x16f4 [ 74983ADDCA2D9618512C088D856D6615, C4592EFC1206BD813221814FD529AD38ED26E4AE086613EB95D3D5E20448A1F0 ] {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} C:\Program Files (x86)\Lenovo\PlayMovie\000.fcl
22:20:52.0711 0x16f4 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} - ok
22:20:52.0741 0x16f4 ================ Scan global ===============================
22:20:52.0793 0x16f4 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\windows\system32\basesrv.dll
22:20:52.0831 0x16f4 [ 2313AF8D5A9CEB4A55400A01DD311A95, A5779FE967EA2703E86BEDC32CD736617AF278C72048228F038DFC628E1E0AA2 ] C:\windows\system32\winsrv.dll
22:20:52.0876 0x16f4 [ 2313AF8D5A9CEB4A55400A01DD311A95, A5779FE967EA2703E86BEDC32CD736617AF278C72048228F038DFC628E1E0AA2 ] C:\windows\system32\winsrv.dll
22:20:53.0013 0x16f4 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\windows\system32\sxssrv.dll
22:20:53.0061 0x16f4 [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\windows\system32\services.exe
22:20:53.0083 0x16f4 [ Global ] - ok
22:20:53.0084 0x16f4 ================ Scan MBR ==================================
22:20:53.0132 0x16f4 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:20:53.0602 0x16f4 \Device\Harddisk0\DR0 - ok
22:20:53.0602 0x16f4 ================ Scan VBR ==================================
22:20:53.0632 0x16f4 [ C140740B5CAEC5C55629DA8992358D71 ] \Device\Harddisk0\DR0\Partition1
22:20:53.0635 0x16f4 \Device\Harddisk0\DR0\Partition1 - ok
22:20:53.0653 0x16f4 [ 9E636BC3B0566C77417399F86794F79C ] \Device\Harddisk0\DR0\Partition2
22:20:53.0656 0x16f4 \Device\Harddisk0\DR0\Partition2 - ok
22:20:53.0701 0x16f4 [ E8C175857B525D8E380CE00B9F5E53AD ] \Device\Harddisk0\DR0\Partition3
22:20:53.0728 0x16f4 \Device\Harddisk0\DR0\Partition3 - ok
22:20:53.0728 0x16f4 ================ Scan generic autorun ======================
22:20:53.0731 0x16f4 NvCplDaemon - ok
22:20:53.0860 0x16f4 [ 24066DF5E85F6AF4A2013E70BF73423C, 9B4EFBF3FF194244F0D5C9128CF99EC7BCB1D62BE0975DA0F52816FF00EB0DB9 ] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
22:20:53.0904 0x16f4 cAudioFilterAgent - ok
22:20:54.0040 0x16f4 [ 35BA4E6632BA690EA6421C1E03537D0E, 99D6B4DB12ABE3A7F44AB1B2D626978E85231185AE280D9516986027BC8385CB ] c:\Program Files\Microsoft Security Client\msseces.exe
22:20:54.0116 0x16f4 MSC - ok
22:20:54.0183 0x16f4 [ 25107F58D1B8F60D67D1EE95798C0DE8, C3B5205E8818576EBF33E3B9FD8664A498714B823D9128FC1CA0A64F81499263 ] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
22:20:54.0195 0x16f4 IAStorIcon - ok
22:20:54.0261 0x16f4 [ 9ACFD9D5E12D849B28C78FED6D620EB3, 203D1EECFB44BA7D3936AAA2280B1D88207BA7655AB735C17BF9F3AAF3D8A803 ] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe
22:20:54.0277 0x16f4 UpdateP2GShortCut - ok
22:20:54.0347 0x16f4 [ 696A74A2E7AAD166D0A97499A43AD084, A661156C420B3198A82A6A395B986B28E89645CCFEFF4ED68B95EE5FC447E032 ] C:\PROGRA~2\MAGIX\VIDEO_~1\TrayServer.exe
22:20:54.0352 0x16f4 TrayServer - ok
22:20:54.0419 0x16f4 [ 09E60B4FE341A94A300830C008907099, 5F07868953FAA8FFA9E6477F6BAC52DEEDF3EA4A3F8AF5B4E15878D8240223AB ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
22:20:54.0422 0x16f4 APSDaemon - ok
22:20:54.0463 0x16f4 [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
22:20:54.0482 0x16f4 SwitchBoard - ok
22:20:54.0563 0x16f4 [ 187F4C75A89E3F412322C94526320074, D78FA7EF93C8C7B4326A5B6DB04A92ADD091DF00658FA8731D07C5D3BE29ED04 ] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
22:20:54.0568 0x16f4 BCSSync - ok
22:20:54.0686 0x16f4 [ CDFFB0058BA113ED8C6099DE11FAAD49, D258D1F340734113C1E538C32DF15011009C19A9E88E0F471E3D8387D4EA7AEB ] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
22:20:54.0765 0x16f4 CanonQuickMenu - ok
22:20:54.0833 0x16f4 [ B793DDE01D181ED91F333BF10FE2FC50, F9BA0FD8EC0C0E9D7E5969BC9ED0D0322EDFC8E65B11F642A7118B41F5BF197F ] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
22:20:54.0867 0x16f4 IJNetworkScannerSelectorEX - ok
22:20:55.0039 0x16f4 [ EA0CE8F77F1272A3D97C70BF3CE457F7, 2E9D95CE9103FBD74D3D9671341E1258C41320B6AE1BF996C41D0813BECB84CD ] C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
22:20:55.0152 0x16f4 iSkysoft Helper Compact.exe - ok
22:20:55.0355 0x16f4 [ A1F127095742B85D34D81ED32DB4E0D6, F949C2281A8F2837D61E961A635058DDC1EAC255F4CA27BED1A8DDA58EBA0513 ] C:\ProgramData\iSkysoft\Video Converter Ultimate\DelayPluginI.exe
22:20:56.0085 0x16f4 DelaypluginInstall - ok
22:20:56.0265 0x16f4 [ 271B0D188430670509CB9943D5229205, 74CB5A9D8B5988AE08C0F65C601FC54F8745BAB6825B6FEEFBA8F068D656D8D7 ] C:\Program Files (x86)\QuickTime\QTTask.exe
22:20:56.0513 0x16f4 QuickTime Task - ok
22:20:57.0036 0x16f4 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
22:20:57.0090 0x16f4 Sidebar - ok
22:20:57.0180 0x16f4 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
22:20:57.0186 0x16f4 mctadmin - ok
22:20:57.0241 0x16f4 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
22:20:57.0283 0x16f4 Sidebar - ok
22:20:57.0301 0x16f4 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
22:20:57.0306 0x16f4 mctadmin - ok
22:20:57.0414 0x16f4 [ EC58C1A9A3281CE0C8FCC05BDBFECB37, 3738BBC112346B32F686F1CB4B4AAD89B06AA1F8FB2D333BC2D2F554212A0A59 ] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
22:20:57.0417 0x16f4 iCloudServices - ok
22:20:57.0608 0x16f4 [ 3A9FA910E679385D3F5647B9B8CF5CA2, DE321EB829E461CF91474C942FEDCC6FA0C20D9674067FE21C6F3DF438F61A4B ] C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
22:20:57.0654 0x16f4 OfficeSyncProcess - ok
22:20:57.0681 0x16f4 [ 5D61BE7DB55B026A5D61A3EED09D0EAD, D32CC7B31A6F98C60ABC313ABC7D1143681F72DE2BB2604711A0BA20710CAAAE ] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
22:20:57.0686 0x16f4 swg - ok
22:20:57.0723 0x16f4 [ 105C276BB7B43501225C419B062096D0, F5D35230FC5E116FB04147F216313D2E2542D96E975B19F5FD9F7641CF11271F ] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
22:20:57.0725 0x16f4 ApplePhotoStreams - ok
22:20:57.0768 0x16f4 Skype - ok
22:20:57.0772 0x16f4 Waiting for KSN requests completion. In queue: 115
22:20:58.0772 0x16f4 Waiting for KSN requests completion. In queue: 115
22:20:59.0773 0x16f4 Waiting for KSN requests completion. In queue: 115
22:21:00.0783 0x16f4 AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.8.204.0 ), 0x61000 ( enabled : updated )
22:21:00.0823 0x16f4 Win FW state via NFP2: enabled
22:21:03.0783 0x16f4 ============================================================
22:21:03.0783 0x16f4 Scan finished
22:21:03.0783 0x16f4 ============================================================
22:21:03.0793 0x12ec Detected object count: 0
22:21:03.0793 0x12ec Actual detected object count: 0
22:21:48.0488 0x1a0c ============================================================
22:21:48.0489 0x1a0c Scan started
22:21:48.0489 0x1a0c Mode: Manual; SigCheck; TDLFS;
22:21:48.0489 0x1a0c ============================================================
22:21:48.0489 0x1a0c KSN ping started
22:21:51.0248 0x1a0c KSN ping finished: true
22:21:51.0713 0x1a0c ================ Scan system memory ========================
22:21:51.0713 0x1a0c System memory - ok
22:21:51.0723 0x1a0c ================ Scan services =============================
22:21:51.0883 0x1a0c [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\windows\system32\DRIVERS\1394ohci.sys
22:21:52.0043 0x1a0c 1394ohci - ok
22:21:52.0083 0x1a0c [ E0A8525A951ADDB4655BC2068566407D, 7C08B9DB7C281422FD64219DF81B7064CE16EA53CF00EB1FC33CB0741CE6605F ] 61883 C:\windows\system32\DRIVERS\61883.sys
22:21:52.0183 0x1a0c 61883 - ok
22:21:52.0233 0x1a0c [ A3769020F7E8A70FD3E824C050F33306, BAAB18DD28C753EC90E9552BD5FFC316AD8815505A7998BCE51D21448B373D86 ] acedrv11 C:\windows\system32\drivers\acedrv11.sys
22:21:52.0263 0x1a0c acedrv11 - ok
22:21:52.0323 0x1a0c [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\windows\system32\drivers\ACPI.sys
22:21:52.0363 0x1a0c ACPI - ok
22:21:52.0403 0x1a0c [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
22:21:52.0503 0x1a0c AcpiPmi - ok
22:21:52.0533 0x1a0c [ DC201246A14CB3B274DF59FAF539AB07, D4DAED256E9EDD5ADD7384E9FD9F8DC2B1029543BC894367B582BA7119FABD94 ] ACPIVPC C:\windows\system32\DRIVERS\AcpiVpc.sys
22:21:52.0553 0x1a0c ACPIVPC - ok
22:21:52.0874 0x1a0c [ 00CC35F515079F5F94FABC3AC5C7D363, 7CE8B1715009602059DEDD6CBCA9C18EF079EDA344E7809813D6C0A395622B82 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:21:52.0904 0x1a0c AdobeFlashPlayerUpdateSvc - ok
22:21:52.0964 0x1a0c [ 2F6B34B83843F0C5118B63AC634F5BF4,
Geändert von Trinitat (11.06.2015 um 21:26 Uhr) |
|
11.06.2015, 21:33
| #5 |
| | Windows 7 wie kann ich den DHL Trojaner vollständig entfernenCode:
ATTFilter 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
22:21:53.0014 0x1a0c adp94xx - ok
22:21:53.0054 0x1a0c [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
22:21:53.0094 0x1a0c adpahci - ok
22:21:53.0174 0x1a0c [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
22:21:53.0204 0x1a0c adpu320 - ok
22:21:53.0264 0x1a0c [ 83BFCCAC53795E8A5055A93672D0C46C, B2B03473D950A5BA9DE59D81E7B14C1FAFF17B2A4D8A5808588F5CC21D63B291 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
22:21:53.0344 0x1a0c AeLookupSvc - ok
22:21:53.0434 0x1a0c [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\windows\system32\drivers\afd.sys
22:21:53.0544 0x1a0c AFD - ok
22:21:53.0574 0x1a0c [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\windows\system32\drivers\agp440.sys
22:21:53.0594 0x1a0c agp440 - ok
22:21:53.0624 0x1a0c [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\windows\System32\alg.exe
22:21:53.0724 0x1a0c ALG - ok
22:21:53.0784 0x1a0c [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\windows\system32\drivers\aliide.sys
22:21:53.0804 0x1a0c aliide - ok
22:21:53.0904 0x1a0c [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\windows\system32\drivers\amdide.sys
22:21:53.0924 0x1a0c amdide - ok
22:21:53.0994 0x1a0c [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
22:21:54.0064 0x1a0c AmdK8 - ok
22:21:54.0074 0x1a0c [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
22:21:54.0114 0x1a0c AmdPPM - ok
22:21:54.0154 0x1a0c [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\windows\system32\drivers\amdsata.sys
22:21:54.0174 0x1a0c amdsata - ok
22:21:54.0284 0x1a0c [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
22:21:54.0314 0x1a0c amdsbs - ok
22:21:54.0344 0x1a0c [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\windows\system32\drivers\amdxata.sys
22:21:54.0374 0x1a0c amdxata - ok
22:21:54.0444 0x1a0c [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID C:\windows\system32\drivers\appid.sys
22:21:54.0494 0x1a0c AppID - ok
22:21:54.0524 0x1a0c [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc C:\windows\System32\appidsvc.dll
22:21:54.0574 0x1a0c AppIDSvc - ok
22:21:54.0634 0x1a0c [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\windows\System32\appinfo.dll
22:21:54.0724 0x1a0c Appinfo - ok
22:21:54.0854 0x1a0c [ 650D03E40F93FAE323CB841F80368E5C, F67B97CFDCE2EE9294977725268EFDB0DD724BD16E7ED5BFCA45375AA8EBA5BB ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:21:54.0874 0x1a0c Apple Mobile Device - ok
22:21:54.0904 0x1a0c [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\windows\system32\DRIVERS\arc.sys
22:21:54.0934 0x1a0c arc - ok
22:21:54.0954 0x1a0c [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
22:21:54.0974 0x1a0c arcsas - ok
22:21:55.0104 0x1a0c [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:21:55.0134 0x1a0c aspnet_state - ok
22:21:55.0154 0x1a0c [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
22:21:55.0354 0x1a0c AsyncMac - ok
22:21:55.0374 0x1a0c [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\windows\system32\drivers\atapi.sys
22:21:55.0394 0x1a0c atapi - ok
22:21:55.0504 0x1a0c [ D6CAD7E5B05055BB8226BDCB1644DA27, 053DBE95BE044C2674825561619A188660865AFCC4FD3C1D1E4F08972F5CC8DF ] athr C:\windows\system32\DRIVERS\athrx.sys
22:21:55.0654 0x1a0c athr - ok
22:21:55.0714 0x1a0c [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
22:21:55.0794 0x1a0c AudioEndpointBuilder - ok
22:21:55.0854 0x1a0c [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv C:\windows\System32\Audiosrv.dll
22:21:55.0914 0x1a0c AudioSrv - ok
22:21:55.0944 0x1a0c [ 16FABE84916623D0607E4A975544032C, 9D960CAE27B1769ED5B024C0A3375912432521C73C1F59E21111596A7981BDC3 ] Avc C:\windows\system32\DRIVERS\avc.sys
22:21:55.0994 0x1a0c Avc - ok
22:21:56.0034 0x1a0c [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\windows\System32\AxInstSV.dll
22:21:56.0144 0x1a0c AxInstSV - ok
22:21:56.0204 0x1a0c [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
22:21:56.0294 0x1a0c b06bdrv - ok
22:21:56.0324 0x1a0c [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
22:21:56.0374 0x1a0c b57nd60a - ok
22:21:56.0424 0x1a0c [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\windows\System32\bdesvc.dll
22:21:56.0484 0x1a0c BDESVC - ok
22:21:56.0544 0x1a0c [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\windows\system32\drivers\Beep.sys
22:21:56.0644 0x1a0c Beep - ok
22:21:56.0714 0x1a0c [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\windows\System32\bfe.dll
22:21:56.0804 0x1a0c BFE - ok
22:21:56.0864 0x1a0c [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\windows\System32\qmgr.dll
22:21:57.0134 0x1a0c BITS - ok
22:21:57.0154 0x1a0c [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
22:21:57.0184 0x1a0c blbdrive - ok
22:21:57.0314 0x1a0c [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:21:57.0354 0x1a0c Bonjour Service - ok
22:21:57.0424 0x1a0c [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\windows\system32\DRIVERS\bowser.sys
22:21:57.0494 0x1a0c bowser - ok
22:21:57.0524 0x1a0c [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
22:21:57.0584 0x1a0c BrFiltLo - ok
22:21:57.0614 0x1a0c [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
22:21:57.0654 0x1a0c BrFiltUp - ok
22:21:57.0704 0x1a0c [ 34F786535F9245E4028C57B28248C9D8, 95CB2B765BF4388A9204A8A974DCFF431CBC26E7274937386720514FF23871CB ] Bridge0 C:\windows\system32\drivers\WDBridge.sys
22:21:57.0724 0x1a0c Bridge0 - ok
22:21:57.0804 0x1a0c [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\windows\System32\browser.dll
22:21:57.0884 0x1a0c Browser - ok
22:21:57.0914 0x1a0c [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\windows\system32\DRIVERS\BrSerId.sys
22:21:58.0014 0x1a0c Brserid - ok
22:21:58.0034 0x1a0c [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
22:21:58.0084 0x1a0c BrSerWdm - ok
22:21:58.0114 0x1a0c [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
22:21:58.0164 0x1a0c BrUsbMdm - ok
22:21:58.0174 0x1a0c [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\windows\system32\DRIVERS\BrUsbSer.sys
22:21:58.0214 0x1a0c BrUsbSer - ok
22:21:58.0264 0x1a0c [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
22:21:58.0324 0x1a0c BthEnum - ok
22:21:58.0384 0x1a0c [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
22:21:58.0434 0x1a0c BTHMODEM - ok
22:21:58.0464 0x1a0c [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
22:21:58.0514 0x1a0c BthPan - ok
22:21:58.0594 0x1a0c [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
22:21:58.0654 0x1a0c BTHPORT - ok
22:21:58.0724 0x1a0c [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\windows\system32\bthserv.dll
22:21:58.0815 0x1a0c bthserv - ok
22:21:58.0905 0x1a0c [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
22:21:58.0955 0x1a0c BTHUSB - ok
22:21:59.0025 0x1a0c [ 6E04458E98DAF28826482E41A7A62DF5, 995B371E7384CC05D3A0B462B31A3EA56D8715A93D15B45DB3A78C7F7CF13A40 ] btusbflt C:\windows\system32\drivers\btusbflt.sys
22:21:59.0045 0x1a0c btusbflt - ok
22:21:59.0125 0x1a0c [ 6BCFDC2B5B7F66D484486D4BD4B39A6B, 2A2039DD524E989EA91B7C91D5F295C663D1E27ABD64777D2F3137EB1C42C258 ] btwaudio C:\windows\system32\drivers\btwaudio.sys
22:21:59.0145 0x1a0c btwaudio - ok
22:21:59.0185 0x1a0c [ 82DC8B7C626E526681C1BEBED2BC3FF9, 58260E88CDD7388ABA563F9B8F2F3FA17022DB9E4C56EBA0761E99B919A8EAF8 ] btwavdt C:\windows\system32\drivers\btwavdt.sys
22:21:59.0205 0x1a0c btwavdt - ok
22:21:59.0725 0x1a0c [ C73EB036BFC5A27B9CB87B29F7ED88C3, ED303B500F24C7F647400F5377B20CB92567B1771F0947B500C61907292495F7 ] btwdins C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
22:21:59.0785 0x1a0c btwdins - ok
22:21:59.0815 0x1a0c [ 6149301DC3F81D6F9667A3FBAC410975, 120E201AFB07054C7F6321461D194843C695012431DBD791E36BBF73FDD41E8A ] btwl2cap C:\windows\system32\DRIVERS\btwl2cap.sys
22:21:59.0835 0x1a0c btwl2cap - ok
22:21:59.0845 0x1a0c [ 28E105AD3B79F440BF94780F507BF66A, EF4E6CCAB16765E2C88666625C13CB3299B668159A94CB201E3B44701A30640A ] btwrchid C:\windows\system32\DRIVERS\btwrchid.sys
22:21:59.0865 0x1a0c btwrchid - ok
22:21:59.0885 0x1a0c [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
22:21:59.0975 0x1a0c cdfs - ok
22:22:00.0005 0x1a0c [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\windows\system32\drivers\cdrom.sys
22:22:00.0045 0x1a0c cdrom - ok
22:22:00.0095 0x1a0c [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\windows\System32\certprop.dll
22:22:00.0195 0x1a0c CertPropSvc - ok
22:22:00.0215 0x1a0c [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\windows\system32\DRIVERS\circlass.sys
22:22:00.0265 0x1a0c circlass - ok
22:22:00.0315 0x1a0c [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS C:\windows\system32\CLFS.sys
22:22:00.0355 0x1a0c CLFS - ok
22:22:00.0445 0x1a0c [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:22:00.0465 0x1a0c clr_optimization_v2.0.50727_32 - ok
22:22:00.0545 0x1a0c [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:22:00.0565 0x1a0c clr_optimization_v2.0.50727_64 - ok
22:22:00.0895 0x1a0c [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:22:00.0925 0x1a0c clr_optimization_v4.0.30319_32 - ok
22:22:00.0985 0x1a0c [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:22:01.0015 0x1a0c clr_optimization_v4.0.30319_64 - ok
22:22:01.0055 0x1a0c [ 50F92C943F18B070F166D019DFAB3D9A, A997EAFFC1598B1D0A9E1A4475F25418CA8AA6B703B53A71B1AF028E247C9950 ] clwvd C:\windows\system32\DRIVERS\clwvd.sys
22:22:01.0065 0x1a0c clwvd - ok
22:22:01.0115 0x1a0c [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
22:22:01.0155 0x1a0c CmBatt - ok
22:22:01.0205 0x1a0c [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\windows\system32\drivers\cmdide.sys
22:22:01.0225 0x1a0c cmdide - ok
22:22:01.0305 0x1a0c [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG C:\windows\system32\Drivers\cng.sys
22:22:01.0375 0x1a0c CNG - ok
22:22:01.0445 0x1a0c [ 7247A4D0875F5F28919E0787E11B7B57, 9F79077619E626A8DAE74D9EF819BF1D061455CBCAD23C491EC595A2F6C21DED ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys
22:22:01.0495 0x1a0c CnxtHdAudService - ok
22:22:01.0575 0x1a0c [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
22:22:01.0595 0x1a0c Compbatt - ok
22:22:01.0655 0x1a0c [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
22:22:01.0695 0x1a0c CompositeBus - ok
22:22:01.0705 0x1a0c COMSysApp - ok
22:22:01.0745 0x1a0c [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
22:22:01.0766 0x1a0c crcdisk - ok
22:22:01.0846 0x1a0c [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc C:\windows\system32\cryptsvc.dll
22:22:01.0926 0x1a0c CryptSvc - ok
22:22:02.0166 0x1a0c [ BD989CFC6E296373A7EA59514E17A199, 2259B966B8780B08EF6B8E27039C8125D5A751E3C01AB92F20E77F5467B40DEC ] DBService C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe
22:22:02.0386 0x1a0c DBService - detected UnsignedFile.Multi.Generic ( 1 )
22:22:02.0386 0x1a0c Detect skipped due to KSN trusted
22:22:02.0386 0x1a0c DBService - ok
22:22:02.0446 0x1a0c [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\windows\system32\rpcss.dll
22:22:02.0566 0x1a0c DcomLaunch - ok
22:22:02.0616 0x1a0c [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\windows\System32\defragsvc.dll
22:22:02.0726 0x1a0c defragsvc - ok
22:22:02.0756 0x1a0c [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\windows\system32\Drivers\dfsc.sys
22:22:02.0846 0x1a0c DfsC - ok
22:22:02.0956 0x1a0c [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\windows\system32\dhcpcore.dll
22:22:03.0036 0x1a0c Dhcp - ok
22:22:03.0556 0x1a0c [ AA5319FA8602676B5D3A2B4A1355896D, 57532E16FF0DDE3D62B6B6DC35E2598DD453140E9277247965A1E835645E588A ] DiagTrack C:\windows\system32\diagtrack.dll
22:22:03.0696 0x1a0c DiagTrack - ok
22:22:03.0726 0x1a0c [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\windows\system32\drivers\discache.sys
22:22:03.0816 0x1a0c discache - ok
22:22:03.0846 0x1a0c [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\windows\system32\DRIVERS\disk.sys
22:22:03.0866 0x1a0c Disk - ok
22:22:03.0916 0x1a0c [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\windows\System32\dnsrslvr.dll
22:22:03.0976 0x1a0c Dnscache - ok
22:22:04.0026 0x1a0c [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\windows\System32\dot3svc.dll
22:22:04.0136 0x1a0c dot3svc - ok
22:22:04.0186 0x1a0c [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\windows\system32\dps.dll
22:22:04.0286 0x1a0c DPS - ok
22:22:04.0336 0x1a0c [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
22:22:04.0366 0x1a0c drmkaud - ok
22:22:04.0496 0x1a0c [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
22:22:04.0576 0x1a0c DXGKrnl - ok
22:22:04.0616 0x1a0c [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\windows\System32\eapsvc.dll
22:22:04.0716 0x1a0c EapHost - ok
22:22:04.0996 0x1a0c [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
22:22:05.0186 0x1a0c ebdrv - ok
22:22:05.0236 0x1a0c [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] EFS C:\windows\System32\lsass.exe
22:22:05.0306 0x1a0c EFS - ok
22:22:05.0456 0x1a0c [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\windows\ehome\ehRecvr.exe
22:22:05.0566 0x1a0c ehRecvr - ok
22:22:05.0596 0x1a0c [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\windows\ehome\ehsched.exe
22:22:05.0666 0x1a0c ehSched - ok
22:22:05.0786 0x1a0c [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
22:22:05.0826 0x1a0c elxstor - ok
22:22:05.0876 0x1a0c [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\windows\system32\drivers\errdev.sys
22:22:05.0916 0x1a0c ErrDev - ok
22:22:05.0966 0x1a0c [ FB558CEBEA17A6B63205985DFF39E662, D62375B81E76A48B4BCF747384B650D17773CF03C4FA2EF7D5FA88A763C655C0 ] ETD C:\windows\system32\DRIVERS\ETD.sys
22:22:06.0006 0x1a0c ETD - ok
22:22:06.0146 0x1a0c [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\windows\system32\es.dll
22:22:06.0256 0x1a0c EventSystem - ok
22:22:06.0286 0x1a0c [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\windows\system32\drivers\exfat.sys
22:22:06.0366 0x1a0c exfat - ok
22:22:06.0446 0x1a0c [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\windows\system32\drivers\fastfat.sys
22:22:06.0546 0x1a0c fastfat - ok
22:22:06.0626 0x1a0c [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\windows\system32\fxssvc.exe
22:22:06.0726 0x1a0c Fax - ok
22:22:06.0776 0x1a0c [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\windows\system32\DRIVERS\fdc.sys
22:22:06.0806 0x1a0c fdc - ok
22:22:06.0856 0x1a0c [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\windows\system32\fdPHost.dll
22:22:06.0966 0x1a0c fdPHost - ok
22:22:06.0996 0x1a0c [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\windows\system32\fdrespub.dll
22:22:07.0066 0x1a0c FDResPub - ok
22:22:07.0126 0x1a0c [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\windows\system32\drivers\fileinfo.sys
22:22:07.0146 0x1a0c FileInfo - ok
22:22:07.0166 0x1a0c [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\windows\system32\drivers\filetrace.sys
22:22:07.0256 0x1a0c Filetrace - ok
22:22:07.0736 0x1a0c [ 167D24A045499EBEF438F231976158DF, 237F1495BA79D9082D6B383FE9AC5C6154A6F76F181000401F5790236EB57301 ] FirebirdServerMAGIXInstance C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe
22:22:07.0866 0x1a0c FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic ( 1 )
22:22:07.0866 0x1a0c Detect skipped due to KSN trusted
22:22:07.0866 0x1a0c FirebirdServerMAGIXInstance - ok
22:22:07.0906 0x1a0c [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
22:22:07.0946 0x1a0c flpydisk - ok
22:22:08.0026 0x1a0c [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
22:22:08.0056 0x1a0c FltMgr - ok
22:22:08.0156 0x1a0c [ E612E86FA15EA1EF9A52433A2743C447, 8A66164541D2EE2334B6DE3995C31138EA85E3A06BC7FD901E60D345E4E1E8A8 ] FontCache C:\windows\system32\FntCache.dll
22:22:08.0286 0x1a0c FontCache - ok
22:22:08.0416 0x1a0c [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:22:08.0436 0x1a0c FontCache3.0.0.0 - ok
22:22:08.0486 0x1a0c [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\windows\system32\drivers\FsDepends.sys
22:22:08.0506 0x1a0c FsDepends - ok
22:22:08.0566 0x1a0c [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
22:22:08.0586 0x1a0c Fs_Rec - ok
22:22:08.0636 0x1a0c [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
22:22:08.0676 0x1a0c fvevol - ok
22:22:08.0706 0x1a0c [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
22:22:08.0736 0x1a0c gagp30kx - ok
22:22:08.0806 0x1a0c [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
22:22:08.0826 0x1a0c GEARAspiWDM - ok
22:22:08.0906 0x1a0c [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\windows\System32\gpsvc.dll
22:22:09.0036 0x1a0c gpsvc - ok
22:22:09.0146 0x1a0c [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:22:09.0166 0x1a0c gupdate - ok
22:22:09.0176 0x1a0c [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:22:09.0196 0x1a0c gupdatem - ok
22:22:09.0306 0x1a0c [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
22:22:09.0326 0x1a0c gusvc - ok
22:22:09.0376 0x1a0c [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
22:22:09.0446 0x1a0c hcw85cir - ok
22:22:09.0486 0x1a0c [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
22:22:09.0556 0x1a0c HdAudAddService - ok
22:22:09.0626 0x1a0c [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
22:22:09.0656 0x1a0c HDAudBus - ok
22:22:09.0676 0x1a0c [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64 C:\windows\system32\DRIVERS\HECIx64.sys
22:22:09.0696 0x1a0c HECIx64 - ok
22:22:09.0756 0x1a0c [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
22:22:09.0796 0x1a0c HidBatt - ok
22:22:09.0826 0x1a0c [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
22:22:09.0866 0x1a0c HidBth - ok
22:22:09.0906 0x1a0c [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\windows\system32\DRIVERS\hidir.sys
22:22:09.0956 0x1a0c HidIr - ok
22:22:09.0986 0x1a0c [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\windows\system32\hidserv.dll
22:22:10.0086 0x1a0c hidserv - ok
22:22:10.0136 0x1a0c [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
22:22:10.0176 0x1a0c HidUsb - ok
22:22:10.0206 0x1a0c [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\windows\system32\kmsvc.dll
22:22:10.0296 0x1a0c hkmsvc - ok
22:22:10.0356 0x1a0c [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\windows\system32\ListSvc.dll
22:22:10.0436 0x1a0c HomeGroupListener - ok
22:22:10.0476 0x1a0c [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\windows\system32\provsvc.dll
22:22:10.0526 0x1a0c HomeGroupProvider - ok
22:22:10.0606 0x1a0c [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
22:22:10.0636 0x1a0c HpSAMD - ok
22:22:10.0736 0x1a0c [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP C:\windows\system32\drivers\HTTP.sys
22:22:10.0866 0x1a0c HTTP - ok
22:22:10.0956 0x1a0c [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
22:22:10.0986 0x1a0c hwpolicy - ok
22:22:11.0086 0x1a0c [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\windows\system32\drivers\i8042prt.sys
22:22:11.0116 0x1a0c i8042prt - ok
22:22:11.0206 0x1a0c [ ABBF174CB394F5C437410A788B7E404A, 95554F675329E7062F0936E4E902FEFF2456CAD95D6C9B60DCC213EF6E4C62D8 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
22:22:11.0246 0x1a0c iaStor - ok
22:22:11.0356 0x1a0c [ 31A0E93CDF29007D6C6FFFB632F375ED, CA464928E9868B9A09C324DBBC8DA41A01C5C486B43578FC695250D523DE555B ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
22:22:11.0376 0x1a0c IAStorDataMgrSvc - ok
22:22:11.0476 0x1a0c [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
22:22:11.0516 0x1a0c iaStorV - ok
22:22:11.0867 0x1a0c [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:22:11.0927 0x1a0c idsvc - ok
22:22:11.0937 0x1a0c IEEtwCollectorService - ok
22:22:11.0987 0x1a0c IePluginService - ok
22:22:12.0577 0x1a0c [ A87261EF1546325B559374F5689CF5BC, 8DE48A8A13A32AAAC54CDDF58F3F61BE3E2802C1D9CA1CA98E57EB0D65FB6002 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
22:22:12.0907 0x1a0c igfx - ok
22:22:13.0017 0x1a0c [ D951D20153E51928F9DB2227D6FF5C7A, 8D49F3D85452C65D5188C9516E89631E718A07E34176CF6FA0B1E02D8C18ABDB ] IGRS C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe
22:22:13.0027 0x1a0c IGRS - ok
22:22:13.0047 0x1a0c [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
22:22:13.0067 0x1a0c iirsp - ok
22:22:13.0187 0x1a0c [ EDCCC8C13B1EB882F77BA0ABB84566E7, DB299C1D2CFC197CF2FE69358F5EEDE94DCC4C919AF5D2CDFFF0DE476612C988 ] IJPLMSVC C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
22:22:13.0217 0x1a0c IJPLMSVC - ok
22:22:13.0357 0x1a0c [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\windows\System32\ikeext.dll
22:22:13.0437 0x1a0c IKEEXT - ok
22:22:13.0487 0x1a0c [ DD587A55390ED2295BCE6D36AD567DA9, AEB7DCB8EF89BEE8D9649A05FC482B1E4E3F44243D57A2577C862EB69166C48E ] Impcd C:\windows\system32\DRIVERS\Impcd.sys
22:22:13.0557 0x1a0c Impcd - ok
22:22:13.0617 0x1a0c [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\windows\system32\drivers\intelide.sys
22:22:13.0637 0x1a0c intelide - ok
22:22:13.0687 0x1a0c [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
22:22:13.0737 0x1a0c intelppm - ok
22:22:13.0787 0x1a0c [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\windows\system32\ipbusenum.dll
22:22:13.0877 0x1a0c IPBusEnum - ok
22:22:13.0907 0x1a0c [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
22:22:14.0007 0x1a0c IpFilterDriver - ok
22:22:14.0057 0x1a0c [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\windows\System32\iphlpsvc.dll
22:22:14.0167 0x1a0c iphlpsvc - ok
22:22:14.0227 0x1a0c [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
22:22:14.0267 0x1a0c IPMIDRV - ok
22:22:14.0327 0x1a0c [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\windows\system32\drivers\ipnat.sys
22:22:14.0437 0x1a0c IPNAT - ok
22:22:14.0507 0x1a0c [ 7FAE5B6CDB18B0B2E81F32869F595022, D873A7EE94749E1700E8F6B8BB7B485AE1B0B83388D63BE06335720498D4794F ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
22:22:14.0547 0x1a0c iPod Service - ok
22:22:14.0597 0x1a0c [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\windows\system32\drivers\irenum.sys
22:22:14.0697 0x1a0c IRENUM - ok
22:22:14.0767 0x1a0c [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\windows\system32\drivers\isapnp.sys
22:22:14.0787 0x1a0c isapnp - ok
22:22:14.0848 0x1a0c [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
22:22:14.0888 0x1a0c iScsiPrt - ok
22:22:14.0948 0x1a0c [ 7DBAFE10C1B777305C80BEA42FBDA710, 768638FAD1FF94F2C15E2F1558F9A03730195B041CCBBC82241EC1F92CD7D46F ] k57nd60a C:\windows\system32\DRIVERS\k57nd60a.sys
22:22:14.0988 0x1a0c k57nd60a - ok
22:22:15.0038 0x1a0c [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\windows\system32\drivers\kbdclass.sys
22:22:15.0058 0x1a0c kbdclass - ok
22:22:15.0108 0x1a0c [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
22:22:15.0128 0x1a0c kbdhid - ok
22:22:15.0158 0x1a0c [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] KeyIso C:\windows\system32\lsass.exe
22:22:15.0178 0x1a0c KeyIso - ok
22:22:15.0228 0x1a0c [ BF69D973523D539A35807946C6DA7E16, 38F2C59B0857131961DBEA48C4A5DFA9BE7B564941935086B8DC8DBEF896F3EC ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
22:22:15.0248 0x1a0c KSecDD - ok
22:22:15.0318 0x1a0c [ 272C27711C8AA6E7815EE33F8ACA9C66, 0A5A10A7A3E87DB92E06395A6676B94FE8B7AD6704864075D443CDC9BABDB4DF ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
22:22:15.0338 0x1a0c KSecPkg - ok
22:22:15.0378 0x1a0c [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\windows\system32\drivers\ksthunk.sys
22:22:15.0468 0x1a0c ksthunk - ok
22:22:15.0608 0x1a0c [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\windows\system32\msdtckrm.dll
22:22:15.0718 0x1a0c KtmRm - ok
22:22:15.0848 0x1a0c [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\windows\system32\srvsvc.dll
22:22:15.0948 0x1a0c LanmanServer - ok
22:22:15.0998 0x1a0c [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
22:22:16.0078 0x1a0c LanmanWorkstation - ok
22:22:16.0318 0x1a0c [ 7FCB3EC66361F157BCD5B5C33CE2AC16, F4A96124AE0B4BEB1B7A8F7865B9FE474DD87B9C409681A2DDFAA3AADE562B13 ] Lenovo ReadyComm AppSvc C:\Program Files\Lenovo\ReadyComm\AppSvc.exe
22:22:16.0358 0x1a0c Lenovo ReadyComm AppSvc - ok
22:22:16.0408 0x1a0c [ 5287074E79E4BA82510886F684DC5F72, 76C884617FBDEBEE61B33997CA93C2A2B9B902692B84E2D897E56C54833CFD1E ] Lenovo ReadyComm ConnSvc C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe
22:22:16.0448 0x1a0c Lenovo ReadyComm ConnSvc - ok
22:22:16.0488 0x1a0c [ BE166935083F9C38EDFDC21B9A7A679B, 89C64DBE58E1B974208AAAA5CC757C599B1439C205C3C48BF16BA054A06DBC94 ] LHDmgr C:\windows\system32\DRIVERS\LhdX64.sys
22:22:16.0508 0x1a0c LHDmgr - ok
22:22:16.0568 0x1a0c [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
22:22:16.0658 0x1a0c lltdio - ok
22:22:16.0778 0x1a0c [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\windows\System32\lltdsvc.dll
22:22:16.0898 0x1a0c lltdsvc - ok
22:22:16.0938 0x1a0c [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\windows\System32\lmhsvc.dll
22:22:17.0048 0x1a0c lmhosts - ok
22:22:17.0358 0x1a0c [ 1E2F802846EB944E0333EFEE7C9532A8, 86EB59BF238E3DB8AF9E379B0BAE5AEC734C15598E665062B2E19C0A58BEF783 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
22:22:17.0388 0x1a0c LMS - ok
22:22:17.0508 0x1a0c [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
22:22:17.0538 0x1a0c LSI_FC - ok
22:22:17.0568 0x1a0c [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
22:22:17.0598 0x1a0c LSI_SAS - ok
22:22:17.0668 0x1a0c [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
22:22:17.0688 0x1a0c LSI_SAS2 - ok
22:22:17.0718 0x1a0c [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
22:22:17.0738 0x1a0c LSI_SCSI - ok
22:22:17.0808 0x1a0c [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\windows\system32\drivers\luafv.sys
22:22:17.0908 0x1a0c luafv - ok
22:22:17.0958 0x1a0c [ 0307CF4184F4F22DB75F36ACCCEF7ED1, 32EAC5DADDD70175EA7AD4FC0A8624BECB138B9ED9E66AF74AC4A06EEB3EB4B7 ] mbamchameleon C:\windows\system32\drivers\mbamchameleon.sys
22:22:17.0978 0x1a0c mbamchameleon - ok
22:22:18.0028 0x1a0c [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
22:22:18.0048 0x1a0c Mcx2Svc - ok
22:22:18.0088 0x1a0c [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\windows\system32\DRIVERS\megasas.sys
22:22:18.0108 0x1a0c megasas - ok
22:22:18.0218 0x1a0c [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
22:22:18.0248 0x1a0c MegaSR - ok
22:22:18.0358 0x1a0c Microsoft SharePoint Workspace Audit Service - ok
22:22:18.0418 0x1a0c [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\windows\system32\mmcss.dll
22:22:18.0508 0x1a0c MMCSS - ok
22:22:18.0558 0x1a0c [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\windows\system32\drivers\modem.sys
22:22:18.0628 0x1a0c Modem - ok
22:22:18.0698 0x1a0c [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\windows\system32\DRIVERS\monitor.sys
22:22:18.0728 0x1a0c monitor - ok
22:22:18.0808 0x1a0c [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
22:22:18.0828 0x1a0c mouclass - ok
22:22:18.0909 0x1a0c [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
22:22:18.0969 0x1a0c mouhid - ok
22:22:19.0089 0x1a0c [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr C:\windows\system32\drivers\mountmgr.sys
22:22:19.0109 0x1a0c mountmgr - ok
22:22:19.0379 0x1a0c [ DD370A8148862150BA81A3F5C56A1E40, F56B84297BDC32266CB69D10FB2D66B8B332D60CAB7E64E4E3AC2BB749BBD31B ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:22:19.0399 0x1a0c MozillaMaintenance - ok
22:22:19.0609 0x1a0c [ 73150F67D20270FF95A021A22E64F28A, A8878DEFBE437FB453F8E9243FB5C787D07AC7415A4475388D479C10417C524F ] MpFilter C:\windows\system32\DRIVERS\MpFilter.sys
22:22:19.0649 0x1a0c MpFilter - ok
22:22:19.0849 0x1a0c [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\windows\system32\drivers\mpio.sys
22:22:19.0879 0x1a0c mpio - ok
22:22:19.0959 0x1a0c [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
22:22:20.0039 0x1a0c mpsdrv - ok
22:22:20.0429 0x1a0c [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\windows\system32\mpssvc.dll
22:22:20.0559 0x1a0c MpsSvc - ok
22:22:20.0609 0x1a0c [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
22:22:20.0689 0x1a0c MRxDAV - ok
22:22:20.0729 0x1a0c [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
22:22:20.0789 0x1a0c mrxsmb - ok
22:22:20.0829 0x1a0c [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
22:22:20.0879 0x1a0c mrxsmb10 - ok
22:22:20.0909 0x1a0c [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
22:22:20.0959 0x1a0c mrxsmb20 - ok
22:22:20.0989 0x1a0c [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\windows\system32\drivers\msahci.sys
22:22:21.0009 0x1a0c msahci - ok
22:22:21.0039 0x1a0c [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\windows\system32\drivers\msdsm.sys
22:22:21.0069 0x1a0c msdsm - ok
22:22:21.0149 0x1a0c [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\windows\System32\msdtc.exe
22:22:21.0199 0x1a0c MSDTC - ok
22:22:21.0279 0x1a0c [ 72949A24D37A20A54B3D4D3DADBB55E9, 580B59EF2DFA4F6EE27BA37904F0705CBCD74F9B07D2D795093C045F94AE6DB5 ] MSDV C:\windows\system32\DRIVERS\msdv.sys
22:22:21.0339 0x1a0c MSDV - ok
22:22:21.0389 0x1a0c [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\windows\system32\drivers\Msfs.sys
22:22:21.0489 0x1a0c Msfs - ok
22:22:21.0499 0x1a0c MsgPlusDriver - ok
22:22:21.0549 0x1a0c [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
22:22:21.0619 0x1a0c mshidkmdf - ok
22:22:21.0669 0x1a0c [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\windows\system32\drivers\msisadrv.sys
22:22:21.0689 0x1a0c msisadrv - ok
22:22:21.0789 0x1a0c [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\windows\system32\iscsiexe.dll
22:22:21.0889 0x1a0c MSiSCSI - ok
22:22:21.0899 0x1a0c msiserver - ok
22:22:21.0989 0x1a0c [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
22:22:22.0099 0x1a0c MSKSSRV - ok
22:22:22.0179 0x1a0c [ CE996C1821021ADF8E28E80A54E846A8, 99042E895B6C2EA80F3BA65563A12C8EBA882E3AD6A21DD8E799B0112C75DDD2 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
22:22:22.0209 0x1a0c MsMpSvc - ok
22:22:22.0269 0x1a0c [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
22:22:22.0359 0x1a0c MSPCLOCK - ok
22:22:22.0429 0x1a0c [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\windows\system32\drivers\MSPQM.sys
22:22:22.0519 0x1a0c MSPQM - ok
22:22:22.0569 0x1a0c [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
22:22:22.0599 0x1a0c MsRPC - ok
22:22:22.0669 0x1a0c [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
22:22:22.0689 0x1a0c mssmbios - ok
22:22:22.0739 0x1a0c [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\windows\system32\drivers\MSTEE.sys
22:22:22.0819 0x1a0c MSTEE - ok
22:22:22.0849 0x1a0c [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
22:22:22.0889 0x1a0c MTConfig - ok
22:22:22.0939 0x1a0c [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\windows\system32\Drivers\mup.sys
22:22:22.0959 0x1a0c Mup - ok
22:22:23.0009 0x1a0c [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\windows\system32\qagentRT.dll
22:22:23.0109 0x1a0c napagent - ok
22:22:23.0159 0x1a0c [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
22:22:23.0229 0x1a0c NativeWifiP - ok
22:22:23.0309 0x1a0c [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\windows\system32\drivers\ndis.sys
22:22:23.0369 0x1a0c NDIS - ok
22:22:23.0439 0x1a0c [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
22:22:23.0539 0x1a0c NdisCap - ok
22:22:23.0569 0x1a0c [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
22:22:23.0669 0x1a0c NdisTapi - ok
22:22:23.0699 0x1a0c [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
22:22:23.0789 0x1a0c Ndisuio - ok
22:22:23.0829 0x1a0c [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
22:22:23.0929 0x1a0c NdisWan - ok
22:22:23.0949 0x1a0c [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
22:22:24.0049 0x1a0c NDProxy - ok
22:22:24.0069 0x1a0c [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
22:22:24.0179 0x1a0c NetBIOS - ok
22:22:24.0249 0x1a0c [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
22:22:24.0369 0x1a0c NetBT - ok
22:22:24.0399 0x1a0c [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] Netlogon C:\windows\system32\lsass.exe
22:22:24.0419 0x1a0c Netlogon - ok
22:22:24.0479 0x1a0c [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\windows\System32\netman.dll
22:22:24.0579 0x1a0c Netman - ok
22:22:24.0639 0x1a0c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:22:24.0659 0x1a0c NetMsmqActivator - ok
22:22:24.0689 0x1a0c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:22:24.0719 0x1a0c NetPipeActivator - ok
22:22:24.0779 0x1a0c [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\windows\System32\netprofm.dll
22:22:24.0869 0x1a0c netprofm - ok
22:22:24.0890 0x1a0c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:22:24.0920 0x1a0c NetTcpActivator - ok
22:22:24.0930 0x1a0c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:22:24.0960 0x1a0c NetTcpPortSharing - ok
22:22:25.0240 0x1a0c [ 64428DFDAF6E88366CB51F45A79C5F69, 31187D38C1AB52120A3CB7AC3CE47ED9682AC37B0F06B9A9610C0065DD4E7B13 ] netw5v64 C:\windows\system32\DRIVERS\netw5v64.sys
22:22:25.0610 0x1a0c netw5v64 - ok
22:22:25.0650 0x1a0c [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
22:22:25.0670 0x1a0c nfrd960 - ok
22:22:25.0710 0x1a0c [ 4774AD83C650001B337B92E5E5DA337B, 138ECC7F556D8A12AE58B78B68F6515BE4C00F9F062596B48B6CA6C010F13035 ] NisDrv C:\windows\system32\DRIVERS\NisDrvWFP.sys
22:22:25.0740 0x1a0c NisDrv - ok
22:22:25.0780 0x1a0c [ 96B7D15161A778B359E707796CCEA646, 9E4A25D9848FAECC517474EAD548E7975CBE3F41AAA964E5245E78F2A723925E ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
22:22:25.0820 0x1a0c NisSrv - ok
22:22:25.0870 0x1a0c [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\windows\System32\nlasvc.dll
22:22:25.0940 0x1a0c NlaSvc - ok
22:22:25.0960 0x1a0c [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\windows\system32\drivers\Npfs.sys
22:22:26.0060 0x1a0c Npfs - ok
22:22:26.0100 0x1a0c [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\windows\system32\nsisvc.dll
22:22:26.0200 0x1a0c nsi - ok
22:22:26.0240 0x1a0c [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
22:22:26.0330 0x1a0c nsiproxy - ok
22:22:26.0460 0x1a0c [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
22:22:26.0560 0x1a0c Ntfs - ok
22:22:26.0590 0x1a0c [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\windows\system32\drivers\Null.sys
22:22:26.0670 0x1a0c Null - ok
22:22:26.0720 0x1a0c [ CDDD4478757288DF4BB1494BFD084259, 2063A1B4F24BD466A501198B12574D830BC4696ED53CDFF96C1EE91EE8CD1BB0 ] NVHDA C:\windows\system32\drivers\nvhda64v.sys
22:22:26.0740 0x1a0c NVHDA - ok
22:22:27.0321 0x1a0c [ B8A1174BFD21AF0379B4807BFC85FA66, FEA45F8DF69EC026760560D2A16988F1E2EFAED6A3B6E9DE1040083568E51631 ] nvlddmkm C:\windows\system32\DRIVERS\nvlddmkm.sys
22:22:27.0861 0x1a0c nvlddmkm - ok
22:22:27.0911 0x1a0c [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\windows\system32\drivers\nvraid.sys
22:22:27.0931 0x1a0c nvraid - ok
22:22:27.0971 0x1a0c [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\windows\system32\drivers\nvstor.sys
22:22:27.0991 0x1a0c nvstor - ok
22:22:28.0041 0x1a0c [ 8C639660B1CB88A966674FC13B8F43A2, C794554D771CA61746F21D2CF73A7F0B5919FCB6EEE2A1A88B3EFA5CA7AFE662 ] nvsvc C:\windows\system32\nvvsvc.exe
22:22:28.0071 0x1a0c nvsvc - ok
22:22:28.0101 0x1a0c [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\windows\system32\drivers\nv_agp.sys
22:22:28.0121 0x1a0c nv_agp - ok
22:22:28.0161 0x1a0c [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
22:22:28.0211 0x1a0c ohci1394 - ok
22:22:28.0251 0x1a0c [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:22:28.0271 0x1a0c ose - ok
22:22:28.0561 0x1a0c [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:22:28.0821 0x1a0c osppsvc - ok
22:22:28.0891 0x1a0c [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\windows\system32\pnrpsvc.dll
22:22:28.0972 0x1a0c p2pimsvc - ok
22:22:29.0012 0x1a0c [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\windows\system32\p2psvc.dll
22:22:29.0052 0x1a0c p2psvc - ok
22:22:29.0092 0x1a0c [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\windows\system32\DRIVERS\parport.sys
22:22:29.0112 0x1a0c Parport - ok
22:22:29.0142 0x1a0c [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\windows\system32\drivers\partmgr.sys
22:22:29.0172 0x1a0c partmgr - ok
22:22:29.0222 0x1a0c [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc C:\windows\System32\pcasvc.dll
22:22:29.0292 0x1a0c PcaSvc - ok
22:22:29.0322 0x1a0c [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\windows\system32\drivers\pci.sys
22:22:29.0352 0x1a0c pci - ok
22:22:29.0392 0x1a0c [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\windows\system32\drivers\pciide.sys
22:22:29.0412 0x1a0c pciide - ok
22:22:29.0462 0x1a0c [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
22:22:29.0502 0x1a0c pcmcia - ok
22:22:29.0522 0x1a0c [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\windows\system32\drivers\pcw.sys
22:22:29.0552 0x1a0c pcw - ok
22:22:29.0612 0x1a0c [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH C:\windows\system32\drivers\peauth.sys
22:22:29.0682 0x1a0c PEAUTH - ok
22:22:29.0812 0x1a0c [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\windows\SysWow64\perfhost.exe
22:22:29.0842 0x1a0c PerfHost - ok
22:22:29.0973 0x1a0c [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\windows\system32\pla.dll
22:22:30.0123 0x1a0c pla - ok
22:22:30.0183 0x1a0c [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\windows\system32\umpnpmgr.dll
22:22:30.0243 0x1a0c PlugPlay - ok
22:22:30.0283 0x1a0c [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
22:22:30.0323 0x1a0c PNRPAutoReg - ok
22:22:30.0373 0x1a0c [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\windows\system32\pnrpsvc.dll
22:22:30.0413 0x1a0c PNRPsvc - ok
22:22:30.0473 0x1a0c [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
22:22:30.0593 0x1a0c PolicyAgent - ok
22:22:30.0663 0x1a0c [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\windows\system32\umpo.dll
22:22:30.0763 0x1a0c Power - ok
22:22:30.0813 0x1a0c [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
22:22:30.0883 0x1a0c PptpMiniport - ok
22:22:30.0933 0x1a0c [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\windows\system32\DRIVERS\processr.sys
22:22:30.0983 0x1a0c Processor - ok
22:22:31.0023 0x1a0c [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\windows\system32\profsvc.dll
22:22:31.0093 0x1a0c ProfSvc - ok
22:22:31.0143 0x1a0c [ 9CC2C93394241E602DA63826413055FF, 844FA885A2FF59758D5E97084AD81C48DFA2BBC39E4CDE7B04D200820426D7EA ] Prosieben C:\Program Files (x86)\maxdome\DCBin\DCService.exe
22:22:31.0163 0x1a0c Prosieben - ok
22:22:31.0183 0x1a0c [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] ProtectedStorage C:\windows\system32\lsass.exe
22:22:31.0213 0x1a0c ProtectedStorage - ok
22:22:31.0243 0x1a0c [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\windows\system32\DRIVERS\pacer.sys
22:22:31.0313 0x1a0c Psched - ok
22:22:31.0343 0x1a0c [ FB46E9A827A8799EBD7BFA9128C91F37, 7C40E9C1720522D76AF45A588DFF47BDF0E2A99AF3A396854A00F1273EA13193 ] PSI C:\windows\system32\DRIVERS\psi_mf.sys
22:22:31.0363 0x1a0c PSI - ok
22:22:31.0373 0x1a0c PS_MDP - ok
22:22:31.0493 0x1a0c [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
22:22:31.0583 0x1a0c ql2300 - ok
22:22:31.0613 0x1a0c [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
22:22:31.0643 0x1a0c ql40xx - ok
22:22:31.0683 0x1a0c [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\windows\system32\qwave.dll
22:22:31.0723 0x1a0c QWAVE - ok
22:22:31.0743 0x1a0c [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
22:22:31.0793 0x1a0c QWAVEdrv - ok
22:22:31.0863 0x1a0c [ A55E7D0D873B2C97585B3B5926AC6ADE, 3BE3895DA7F0888E85B1941525878BA0846A8F215AD39ED8138BB39615468E32 ] RapiMgr C:\windows\WindowsMobile\rapimgr.dll
22:22:31.0893 0x1a0c RapiMgr - ok
22:22:31.0933 0x1a0c [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
22:22:32.0023 0x1a0c RasAcd - ok
22:22:32.0063 0x1a0c [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
22:22:32.0163 0x1a0c RasAgileVpn - ok
22:22:32.0213 0x1a0c [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\windows\System32\rasauto.dll
22:22:32.0313 0x1a0c RasAuto - ok
22:22:32.0363 0x1a0c [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
22:22:32.0433 0x1a0c Rasl2tp - ok
22:22:32.0483 0x1a0c [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\windows\System32\rasmans.dll
22:22:32.0563 0x1a0c RasMan - ok
22:22:32.0603 0x1a0c [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
22:22:32.0683 0x1a0c RasPppoe - ok
22:22:32.0703 0x1a0c [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
22:22:32.0783 0x1a0c RasSstp - ok
22:22:32.0833 0x1a0c [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
22:22:32.0923 0x1a0c rdbss - ok
22:22:32.0963 0x1a0c [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
22:22:33.0013 0x1a0c rdpbus - ok
22:22:33.0043 0x1a0c [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
22:22:33.0143 0x1a0c RDPCDD - ok
22:22:33.0163 0x1a0c [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
22:22:33.0253 0x1a0c RDPENCDD - ok
22:22:33.0273 0x1a0c [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
22:22:33.0343 0x1a0c RDPREFMP - ok
22:22:33.0403 0x1a0c [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\windows\system32\drivers\RDPWD.sys
22:22:33.0463 0x1a0c RDPWD - ok
22:22:33.0503 0x1a0c [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\windows\system32\drivers\rdyboost.sys
22:22:33.0533 0x1a0c rdyboost - ok
22:22:33.0543 0x1a0c ReadyComm.DirectRouter - ok
22:22:33.0583 0x1a0c [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\windows\System32\mprdim.dll
22:22:33.0683 0x1a0c RemoteAccess - ok
22:22:33.0733 0x1a0c [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\windows\system32\regsvc.dll
22:22:33.0823 0x1a0c RemoteRegistry - ok
22:22:33.0873 0x1a0c [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
22:22:33.0933 0x1a0c RFCOMM - ok
22:22:33.0983 0x1a0c [ CAF88D6573D21CD2AA27001DDBFDC74D, 8256B93E586953F1B594BFFA1F005DB08325CAF1729A93820B09F60DAA998C97 ] RMCAST C:\windows\system32\DRIVERS\RMCAST.sys
22:22:34.0083 0x1a0c RMCAST - ok
22:22:34.0133 0x1a0c [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
22:22:34.0223 0x1a0c RpcEptMapper - ok
22:22:34.0263 0x1a0c [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\windows\system32\locator.exe
22:22:34.0293 0x1a0c RpcLocator - ok
22:22:34.0343 0x1a0c [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\windows\system32\rpcss.dll
22:22:34.0433 0x1a0c RpcSs - ok
22:22:34.0463 0x1a0c [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
22:22:34.0563 0x1a0c rspndr - ok
22:22:34.0603 0x1a0c [ 5AAB4808E8CCAE8C2ECDA5B791260616, EFA49ADD657D209AFE73CE0E9184E319D5F7A8A0C6B60BEFA0AAB172B2D397BA ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
22:22:34.0633 0x1a0c RSUSBSTOR - ok
22:22:34.0673 0x1a0c [ 4FBDA07EF0A3097CE14C5CABF723B278, 6F1E21362F0057E9C6A180D9189AEB51761F4C019A6835E50E4AD19ED1F58FE6 ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
22:22:34.0703 0x1a0c RTL8167 - ok
22:22:34.0733 0x1a0c [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] SamSs C:\windows\system32\lsass.exe
22:22:34.0753 0x1a0c SamSs - ok
22:22:34.0783 0x1a0c [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\windows\system32\drivers\sbp2port.sys
22:22:34.0813 0x1a0c sbp2port - ok
22:22:34.0863 0x1a0c [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\windows\System32\SCardSvr.dll
22:22:34.0973 0x1a0c SCardSvr - ok
22:22:35.0003 0x1a0c [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
22:22:35.0073 0x1a0c scfilter - ok
22:22:35.0163 0x1a0c [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\windows\system32\schedsvc.dll
22:22:35.0313 0x1a0c Schedule - ok
22:22:35.0363 0x1a0c [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\windows\System32\certprop.dll
22:22:35.0443 0x1a0c SCPolicySvc - ok
22:22:35.0473 0x1a0c [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\windows\System32\SDRSVC.dll
22:22:35.0523 0x1a0c SDRSVC - ok
22:22:35.0553 0x1a0c [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\windows\system32\drivers\secdrv.sys
22:22:35.0643 0x1a0c secdrv - ok
22:22:35.0683 0x1a0c [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\windows\system32\seclogon.dll
22:22:35.0753 0x1a0c seclogon - ok
22:22:35.0843 0x1a0c [ 5B66DB4877BBAC9F7493AA8D84421E49, D1FCE833A9140E5EC3106373A6FF42335A9A20EBBE020E757B55F032DA0FA7AE ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
22:22:35.0903 0x1a0c Secunia PSI Agent - ok
22:22:35.0964 0x1a0c [ 0E88FDF474F2CDD370A4A6CE77D018F0, D01DA8FF7ADB073E4EECDBDF4F5FE595D6AC70F8C57AFC9ED5C51486CFCECC50 ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
22:22:35.0994 0x1a0c Secunia Update Agent - ok
22:22:36.0024 0x1a0c [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\windows\System32\sens.dll
22:22:36.0124 0x1a0c SENS - ok
22:22:36.0144 0x1a0c [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\windows\system32\sensrsvc.dll
22:22:36.0214 0x1a0c SensrSvc - ok
22:22:36.0234 0x1a0c [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\windows\system32\DRIVERS\serenum.sys
22:22:36.0274 0x1a0c Serenum - ok
22:22:36.0324 0x1a0c [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\windows\system32\DRIVERS\serial.sys
22:22:36.0374 0x1a0c Serial - ok
22:22:36.0414 0x1a0c [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
22:22:36.0464 0x1a0c sermouse - ok
22:22:36.0584 0x1a0c [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\windows\system32\sessenv.dll
22:22:36.0694 0x1a0c SessionEnv - ok
22:22:36.0744 0x1a0c [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\windows\system32\drivers\sffdisk.sys
22:22:36.0774 0x1a0c sffdisk - ok
22:22:36.0834 0x1a0c [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
22:22:36.0874 0x1a0c sffp_mmc - ok
22:22:36.0884 0x1a0c [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
22:22:36.0924 0x1a0c sffp_sd - ok
22:22:36.0974 0x1a0c [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
22:22:37.0004 0x1a0c sfloppy - ok
22:22:37.0064 0x1a0c [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\windows\System32\ipnathlp.dll
22:22:37.0154 0x1a0c SharedAccess - ok
22:22:37.0204 0x1a0c [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\windows\System32\shsvcs.dll
22:22:37.0294 0x1a0c ShellHWDetection - ok
22:22:37.0324 0x1a0c [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
22:22:37.0344 0x1a0c SiSRaid2 - ok
22:22:37.0374 0x1a0c [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
22:22:37.0394 0x1a0c SiSRaid4 - ok
22:22:37.0514 0x1a0c [ 704B4F81729F676BBF034529FC334D82, 1E50DAF97836807A500284385D99272780A8B69CA88761250451060B207824F8 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
22:22:37.0554 0x1a0c SkypeUpdate - ok
22:22:37.0604 0x1a0c [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\windows\system32\DRIVERS\smb.sys
22:22:37.0684 0x1a0c Smb - ok
22:22:37.0744 0x1a0c [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\windows\System32\snmptrap.exe
22:22:37.0784 0x1a0c SNMPTRAP - ok
22:22:37.0814 0x1a0c [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\windows\system32\drivers\spldr.sys
22:22:37.0834 0x1a0c spldr - ok
22:22:37.0904 0x1a0c [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\windows\System32\spoolsv.exe
22:22:37.0974 0x1a0c Spooler - ok
22:22:38.0184 0x1a0c [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\windows\system32\sppsvc.exe
22:22:38.0454 0x1a0c sppsvc - ok
22:22:38.0504 0x1a0c [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\windows\system32\sppuinotify.dll
22:22:38.0594 0x1a0c sppuinotify - ok
22:22:38.0664 0x1a0c [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\windows\system32\DRIVERS\srv.sys
22:22:38.0744 0x1a0c srv - ok
22:22:38.0774 0x1a0c [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
22:22:38.0824 0x1a0c srv2 - ok
22:22:38.0874 0x1a0c [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
22:22:38.0894 0x1a0c srvnet - ok
22:22:38.0934 0x1a0c [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
22:22:39.0034 0x1a0c SSDPSRV - ok
22:22:39.0074 0x1a0c [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\windows\system32\sstpsvc.dll
22:22:39.0174 0x1a0c SstpSvc - ok
22:22:39.0284 0x1a0c [ E8606BF6BE3B7481D95F1DD2E4F3FCBA, 522646B5266C3E18AF909CB49F411ABB10F5DCD02A2B923C1EA209529AFD1A94 ] StarMoney Business 4.0 OnlineUpdate C:\Program Files (x86)\StarMoney Business 4.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
22:22:39.0334 0x1a0c StarMoney Business 4.0 OnlineUpdate - ok
22:22:39.0434 0x1a0c [ 3BF022F8064A83A23DF90971DD78CA83, 85754DF1C6DE745ADF9A0BAB1948AFF2CA16C4569128DA90AF610D199E621BF4 ] StarMoney Business 6.0 OnlineUpdate C:\Program Files (x86)\StarMoney Business 6.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
22:22:39.0484 0x1a0c StarMoney Business 6.0 OnlineUpdate - ok
22:22:39.0524 0x1a0c [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
22:22:39.0544 0x1a0c stexstor - ok
22:22:39.0594 0x1a0c [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\windows\System32\wiaservc.dll
22:22:39.0674 0x1a0c stisvc - ok
22:22:39.0714 0x1a0c [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\windows\system32\drivers\swenum.sys
22:22:39.0734 0x1a0c swenum - ok
22:22:39.0814 0x1a0c [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
22:22:39.0864 0x1a0c SwitchBoard - detected UnsignedFile.Multi.Generic ( 1 )
22:22:39.0864 0x1a0c Detect skipped due to KSN trusted
22:22:39.0864 0x1a0c SwitchBoard - ok
22:22:39.0924 0x1a0c [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\windows\System32\swprv.dll
22:22:40.0025 0x1a0c swprv - ok
22:22:40.0155 0x1a0c [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\windows\system32\sysmain.dll
22:22:40.0285 0x1a0c SysMain - ok
22:22:40.0345 0x1a0c [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\windows\System32\TabSvc.dll
22:22:40.0405 0x1a0c TabletInputService - ok
22:22:40.0455 0x1a0c [ BCD6A90D6FD757CE9C29DDC850F7F231, 8E736A42B28BE11EC524C40DFA1C7A88BBE10CBC97320F128BCBE44051BBCC81 ] tap0901 C:\windows\system32\DRIVERS\tap0901.sys
22:22:40.0505 0x1a0c tap0901 - ok
22:22:40.0575 0x1a0c [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\windows\System32\tapisrv.dll
22:22:40.0685 0x1a0c TapiSrv - ok
22:22:40.0735 0x1a0c [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\windows\System32\tbssvc.dll
22:22:40.0815 0x1a0c TBS - ok
22:22:40.0965 0x1a0c [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\windows\system32\drivers\tcpip.sys
22:22:41.0075 0x1a0c Tcpip - ok
22:22:41.0185 0x1a0c [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
22:22:41.0285 0x1a0c TCPIP6 - ok
22:22:41.0345 0x1a0c [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
22:22:41.0385 0x1a0c tcpipreg - ok
22:22:41.0445 0x1a0c [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
22:22:41.0475 0x1a0c TDPIPE - ok
22:22:41.0515 0x1a0c [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
22:22:41.0555 0x1a0c TDTCP - ok
22:22:41.0605 0x1a0c [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx C:\windows\system32\DRIVERS\tdx.sys
22:22:41.0675 0x1a0c tdx - ok
22:22:41.0705 0x1a0c [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\windows\system32\drivers\termdd.sys
22:22:41.0725 0x1a0c TermDD - ok
22:22:41.0795 0x1a0c [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\windows\System32\termsrv.dll
22:22:41.0865 0x1a0c TermService - ok
22:22:41.0895 0x1a0c [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\windows\system32\themeservice.dll
22:22:41.0945 0x1a0c Themes - ok
22:22:41.0995 0x1a0c [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\windows\system32\mmcss.dll
22:22:42.0065 0x1a0c THREADORDER - ok
22:22:42.0105 0x1a0c [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\windows\System32\trkwks.dll
22:22:42.0205 0x1a0c TrkWks - ok
22:22:42.0275 0x1a0c [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
22:22:42.0365 0x1a0c TrustedInstaller - ok
22:22:42.0425 0x1a0c [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
22:22:42.0465 0x1a0c tssecsrv - ok
22:22:42.0535 0x1a0c [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
22:22:42.0595 0x1a0c TsUsbFlt - ok
22:22:42.0665 0x1a0c [ 92010D59383302086C635B7D25A05A33, 9E51BF0EA4705A86C3D8D0D5989438C55CC43D2880A6FA0C9FEA30388EA88537 ] TuneUp.Defrag C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
22:22:42.0705 0x1a0c TuneUp.Defrag - ok
22:22:42.0815 0x1a0c [ 6525DD751ECBE7FEAFF75E3B178AACC1, 87FFF30E8807515A13C74351B7D7F45785BA7B37DEA89DE1A86A6740B8F23D2F ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
22:22:42.0895 0x1a0c TuneUp.UtilitiesSvc - ok
22:22:42.0935 0x1a0c [ DCC94C51D27C7EC0DADECA8F64C94FCF, 90C978C2284C9BDE3EFA1124616D824E0C361C388293FA22DBC8C3B70C920574 ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys
22:22:42.0955 0x1a0c TuneUpUtilitiesDrv - ok
22:22:42.0995 0x1a0c [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
22:22:43.0095 0x1a0c tunnel - ok
22:22:43.0135 0x1a0c [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
22:22:43.0165 0x1a0c uagp35 - ok
22:22:43.0235 0x1a0c [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\windows\system32\DRIVERS\udfs.sys
22:22:43.0335 0x1a0c udfs - ok
22:22:43.0395 0x1a0c [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\windows\system32\UI0Detect.exe
22:22:43.0445 0x1a0c UI0Detect - ok
22:22:43.0495 0x1a0c [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
22:22:43.0515 0x1a0c uliagpkx - ok
22:22:43.0555 0x1a0c [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\windows\system32\DRIVERS\umbus.sys
22:22:43.0595 0x1a0c umbus - ok
22:22:43.0645 0x1a0c [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\windows\system32\DRIVERS\umpass.sys
22:22:43.0665 0x1a0c UmPass - ok
22:22:43.0855 0x1a0c [ AF905F4966CFC8B973623AB150CD4B2B, E1BF0481A584C10AE4A927A01A1E6B76036C18FAF7AB38D9B78641F5808D9888 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
22:22:43.0976 0x1a0c UNS - ok
22:22:44.0046 0x1a0c [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\windows\System32\upnphost.dll
22:22:44.0146 0x1a0c upnphost - ok
22:22:44.0236 0x1a0c [ 7CE0FE34FD8FB7F52D1E503B0C1E4FA9, B54B558136FF621A4C63945CF982780CD9C61F3CB15143D73B550E6D0C14A246 ] UPnPService C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
22:22:44.0276 0x1a0c UPnPService - detected UnsignedFile.Multi.Generic ( 1 )
22:22:44.0276 0x1a0c Detect skipped due to KSN trusted
22:22:44.0276 0x1a0c UPnPService - ok
22:22:44.0326 0x1a0c [ 5C3BE22E485B9BF11FCEFDC676C728D0, F55061066ECF6920D56518A677BB538C18B7F1BB150ED6DB3591408F44E8D53A ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys
22:22:44.0366 0x1a0c USBAAPL64 - ok
22:22:44.0406 0x1a0c [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\windows\system32\drivers\usbaudio.sys
22:22:44.0496 0x1a0c usbaudio - ok
22:22:44.0536 0x1a0c [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
22:22:44.0596 0x1a0c usbccgp - ok
22:22:44.0636 0x1a0c [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\windows\system32\drivers\usbcir.sys
22:22:44.0696 0x1a0c usbcir - ok
22:22:44.0736 0x1a0c [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\windows\system32\drivers\usbehci.sys
22:22:44.0776 0x1a0c usbehci - ok
22:22:44.0856 0x1a0c [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
22:22:44.0896 0x1a0c usbhub - ok
22:22:44.0936 0x1a0c [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\windows\system32\drivers\usbohci.sys
22:22:44.0966 0x1a0c usbohci - ok
22:22:44.0996 0x1a0c [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
22:22:45.0046 0x1a0c usbprint - ok
22:22:45.0096 0x1a0c [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
22:22:45.0146 0x1a0c usbscan - ok
22:22:45.0196 0x1a0c [ 310ABD644511CBEEE16814095759D670, 416935D68882822DEFFD1CEEC2EEC8F8FC27E76414C2C529C82F84DF15C21F71 ] usbsmi C:\windows\system32\DRIVERS\SMIksdrv.sys
22:22:45.0266 0x1a0c usbsmi - ok
22:22:45.0326 0x1a0c [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
22:22:45.0356 0x1a0c USBSTOR - ok
22:22:45.0386 0x1a0c [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\windows\system32\drivers\usbuhci.sys
22:22:45.0416 0x1a0c usbuhci - ok
22:22:45.0466 0x1a0c [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
22:22:45.0516 0x1a0c usbvideo - ok
22:22:45.0566 0x1a0c [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\windows\System32\uxsms.dll
22:22:45.0666 0x1a0c UxSms - ok
22:22:45.0706 0x1a0c [ C8EB4193D33A48A4AD2D5D7CA121CF88, 057AB74992D342839337B9057462517B0FD622D521A160D895220ABCC23DD3BC ] UxTuneUp C:\windows\System32\uxtuneup.dll
22:22:45.0726 0x1a0c UxTuneUp - ok
22:22:45.0756 0x1a0c [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] VaultSvc C:\windows\system32\lsass.exe
22:22:45.0776 0x1a0c VaultSvc - ok
22:22:45.0796 0x1a0c [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
22:22:45.0816 0x1a0c vdrvroot - ok
22:22:45.0886 0x1a0c [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\windows\System32\vds.exe
22:22:45.0996 0x1a0c vds - ok
22:22:46.0046 0x1a0c [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\windows\system32\DRIVERS\vgapnp.sys
22:22:46.0076 0x1a0c vga - ok
22:22:46.0116 0x1a0c [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\windows\System32\drivers\vga.sys
22:22:46.0206 0x1a0c VgaSave - ok
22:22:46.0266 0x1a0c [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\windows\system32\drivers\vhdmp.sys
22:22:46.0296 0x1a0c vhdmp - ok
22:22:46.0336 0x1a0c [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\windows\system32\drivers\viaide.sys
22:22:46.0356 0x1a0c viaide - ok
22:22:46.0386 0x1a0c [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\windows\system32\drivers\volmgr.sys
22:22:46.0406 0x1a0c volmgr - ok
22:22:46.0446 0x1a0c [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\windows\system32\drivers\volmgrx.sys
22:22:46.0486 0x1a0c volmgrx - ok
22:22:46.0516 0x1a0c [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\windows\system32\drivers\volsnap.sys
22:22:46.0556 0x1a0c volsnap - ok
22:22:46.0616 0x1a0c [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
22:22:46.0646 0x1a0c vsmraid - ok
22:22:46.0766 0x1a0c [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\windows\system32\vssvc.exe
22:22:46.0916 0x1a0c VSS - ok
22:22:46.0966 0x1a0c [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
22:22:47.0006 0x1a0c vwifibus - ok
22:22:47.0046 0x1a0c [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
22:22:47.0096 0x1a0c vwififlt - ok
22:22:47.0136 0x1a0c [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
22:22:47.0186 0x1a0c vwifimp - ok
22:22:47.0246 0x1a0c [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\windows\system32\w32time.dll
22:22:47.0356 0x1a0c W32Time - ok
22:22:47.0416 0x1a0c [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
22:22:47.0456 0x1a0c WacomPen - ok
22:22:47.0516 0x1a0c [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
22:22:47.0606 0x1a0c WANARP - ok
22:22:47.0626 0x1a0c [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
22:22:47.0706 0x1a0c Wanarpv6 - ok
22:22:47.0796 0x1a0c [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
22:22:47.0866 0x1a0c WatAdminSvc - ok
22:22:47.0996 0x1a0c [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\windows\system32\wbengine.exe
22:22:48.0107 0x1a0c wbengine - ok
22:22:48.0157 0x1a0c [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\windows\System32\wbiosrvc.dll
22:22:48.0217 0x1a0c WbioSrvc - ok
22:22:48.0277 0x1a0c [ 8BDA6DB43AA54E8BB5E0794541DDC209, 8753C507BE77B019A3403AF5252434A01DB9F9332E58AC3783ABCE3D21AD9DD4 ] WcesComm C:\windows\WindowsMobile\wcescomm.dll
22:22:48.0307 0x1a0c WcesComm - ok
22:22:48.0367 0x1a0c [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\windows\System32\wcncsvc.dll
22:22:48.0427 0x1a0c wcncsvc - ok
22:22:48.0467 0x1a0c [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
22:22:48.0507 0x1a0c WcsPlugInService - ok
22:22:48.0547 0x1a0c [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\windows\system32\DRIVERS\wd.sys
22:22:48.0577 0x1a0c Wd - ok
22:22:48.0647 0x1a0c [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
22:22:48.0717 0x1a0c Wdf01000 - ok
22:22:48.0797 0x1a0c [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost C:\windows\system32\wdi.dll
22:22:48.0827 0x1a0c WdiServiceHost - ok
22:22:48.0847 0x1a0c [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost C:\windows\system32\wdi.dll
22:22:48.0877 0x1a0c WdiSystemHost - ok
22:22:48.0917 0x1a0c [ 2A444ACF7DD446505BCC801F8F6AE5FD, A257CBA8D1B96D4E8C2085DB5D28C5D4FFA64767ABA5FE764F1AA2697D0E994B ] wdmirror C:\windows\system32\DRIVERS\WDMirror.sys
22:22:48.0927 0x1a0c wdmirror - ok
22:22:48.0977 0x1a0c [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\windows\System32\webclnt.dll
22:22:49.0058 0x1a0c WebClient - ok
22:22:49.0108 0x1a0c [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\windows\system32\wecsvc.dll
22:22:49.0208 0x1a0c Wecsvc - ok
22:22:49.0248 0x1a0c [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\windows\System32\wercplsupport.dll
22:22:49.0328 0x1a0c wercplsupport - ok
22:22:49.0348 0x1a0c [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\windows\System32\WerSvc.dll
22:22:49.0448 0x1a0c WerSvc - ok
22:22:49.0488 0x1a0c [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
22:22:49.0558 0x1a0c WfpLwf - ok
22:22:49.0628 0x1a0c [ B14EF15BD757FA488F9C970EEE9C0D35, F27DF2D47E7076786AE7C396583D7A1C56B93E766711066C900964FC7313E794 ] WimFltr C:\windows\system32\DRIVERS\wimfltr.sys
22:22:49.0648 0x1a0c WimFltr - ok
22:22:49.0678 0x1a0c [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\windows\system32\drivers\wimmount.sys
22:22:49.0698 0x1a0c WIMMount - ok
22:22:49.0748 0x1a0c WinDefend - ok
22:22:49.0788 0x1a0c WinHttpAutoProxySvc - ok
22:22:49.0858 0x1a0c [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
22:22:49.0938 0x1a0c Winmgmt - ok
22:22:50.0078 0x1a0c [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\windows\system32\WsmSvc.dll
22:22:50.0218 0x1a0c WinRM - ok
22:22:50.0288 0x1a0c [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\windows\system32\drivers\WinUsb.sys
22:22:50.0308 0x1a0c WinUsb - ok
22:22:50.0388 0x1a0c [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\windows\System32\wlansvc.dll
22:22:50.0458 0x1a0c Wlansvc - ok
22:22:50.0508 0x1a0c [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
22:22:50.0538 0x1a0c WmiAcpi - ok
22:22:50.0598 0x1a0c [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
22:22:50.0638 0x1a0c wmiApSrv - ok
22:22:50.0668 0x1a0c WMPNetworkSvc - ok
22:22:50.0708 0x1a0c [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\windows\System32\wpcsvc.dll
22:22:50.0748 0x1a0c WPCSvc - ok
22:22:50.0798 0x1a0c [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
22:22:50.0828 0x1a0c WPDBusEnum - ok
22:22:50.0868 0x1a0c [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
22:22:50.0938 0x1a0c ws2ifsl - ok
22:22:50.0998 0x1a0c [ ADD2FE1A9F4EE41A6D724819550D4E1F, EE8320496D611F6D264AC21684EACB5DC6F9DD82E055726073C7782D0993AFB3 ] WsAudio_Device(1) C:\windows\system32\drivers\VirtualAudio1.sys
22:22:51.0018 0x1a0c WsAudio_Device(1) - ok
22:22:51.0058 0x1a0c [ ADD2FE1A9F4EE41A6D724819550D4E1F, EE8320496D611F6D264AC21684EACB5DC6F9DD82E055726073C7782D0993AFB3 ] WsAudio_Device(2) C:\windows\system32\drivers\VirtualAudio2.sys
22:22:51.0078 0x1a0c WsAudio_Device(2) - ok
22:22:51.0098 0x1a0c [ ADD2FE1A9F4EE41A6D724819550D4E1F, EE8320496D611F6D264AC21684EACB5DC6F9DD82E055726073C7782D0993AFB3 ] WsAudio_Device(3) C:\windows\system32\drivers\VirtualAudio3.sys
22:22:51.0118 0x1a0c WsAudio_Device(3) - ok
22:22:51.0138 0x1a0c [ ADD2FE1A9F4EE41A6D724819550D4E1F, EE8320496D611F6D264AC21684EACB5DC6F9DD82E055726073C7782D0993AFB3 ] WsAudio_Device(4) C:\windows\system32\drivers\VirtualAudio4.sys
22:22:51.0148 0x1a0c WsAudio_Device(4) - ok
22:22:51.0178 0x1a0c [ ADD2FE1A9F4EE41A6D724819550D4E1F, EE8320496D611F6D264AC21684EACB5DC6F9DD82E055726073C7782D0993AFB3 ] WsAudio_Device(5) C:\windows\system32\drivers\VirtualAudio5.sys
22:22:51.0188 0x1a0c WsAudio_Device(5) - ok
22:22:51.0238 0x1a0c [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\windows\System32\wscsvc.dll
22:22:51.0268 0x1a0c wscsvc - ok
22:22:51.0298 0x1a0c [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice C:\windows\system32\DRIVERS\WSDPrint.sys
22:22:51.0328 0x1a0c WSDPrintDevice - ok
22:22:51.0348 0x1a0c [ 4A2A5C50DD1A63577D3ACA94269FBC7F, F75C1906D431CF871AD954218DF32A0F206E45FF49332DEF9F13C0A36A407047 ] WSDScan C:\windows\system32\DRIVERS\WSDScan.sys
22:22:51.0378 0x1a0c WSDScan - ok
22:22:51.0398 0x1a0c WSearch - ok
22:22:51.0448 0x1a0c [ 83575C43B2BFE9AB0661A7F957E843C0, 6FCE62721902A4F35F1A4CED8AF60A0346CFAB657ED92DE4CEFF19BDB830D32D ] wsvd C:\windows\system32\DRIVERS\wsvd.sys
22:22:51.0468 0x1a0c wsvd - ok
22:22:51.0618 0x1a0c [ 0814A74C853F50B354F08F83DDA9F7FB, 0A63BAA8DE451B8C2C71FEF961718E769B9BAC305C76D24048C664CB27D0DF28 ] wuauserv C:\windows\system32\wuaueng.dll
22:22:51.0768 0x1a0c wuauserv - ok
22:22:51.0828 0x1a0c [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\windows\system32\drivers\WudfPf.sys
22:22:51.0888 0x1a0c WudfPf - ok
22:22:51.0918 0x1a0c [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\windows\system32\drivers\WUDFRd.sys
22:22:51.0948 0x1a0c WUDFRd - ok
22:22:51.0988 0x1a0c [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\windows\System32\WUDFSvc.dll
22:22:52.0028 0x1a0c wudfsvc - ok
22:22:52.0088 0x1a0c [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\windows\System32\wwansvc.dll
22:22:52.0168 0x1a0c WwanSvc - ok
22:22:52.0318 0x1a0c [ 74983ADDCA2D9618512C088D856D6615, C4592EFC1206BD813221814FD529AD38ED26E4AE086613EB95D3D5E20448A1F0 ] {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} C:\Program Files (x86)\Lenovo\PlayMovie\000.fcl
22:22:52.0338 0x1a0c {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} - ok
22:22:52.0368 0x1a0c ================ Scan global ===============================
22:22:52.0398 0x1a0c [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\windows\system32\basesrv.dll
22:22:52.0438 0x1a0c [ 2313AF8D5A9CEB4A55400A01DD311A95, A5779FE967EA2703E86BEDC32CD736617AF278C72048228F038DFC628E1E0AA2 ] C:\windows\system32\winsrv.dll
22:22:52.0468 0x1a0c [ 2313AF8D5A9CEB4A55400A01DD311A95, A5779FE967EA2703E86BEDC32CD736617AF278C72048228F038DFC628E1E0AA2 ] C:\windows\system32\winsrv.dll
22:22:52.0518 0x1a0c [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\windows\system32\sxssrv.dll
22:22:52.0558 0x1a0c [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\windows\system32\services.exe
22:22:52.0568 0x1a0c [ Global ] - ok
22:22:52.0568 0x1a0c ================ Scan MBR ==================================
22:22:52.0578 0x1a0c [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:22:52.0998 0x1a0c \Device\Harddisk0\DR0 - ok
22:22:53.0008 0x1a0c ================ Scan VBR ==================================
22:22:53.0008 0x1a0c [ C140740B5CAEC5C55629DA8992358D71 ] \Device\Harddisk0\DR0\Partition1
22:22:53.0008 0x1a0c \Device\Harddisk0\DR0\Partition1 - ok
22:22:53.0018 0x1a0c [ 9E636BC3B0566C77417399F86794F79C ] \Device\Harddisk0\DR0\Partition2
22:22:53.0018 0x1a0c \Device\Harddisk0\DR0\Partition2 - ok
22:22:53.0038 0x1a0c [ E8C175857B525D8E380CE00B9F5E53AD ] \Device\Harddisk0\DR0\Partition3
22:22:53.0038 0x1a0c \Device\Harddisk0\DR0\Partition3 - ok
22:22:53.0048 0x1a0c ================ Scan generic autorun ======================
22:22:53.0049 0x1a0c NvCplDaemon - ok
22:22:53.0149 0x1a0c [ 24066DF5E85F6AF4A2013E70BF73423C, 9B4EFBF3FF194244F0D5C9128CF99EC7BCB1D62BE0975DA0F52816FF00EB0DB9 ] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
22:22:53.0189 0x1a0c cAudioFilterAgent - ok
22:22:53.0299 0x1a0c [ 35BA4E6632BA690EA6421C1E03537D0E, 99D6B4DB12ABE3A7F44AB1B2D626978E85231185AE280D9516986027BC8385CB ] c:\Program Files\Microsoft Security Client\msseces.exe
22:22:53.0389 0x1a0c MSC - ok
22:22:53.0479 0x1a0c [ 25107F58D1B8F60D67D1EE95798C0DE8, C3B5205E8818576EBF33E3B9FD8664A498714B823D9128FC1CA0A64F81499263 ] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
22:22:53.0499 0x1a0c IAStorIcon - ok
22:22:53.0569 0x1a0c [ 9ACFD9D5E12D849B28C78FED6D620EB3, 203D1EECFB44BA7D3936AAA2280B1D88207BA7655AB735C17BF9F3AAF3D8A803 ] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe
22:22:53.0599 0x1a0c UpdateP2GShortCut - ok
22:22:53.0679 0x1a0c [ 696A74A2E7AAD166D0A97499A43AD084, A661156C420B3198A82A6A395B986B28E89645CCFEFF4ED68B95EE5FC447E032 ] C:\PROGRA~2\MAGIX\VIDEO_~1\TrayServer.exe
22:22:53.0699 0x1a0c TrayServer - detected UnsignedFile.Multi.Generic ( 1 )
22:22:53.0699 0x1a0c Detect skipped due to KSN trusted
22:22:53.0699 0x1a0c TrayServer - ok
22:22:53.0759 0x1a0c [ 09E60B4FE341A94A300830C008907099, 5F07868953FAA8FFA9E6477F6BAC52DEEDF3EA4A3F8AF5B4E15878D8240223AB ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
22:22:53.0779 0x1a0c APSDaemon - ok
22:22:53.0819 0x1a0c [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
22:22:53.0869 0x1a0c SwitchBoard - detected UnsignedFile.Multi.Generic ( 1 )
22:22:53.0869 0x1a0c Detect skipped due to KSN trusted
22:22:53.0869 0x1a0c SwitchBoard - ok
22:22:53.0919 0x1a0c [ 187F4C75A89E3F412322C94526320074, D78FA7EF93C8C7B4326A5B6DB04A92ADD091DF00658FA8731D07C5D3BE29ED04 ] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
22:22:53.0949 0x1a0c BCSSync - ok
22:22:54.0049 0x1a0c [ CDFFB0058BA113ED8C6099DE11FAAD49, D258D1F340734113C1E538C32DF15011009C19A9E88E0F471E3D8387D4EA7AEB ] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
22:22:54.0114 0x1a0c CanonQuickMenu - ok
22:22:54.0184 0x1a0c [ B793DDE01D181ED91F333BF10FE2FC50, F9BA0FD8EC0C0E9D7E5969BC9ED0D0322EDFC8E65B11F642A7118B41F5BF197F ] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
22:22:54.0214 0x1a0c IJNetworkScannerSelectorEX - ok
22:22:54.0344 0x1a0c [ EA0CE8F77F1272A3D97C70BF3CE457F7, 2E9D95CE9103FBD74D3D9671341E1258C41320B6AE1BF996C41D0813BECB84CD ] C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
22:22:54.0464 0x1a0c iSkysoft Helper Compact.exe - detected UnsignedFile.Multi.Generic ( 1 )
22:22:54.0464 0x1a0c Detect skipped due to KSN trusted
22:22:54.0464 0x1a0c iSkysoft Helper Compact.exe - ok
22:22:54.0644 0x1a0c [ A1F127095742B85D34D81ED32DB4E0D6, F949C2281A8F2837D61E961A635058DDC1EAC255F4CA27BED1A8DDA58EBA0513 ] C:\ProgramData\iSkysoft\Video Converter Ultimate\DelayPluginI.exe
22:22:54.0744 0x1a0c DelaypluginInstall - ok
22:22:54.0824 0x1a0c [ 271B0D188430670509CB9943D5229205, 74CB5A9D8B5988AE08C0F65C601FC54F8745BAB6825B6FEEFBA8F068D656D8D7 ] C:\Program Files (x86)\QuickTime\QTTask.exe
22:22:54.0864 0x1a0c QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
22:22:54.0864 0x1a0c Detect skipped due to KSN trusted
22:22:54.0864 0x1a0c QuickTime Task - ok
22:22:54.0984 0x1a0c [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
22:22:55.0104 0x1a0c Sidebar - ok
22:22:55.0124 0x1a0c [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
22:22:55.0174 0x1a0c mctadmin - ok
22:22:55.0254 0x1a0c [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
22:22:55.0334 0x1a0c Sidebar - ok
22:22:55.0344 0x1a0c [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
22:22:55.0374 0x1a0c mctadmin - ok
22:22:55.0454 0x1a0c [ EC58C1A9A3281CE0C8FCC05BDBFECB37, 3738BBC112346B32F686F1CB4B4AAD89B06AA1F8FB2D333BC2D2F554212A0A59 ] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
22:22:55.0464 0x1a0c iCloudServices - ok
22:22:55.0524 0x1a0c [ 3A9FA910E679385D3F5647B9B8CF5CA2, DE321EB829E461CF91474C942FEDCC6FA0C20D9674067FE21C6F3DF438F61A4B ] C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
22:22:55.0584 0x1a0c OfficeSyncProcess - ok
22:22:55.0634 0x1a0c [ 5D61BE7DB55B026A5D61A3EED09D0EAD, D32CC7B31A6F98C60ABC313ABC7D1143681F72DE2BB2604711A0BA20710CAAAE ] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
22:22:55.0644 0x1a0c swg - ok
22:22:55.0664 0x1a0c [ 105C276BB7B43501225C419B062096D0, F5D35230FC5E116FB04147F216313D2E2542D96E975B19F5FD9F7641CF11271F ] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
22:22:55.0674 0x1a0c ApplePhotoStreams - ok
22:22:55.0724 0x1a0c Skype - ok
22:22:55.0744 0x1a0c AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.8.204.0 ), 0x61000 ( enabled : updated )
22:22:55.0744 0x1a0c Win FW state via NFP2: enabled
22:22:58.0904 0x1a0c ============================================================
22:22:58.0904 0x1a0c Scan finished
22:22:58.0904 0x1a0c ============================================================
22:22:58.0914 0x1a04 Detected object count: 0
22:22:58.0914 0x1a04 Actual detected object count: 0
Herzlichen dank für deine schnelle Hilfe |
|
12.06.2015, 17:48
| #6 |
| /// the machine /// TB-Ausbilder | Windows 7 wie kann ich den DHL Trojaner vollständig entfernen Nee noch nicht  Scan mit Combofix
__________________ --> Windows 7 wie kann ich den DHL Trojaner vollständig entfernen |
|
12.06.2015, 20:27
| #7 |
| | Windows 7 wie kann ich den DHL Trojaner vollständig entfernen Hallo Schrauber, hier nun der neue logfile: Code:
ATTFilter ComboFix 15-06-09.01 - ******* ******* 12.06.2015 20:57:36.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3959.1822 [GMT 2:00]
ausgeführt von:: c:\users\******* *******\Videos\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\******* *******\AppData\Local\Microsoft\Windows\Temporary Internet Files\{72CF0BD0-D9F6-4670-B9D5-9640CDBAD5FE}.xps
c:\windows\IsUn0407.exe
c:\windows\msdownld.tmp
c:\windows\s.bat
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ACEDRV11
-------\Service_acedrv11
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-05-12 bis 2015-06-12 ))))))))))))))))))))))))))))))
.
.
2015-06-12 19:11 . 2015-06-12 19:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-06-12 16:42 . 2015-06-12 16:42 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E6240203-F0F1-46AD-9A5A-3DC23BC52EFC}\offreg.928.dll
2015-06-12 16:33 . 2015-05-03 03:16 12214312 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E6240203-F0F1-46AD-9A5A-3DC23BC52EFC}\mpengine.dll
2015-06-11 06:59 . 2015-06-11 06:59 -------- d-----w- c:\users\******* *******\AppData\Local\GWX
2015-06-10 21:46 . 2015-03-23 10:40 1187344 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CB0E4370-D593-47B0-9C0E-86F0CD52860A}\gapaengine.dll
2015-06-10 20:41 . 2015-05-25 18:23 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-06-10 20:36 . 2015-04-29 18:22 14635008 ----a-w- c:\windows\system32\wmp.dll
2015-06-10 20:35 . 2015-04-24 18:17 633856 ----a-w- c:\windows\system32\comctl32.dll
2015-06-10 20:35 . 2015-04-24 17:56 530432 ----a-w- c:\windows\SysWow64\comctl32.dll
2015-06-10 20:35 . 2015-05-25 17:08 3206144 ----a-w- c:\windows\system32\win32k.sys
2015-06-10 20:35 . 2015-04-11 03:19 69888 ----a-w- c:\windows\system32\drivers\stream.sys
2015-06-10 18:59 . 2015-06-10 18:59 -------- d-----w- c:\programdata\Malwarebytes
2015-06-10 18:59 . 2015-06-12 19:13 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-06-10 18:58 . 2015-06-11 18:46 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-06-10 18:57 . 2015-06-10 18:58 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-06-08 19:54 . 2015-06-08 19:59 -------- d-----w- C:\FRST
2015-06-04 14:41 . 2015-06-09 16:27 -------- d-----w- c:\users\******* *******\AppData\Local\CrashDumps
2015-06-03 19:55 . 2015-06-03 19:55 -------- d-----w- C:\12bf32d59e7e9d01b7adf8
2015-06-03 19:29 . 2015-06-03 19:29 -------- d-----w- c:\windows\TempF16AF546-20B3-53CA-3D77-3D0C91573871-Signatures
2015-06-03 19:05 . 2015-05-01 13:17 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-06-03 19:05 . 2015-05-01 13:16 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-24 10:48 . 2015-04-13 03:28 328704 ----a-w- c:\windows\system32\services.exe
2015-05-24 10:46 . 2015-01-29 03:19 2543104 ----a-w- c:\windows\system32\wpdshext.dll
2015-05-24 10:46 . 2015-01-29 03:19 1195008 ----a-w- c:\windows\system32\drivers\UMDF\WpdMtpDr.dll
2015-05-24 10:46 . 2015-01-29 03:02 2311168 ----a-w- c:\windows\SysWow64\wpdshext.dll
2015-05-24 10:43 . 2015-02-18 07:06 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2015-05-24 10:43 . 2015-02-18 07:04 142336 ----a-w- c:\windows\system32\poqexec.exe
2015-05-24 10:43 . 2015-03-04 04:41 6656 ----a-w- c:\windows\system32\shimeng.dll
2015-05-24 10:43 . 2015-03-04 04:41 72192 ----a-w- c:\windows\system32\aelupsvc.dll
2015-05-24 10:43 . 2015-03-04 04:41 342016 ----a-w- c:\windows\system32\apphelp.dll
2015-05-24 10:43 . 2015-03-04 04:41 23552 ----a-w- c:\windows\system32\sdbinst.exe
2015-05-24 10:43 . 2015-03-04 04:11 5120 ----a-w- c:\windows\SysWow64\shimeng.dll
2015-05-24 10:43 . 2015-03-04 04:10 295936 ----a-w- c:\windows\SysWow64\apphelp.dll
2015-05-24 10:43 . 2015-03-04 04:10 20992 ----a-w- c:\windows\SysWow64\sdbinst.exe
2015-05-22 17:16 . 2015-05-22 17:16 18652352 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-06-11 01:05 . 2011-08-21 09:56 140135120 ----a-w- c:\windows\system32\MRT.exe
2015-06-09 21:39 . 2013-05-22 19:08 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-06-09 21:39 . 2013-05-22 19:08 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-05-25 18:01 . 2015-06-10 20:41 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-04-14 01:38 . 2015-04-14 01:38 1217192 ----a-w- c:\windows\SysWow64\FM20.DLL
2015-03-25 03:24 . 2015-04-14 19:25 98304 ----a-w- c:\windows\system32\wudriver.dll
2015-03-25 03:24 . 2015-04-14 19:25 37376 ----a-w- c:\windows\system32\wups2.dll
2015-03-25 03:24 . 2015-04-14 19:25 35328 ----a-w- c:\windows\system32\wups.dll
2015-03-25 03:24 . 2015-04-14 19:25 3298816 ----a-w- c:\windows\system32\wucltux.dll
2015-03-25 03:24 . 2015-04-14 19:25 2553856 ----a-w- c:\windows\system32\wuaueng.dll
2015-03-25 03:24 . 2015-04-14 19:25 191488 ----a-w- c:\windows\system32\wuwebv.dll
2015-03-25 03:24 . 2015-04-14 19:25 696320 ----a-w- c:\windows\system32\wuapi.dll
2015-03-25 03:24 . 2015-04-14 19:25 60416 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-03-25 03:23 . 2015-04-14 19:25 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:23 . 2015-04-14 19:25 36864 ----a-w- c:\windows\system32\wuapp.exe
2015-03-25 03:23 . 2015-04-14 19:25 135168 ----a-w- c:\windows\system32\wuauclt.exe
2015-03-25 03:00 . 2015-04-14 19:25 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2015-03-25 03:00 . 2015-04-14 19:25 566784 ----a-w- c:\windows\SysWow64\wuapi.dll
2015-03-25 03:00 . 2015-04-14 19:25 29696 ----a-w- c:\windows\SysWow64\wups.dll
2015-03-25 03:00 . 2015-04-14 19:25 173056 ----a-w- c:\windows\SysWow64\wuwebv.dll
2015-03-25 03:00 . 2015-04-14 19:25 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2015-03-23 10:40 . 2012-07-04 14:22 1187344 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-05-11 12:16 . 2012-05-11 12:16 171520 ----a-w- c:\program files (x86)\Common Files\dsfOggDemux2.dll
2011-04-18 20:51 . 2011-04-18 20:51 653136 ----a-w- c:\program files (x86)\Common Files\MSVCR90.dll
2011-04-18 20:51 . 2011-04-18 20:51 569680 ----a-w- c:\program files (x86)\Common Files\MSVCP90.dll
2011-01-12 00:00 . 2011-01-12 00:00 30208 ----a-w- c:\program files (x86)\Common Files\wmpinfo.dll
2011-01-12 00:00 . 2011-01-12 00:00 240128 ----a-w- c:\program files (x86)\Common Files\dsfVorbisDecoder.dll
2011-01-12 00:00 . 2011-01-12 00:00 146944 ----a-w- c:\program files (x86)\Common Files\dsfFLACDecoder.dll
2011-01-12 00:00 . 2011-01-12 00:00 221184 ----a-w- c:\program files (x86)\Common Files\dsfFLACEncoder.dll
2011-01-12 00:00 . 2011-01-12 00:00 204800 ----a-w- c:\program files (x86)\Common Files\dsfNativeFLACSource.dll
2010-12-16 19:39 . 2010-12-16 19:39 302592 ----a-w- c:\program files (x86)\Common Files\webmmux.dll
2010-12-16 19:39 . 2010-12-16 19:39 701440 ----a-w- c:\program files (x86)\Common Files\vp8encoder.dll
2010-12-16 19:39 . 2010-12-16 19:39 412672 ----a-w- c:\program files (x86)\Common Files\vp8decoder.dll
2010-12-16 19:39 . 2010-12-16 19:39 292352 ----a-w- c:\program files (x86)\Common Files\webmsplit.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
2014-04-11 02:05 513648 ----a-w- c:\program files (x86)\SupTab\SupTab.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2015-01-13 16:44 297128 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2013-03-18 14:53 1310480 ----a-r- c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2013-03-18 1310480]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2014-11-21 43816]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2015-03-18 720064]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-17 39408]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2014-11-21 43816]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-03-25 31682144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"TrayServer"="c:\progra~2\MAGIX\VIDEO_~1\TrayServer.exe" [2008-08-07 90112]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"CanonQuickMenu"="c:\program files (x86)\Canon\Quick Menu\CNQMMAIN.EXE" [2012-04-03 1273448]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2012-03-26 449168]
"iSkysoft Helper Compact.exe"="c:\program files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe" [2014-08-05 2014208]
"DelaypluginInstall"="c:\programdata\iSkysoft\Video Converter Ultimate\DelayPluginI.exe" [2014-09-26 1960336]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-10-02 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WLStart"="c:\program files (x86)\Windows Live\Installer\wlstart.exe" [2009-07-26 786760]
.
c:\users\******* *******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\******* *******\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-5-5 43374104]
STRATO HiDrive.lnk - c:\program files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive.exe [2011-11-15 463872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files (x86)\Audible\Bin\AudibleDownloadHelper.exe /Startup [2011-3-14 2125472]
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2009-8-11 1080608]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"PlayMovie"="c:\program files (x86)\Lenovo\PlayMovie\PMVService.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"StarMoneyRunEntry"="c:\program files (x86)\StarMoney Business 4.0 S-Edition\app\oflagent.exe"
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"CanonQuickMenu"=c:\program files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"SMB60StarMoneyRunEntry"="c:\program files (x86)\StarMoney Business 6.0 S-Edition\app\oflagent.exe"
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" /s
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe;c:\windows\SYSNATIVE\IgrsSvcs.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys;c:\windows\SYSNATIVE\drivers\WDBridge.sys [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\MAGIX\Common\Database\bin\fbserver.exe;c:\program files (x86)\MAGIX\Common\Database\bin\fbserver.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IGRS;IGRS;c:\program files (x86)\Lenovo\ReadyComm\common\IGRS.exe;c:\program files (x86)\Lenovo\ReadyComm\common\IGRS.exe [x]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe;c:\program files\Lenovo\ReadyComm\AppSvc.exe [x]
R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 MsgPlusDriver;Messenger Plus! Virtual Camera;c:\windows\system32\DRIVERS\MsgPlusDriver.sys;c:\windows\SYSNATIVE\DRIVERS\MsgPlusDriver.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe;c:\windows\SYSNATIVE\IgrsSvcs.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 StarMoney Business 4.0 OnlineUpdate;StarMoney Business 4.0 OnlineUpdate;c:\program files (x86)\StarMoney Business 4.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe;c:\program files (x86)\StarMoney Business 4.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 UPnPService;UPnPService;c:\program files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe;c:\program files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WsAudio_Device(1);WsAudio_Device(1);c:\windows\system32\drivers\VirtualAudio1.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio1.sys [x]
R3 WsAudio_Device(2);WsAudio_Device(2);c:\windows\system32\drivers\VirtualAudio2.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio2.sys [x]
R3 WsAudio_Device(3);WsAudio_Device(3);c:\windows\system32\drivers\VirtualAudio3.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio3.sys [x]
R3 WsAudio_Device(4);WsAudio_Device(4);c:\windows\system32\drivers\VirtualAudio4.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio4.sys [x]
R3 WsAudio_Device(5);WsAudio_Device(5);c:\windows\system32\drivers\VirtualAudio5.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio5.sys [x]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};Power Control [2010/08/17 08:58];c:\program files (x86)\Lenovo\PlayMovie\000.fcl;c:\program files (x86)\Lenovo\PlayMovie\000.fcl [x]
S2 DBService;DATA BECKER Update Service;c:\program files (x86)\Common Files\DATA BECKER Shared\DBService.exe;c:\program files (x86)\Common Files\DATA BECKER Shared\DBService.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IePluginService;IePlugin Service;c:\programdata\IePluginService\PluginService.exe;c:\programdata\IePluginService\PluginService.exe [x]
S2 Prosieben;maxdome Download Manager;c:\program files (x86)\maxdome\DCBin\DCService.exe;c:\program files (x86)\maxdome\DCBin\DCService.exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
S2 StarMoney Business 6.0 OnlineUpdate;StarMoney Business 6.0 OnlineUpdate;c:\program files (x86)\StarMoney Business 6.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe;c:\program files (x86)\StarMoney Business 6.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [x]
S3 usbsmi;Lenovo EasyCamera;c:\windows\system32\DRIVERS\SMIksdrv.sys;c:\windows\SYSNATIVE\DRIVERS\SMIksdrv.sys [x]
S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys;c:\windows\SYSNATIVE\DRIVERS\WDMirror.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter PS_MDP
<NO NAME> REG_SZ
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-06-09 20:52 986440 ----a-w- c:\program files (x86)\Google\Chrome\Application\43.0.2357.124\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-06-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-22 21:39]
.
2015-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-17 07:32]
.
2015-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-17 07:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2015-01-13 13:34 357376 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-05-07 16416360]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-22 521272]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-29 1337000]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1398624985&from=tugs&uid=WDCXWD6400BEVT-24A0RT0_WD-WX31A40H7188H7188&q={searchTerms}
mDefault_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1398624985&from=tugs&uid=WDCXWD6400BEVT-24A0RT0_WD-WX31A40H7188H7188
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1398624985&from=tugs&uid=WDCXWD6400BEVT-24A0RT0_WD-WX31A40H7188H7188&q={searchTerms}
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.bing.com/search?q={searchTerms}
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: Interfaces\{AF4B7A41-3583-463C-B531-3C89CE481D19}: NameServer = 8.8.8.8,192.168.0.1
TCP: Interfaces\{AF4B7A41-3583-463C-B531-3C89CE481D19}\54449434F43574C4F42414C4: DhcpNameServer = 8.8.8.8 192.168.0.1
TCP: Interfaces\{AF4B7A41-3583-463C-B531-3C89CE481D19}\54449434F435D234849434B4F4: DhcpNameServer = 8.8.4.4 192.168.0.1
TCP: Interfaces\{AF4B7A41-3583-463C-B531-3C89CE481D19}\54449434F435D2F46464943454: NameServer = 8.8.8.8
TCP: Interfaces\{DF2B36DA-9763-40AB-827C-61CD9F3CFD95}: NameServer = 8.8.8.8,192.168.0.1
FF - ProfilePath - c:\users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\
FF - prefs.js: browser.search.selectedEngine - webssearches
FF - prefs.js: browser.startup.homepage - hxxp://istart.webssearches.com/?type=hppp&ts=1422705841&from=tugs&uid=WDCXWD6400BEVT-24A0RT0_WD-WX31A40H7188H7188
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=410&sr=0&q=
FF - prefs.js: network.proxy.ftp - 194.110.219.43
FF - prefs.js: network.proxy.ftp_port - 3129
FF - prefs.js: network.proxy.gopher - 194.110.219.43
FF - prefs.js: network.proxy.gopher_port - 3129
FF - prefs.js: network.proxy.http - 194.110.219.43
FF - prefs.js: network.proxy.http_port - 3129
FF - prefs.js: network.proxy.socks - 194.110.219.43
FF - prefs.js: network.proxy.socks_port - 3129
FF - prefs.js: network.proxy.ssl - 194.110.219.43
FF - prefs.js: network.proxy.ssl_port - 3129
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2013-06-23 13:21; 39ffxtbr@MapsGalaxy_39.com; c:\program files (x86)\MapsGalaxy_39\bar\1.bin
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
AddRemove-Adobe Photoshop 6.0 - c:\windows\ISUN0407.EXE
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Prosieben]
"ImagePath"="\"c:\program files (x86)\maxdome\DCBin\DCService.exe\" /accountid:Prosieben"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files (x86)\Lenovo\PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_188_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_188_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_188_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_188_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-06-12 21:24:40 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2015-06-12 19:24
.
Vor Suchlauf: 16 Verzeichnis(se), 86.878.728.192 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 91.710.914.560 Bytes frei
.
- - End Of File - - B690ED32239C06C92CA85EBD08268E50
|
|
13.06.2015, 13:59
| #8 |
| /// the machine /// TB-Ausbilder | Windows 7 wie kann ich den DHL Trojaner vollständig entfernen Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
13.06.2015, 17:53
| #9 |
| | Windows 7 wie kann ich den DHL Trojaner vollständig entfernenCode:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 13.06.2015 Suchlauf-Zeit: 16:55:13 Logdatei: mbam.txt Administrator: Ja Version: 2.01.6.1022 Malware Datenbank: v2015.06.13.04 Rootkit Datenbank: v2015.06.02.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: ******* ******* Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 441198 Verstrichene Zeit: 1 Std, 5 Min, 40 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 1 PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\PluginService.exe, 1460, , [7abe6b4f830743f36c4b2964649df40c] Module: 1 PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\DpInterface32.dll, , [a5936e4c3357ae889934f9c3ec15b749], Registrierungsschlüssel: 103 PUP.Optional.IePluginService.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IePluginService, , [7abe6b4f830743f36c4b2964649df40c], PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, , [a197b703296187afbb05d6cf8d766799], PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, , [a197b703296187afbb05d6cf8d766799], PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, , [a197b703296187afbb05d6cf8d766799], PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, , [013712a8315941f5e3b5b1f5db28768a], PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, , [013712a8315941f5e3b5b1f5db28768a], PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, , [013712a8315941f5e3b5b1f5db28768a], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, , [c96fb6044b3fa6907f67e58bf60db24e], PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, , [c96fb6044b3fa6907f67e58bf60db24e], PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, , [c96fb6044b3fa6907f67e58bf60db24e], PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, , [c96fb6044b3fa6907f67e58bf60db24e], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, , [c96fb6044b3fa6907f67e58bf60db24e], PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, , [c96fb6044b3fa6907f67e58bf60db24e], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, , [c96fb6044b3fa6907f67e58bf60db24e], PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, , [c96fb6044b3fa6907f67e58bf60db24e], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, , [c96fb6044b3fa6907f67e58bf60db24e], PUP.Optional.SupTab.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, , [c96fb6044b3fa6907f67e58bf60db24e], PUP.Optional.SupTab.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, , [c96fb6044b3fa6907f67e58bf60db24e], PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}, , [52e6e6d4444659dd5233fd6a49bab14f], PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}, , [52e6e6d4444659dd5233fd6a49bab14f], PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{EEE6C35E-6118-11DC-9C72-001320C79847}, , [52e6e6d4444659dd5233fd6a49bab14f], PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{EEE6C358-6118-11DC-9C72-001320C79847}, , [52e6e6d4444659dd5233fd6a49bab14f], PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{EEE6C359-6118-11DC-9C72-001320C79847}, , [52e6e6d4444659dd5233fd6a49bab14f], PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EEE6C358-6118-11DC-9C72-001320C79847}, , [52e6e6d4444659dd5233fd6a49bab14f], PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EEE6C359-6118-11DC-9C72-001320C79847}, , [52e6e6d4444659dd5233fd6a49bab14f], PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{EEE6C358-6118-11DC-9C72-001320C79847}, , [52e6e6d4444659dd5233fd6a49bab14f], PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{EEE6C359-6118-11DC-9C72-001320C79847}, , [52e6e6d4444659dd5233fd6a49bab14f], PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{EEE6C35E-6118-11DC-9C72-001320C79847}, , [52e6e6d4444659dd5233fd6a49bab14f], PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{EEE6C35E-6118-11DC-9C72-001320C79847}, , [52e6e6d4444659dd5233fd6a49bab14f], PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\CLASSES\Toolbar3.SWEETIE.1, , [52e6e6d4444659dd5233fd6a49bab14f], PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\CLASSES\Toolbar3.SWEETIE, , [52e6e6d4444659dd5233fd6a49bab14f], PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar3.SWEETIE, , [52e6e6d4444659dd5233fd6a49bab14f], PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\Toolbar3.SWEETIE, , [52e6e6d4444659dd5233fd6a49bab14f], PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{EEE6C35C-6118-11DC-9C72-001320C79847}, , [52e6e6d4444659dd5233fd6a49bab14f], PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar3.SWEETIE.1, , [52e6e6d4444659dd5233fd6a49bab14f], PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\Toolbar3.SWEETIE.1, , [52e6e6d4444659dd5233fd6a49bab14f], PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}, , [52e6e6d4444659dd5233fd6a49bab14f], PUP.Optional.SweetPacks.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{EEE6C35C-6118-11DC-9C72-001320C79847}, , [52e6e6d4444659dd5233fd6a49bab14f], PUP.Optional.SweetPacks.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{EEE6C35C-6118-11DC-9C72-001320C79847}, , [52e6e6d4444659dd5233fd6a49bab14f], PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}, , [52e6e6d4444659dd5233fd6a49bab14f], PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\CLASSES\SWEETIE.IEToolbar.1, , [52e6e6d4444659dd5233fd6a49bab14f], PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\CLASSES\SWEETIE.IEToolbar, , [52e6e6d4444659dd5233fd6a49bab14f], PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SWEETIE.IEToolbar, , [52e6e6d4444659dd5233fd6a49bab14f], PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\SWEETIE.IEToolbar, , [52e6e6d4444659dd5233fd6a49bab14f], PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SWEETIE.IEToolbar.1, , [52e6e6d4444659dd5233fd6a49bab14f], PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\SWEETIE.IEToolbar.1, , [52e6e6d4444659dd5233fd6a49bab14f], PUP.Optional.SweetPacks.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{EEE6C35B-6118-11DC-9C72-001320C79847}, , [52e6e6d4444659dd5233fd6a49bab14f], PUP.Optional.SweetPacks.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{EEE6C35B-6118-11DC-9C72-001320C79847}, , [52e6e6d4444659dd5233fd6a49bab14f], PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{EEE6C360-6118-11DC-9C72-001320C79847}, , [c672b6040c7e55e1d374e8c159aa6898], PUP.Optional.SweetIM.A, HKLM\SOFTWARE\CLASSES\SweetIM_URLSearchHook.ToolbarURLSearchHook, , [60d8d0eab9d1082e66bddb7e40c5ae52], PUP.Optional.SweetIM.A, HKLM\SOFTWARE\CLASSES\SweetIM_URLSearchHook.ToolbarURLSearchHook.1, , [1226a911deac0b2b6db6c19891744cb4], PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [a791befc31590f274e88c02e748fa957], PUP.Optional.Mindspark.A, HKLM\SOFTWARE\WOW6432NODE\MapsGalaxy_39, , [c7715466abdf8caa54dda7c74abb5ba5], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\supWPM, , [31076d4d0486b77f2efacd479d67f60a], PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SweetIM, , [9e9a942681099e9813bee61ca06414ec], PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\webssearchesSoftware, , [1e1a407afa90f1451c2552e0f2125ea2], PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SweetIM_URLSearchHook.ToolbarURLSearchHook, , [6bcd8634f69433031c074118b2532dd3], PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SweetIM_URLSearchHook.ToolbarURLSearchHook.1, , [94a4ac0ef892e05631f2de7bd233ee12], PUP.Optional.QuickStart.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pelmeidfhdlhlbjimpabfcbnnojbboma, , [27117a400c7eab8b14d242f08f75c33d], PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [e751d1e99eec92a4716537b749ba17e9], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, , [d5638535d6b4171f05224cc8b351e21e], PUP.Optional.IEPluginServices.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\IePluginService, , [53e59b1fa1e955e1de4805026a9a4ab6], PUP.Optional.Feven.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\Freeven pro 1.2, , [3dfb01b9028878beb4138a98be46ad53], PUP.Optional.PlusHD.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-9.11, , [97a144765832979f5db488aa7e86916f], PUP.Optional.InstallBrain.A, HKU\S-1-5-18\SOFTWARE\WNLT, , [b484c9f10f7b1d19960fb9a130d501ff], PUP.Optional.DigitalSites.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\DSiteProducts, , [db5dedcd6426d363d60586f4986dee12], PUP.Optional.InstallCore.C, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\InstallCore, , [4eeac6f4414984b25a82a2eae91cc838], PUP.Optional.Mindspark.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MapsGalaxy_39, , [3ff9d4e6fc8e74c27eb42945ee17bc44], PUP.Optional.SweetIM.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\SweetIM, , [310710aa6426b87e9b35bc46e71d0bf5], PUP.Optional.Mindspark.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\APPDATALOW\SOFTWARE\MapsGalaxy_39, , [3efab10999f1c2740157b3731be9817f], PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{129A5EFE-35E5-4817-9AFB-218B6BAEA4C6}, , [162255650a800333f8f34542c44150b0], PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{14251522-FF7B-4D3C-AEEE-1850F539AD6D}, , [01374872dfabec4a48a36b1c34d16e92], PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1AE6C958-D4CB-4AED-B84F-C58834F7729D}, , [f5433b7f6228f1451ad160270104d927], PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1B02EE58-A5BA-4158-B5BC-B1F6B66681B6}, , [8dab615933572f077477196e7392817f], PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3BB3AEE7-9A91-4FE9-8C9B-5941799CCE52}, , [1e1af4c62466082e717addaa47beb24e], PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{42C4F537-A8C3-4191-B0C5-97D418BFFA66}, , [f642f9c194f63501a546bfc8af56f40c], PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4E61523D-AF4B-40D1-AD22-C5C169E7BDB6}, , [a0987c3e6d1dd66007e4a8dfac59d62a], PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{54F5DDEC-6A30-4814-931D-1BE5B99FC835}, , [5bdd12a8266485b18d5e7d0a10f57d83], PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{55BBCE5C-6C7D-479A-B931-DB8270269253}, , [d365ebcf0a80201623c7a8df996ca25e], PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{63255EAC-36F8-4C6B-A3D6-198F8B857A32}, , [013708b2a1e939fd40aaaed9b154b749], PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8F873780-D99B-4B47-AE6D-8B78D1A192F0}, , [a09824962f5b0f275f8c2265f213c33d], PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9A965602-C423-434B-99AA-AA26E876F9D9}, , [9b9d704a5139db5bb5351c6bf70eb050], PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A5E275CC-141F-4BE8-8921-B44F11B02BA4}, , [7cbc05b5117943f35d8dee992dd833cd], PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AE3EEBB6-4603-4888-A958-5F99A1F5901A}, , [b97f17a32e5ceb4b7873a3e4699cfd03], PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B133EEDF-1364-420E-94D0-C5CB499F7A96}, , [9d9b7e3c3b4fe3537f6b276054b16a96], PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B446E8F7-AE40-4D2A-B853-CB6529306DD2}, , [1226f3c7eb9fbe783facfb8cec19ac54], PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B4780B6C-4213-4FDB-B596-B019942427B4}, , [71c79f1b0e7c082ea249b1d64cb9ea16], PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C6D9C07D-5A5E-4BE3-A089-2858194EB4F4}, , [c1779624800a0d2909e1f19647be6a96], PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D4983D71-3F6E-4922-9FA2-AAE6D7E2A23E}, , [1f19cfebbecc59dd2dbdd8af3acb11ef], PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6F24F44-AD92-4294-8C83-BDA974D525D0}, , [5ddbefcba0eae353ba31394ef80d12ee], PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E845F300-2FE0-4B63-B14B-9CAA54AF6FA3}, , [de5a7a4090fa7cba9a508205b4513ac6], PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F315509F-6DDD-4174-8980-91319BF16EB6}, , [78c003b7197157df648762254cb960a0], PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SweetIM Bundle by SweetPacks, , [f840c2f83d4de94d8e8348928f74ac54], PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{EEE6C35F-6118-11DC-9C72-001320C79847}, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{EEE6C35A-6118-11DC-9C72-001320C79847}, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EEE6C35A-6118-11DC-9C72-001320C79847}, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{EEE6C35A-6118-11DC-9C72-001320C79847}, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{EEE6C35F-6118-11DC-9C72-001320C79847}, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{EEE6C35F-6118-11DC-9C72-001320C79847}, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\SweetIM_URLSearchHook.ToolbarURLSearchHook, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\SweetIM_URLSearchHook.ToolbarURLSearchHook.1, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}, , [f543ae0c503a0234d4edc0234cb7768a], Registrierungswerte: 36 PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{EEE6C35B-6118-11DC-9C72-001320C79847}, , [52e6e6d4444659dd5233fd6a49bab14f], PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{EEE6C35B-6118-11DC-9C72-001320C79847}, , [3efad2e81f6b5bdb5530baaddd2602fe], PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, hxxp://istart.webssearches.com/web/?type=ds&ts=1398624985&from=tugs&uid=WDCXWD6400BEVT-24A0RT0_WD-WX31A40H7188H7188&q={searchTerms}, , [a791befc31590f274e88c02e748fa957] PUP.Optional.SmartBar, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, , [bd7b9b1f69218aac8f6830e2be463dc3] PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, hxxp://istart.webssearches.com/web/?type=ds&ts=1398624985&from=tugs&uid=WDCXWD6400BEVT-24A0RT0_WD-WX31A40H7188H7188&q={searchTerms}, , [e751d1e99eec92a4716537b749ba17e9] PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{EEE6C360-6118-11DC-9C72-001320C79847}|URL, hxxp://search.sweetim.com/search.asp?src=6&ptr=100&q={searchTerms}&crg=3.1010000.10039&barid={62D5D87B-D5AA-11E2-BBC0-C44619C07852}, , [57e16753f8920b2bf109549abb482ed2] PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{EEE6C360-6118-11DC-9C72-001320C79847}|FaviconURL, hxxp://cdn.web.sweetim.com/toolbarff/searchplugin/sweetim.ico, , [6ccce7d34842b77f1bdfe20cb44feb15] PUP.Optional.SmartBar, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, , [b7819f1b5b2f75c1b245a76b46beea16] PUP.Optional.QuickStart.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|quick_start@gmail.com, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\quick_start@gmail.com, , [a593fdbd6b1f66d011d6ff335ca851af] PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, tugs, , [d5638535d6b4171f05224cc8b351e21e] PUP.Optional.InstallBrain.A, HKU\S-1-5-18\SOFTWARE\WNLT|URL, SIM, , [b484c9f10f7b1d19960fb9a130d501ff] PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{129A5EFE-35E5-4817-9AFB-218B6BAEA4C6}|AppName, b0bf4c38-fff9-4c56-b085-e96a60dfd644-2.exe-codedownloader.exe, , [162255650a800333f8f34542c44150b0] PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{14251522-FF7B-4D3C-AEEE-1850F539AD6D}|AppName, b0bf4c38-fff9-4c56-b085-e96a60dfd644-2.exe-codedownloader.exe, , [01374872dfabec4a48a36b1c34d16e92] PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1AE6C958-D4CB-4AED-B84F-C58834F7729D}|AppName, b0bf4c38-fff9-4c56-b085-e96a60dfd644-2.exe-codedownloader.exe, , [f5433b7f6228f1451ad160270104d927] PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1B02EE58-A5BA-4158-B5BC-B1F6B66681B6}|AppName, b0bf4c38-fff9-4c56-b085-e96a60dfd644-2.exe-codedownloader.exe, , [8dab615933572f077477196e7392817f] PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3BB3AEE7-9A91-4FE9-8C9B-5941799CCE52}|AppName, b0bf4c38-fff9-4c56-b085-e96a60dfd644-2.exe-codedownloader.exe, , [1e1af4c62466082e717addaa47beb24e] PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{42C4F537-A8C3-4191-B0C5-97D418BFFA66}|AppName, d65aac7a-2a4c-469e-b060-bafacbc6072c-2.exe-codedownloader.exe, , [f642f9c194f63501a546bfc8af56f40c] PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4E61523D-AF4B-40D1-AD22-C5C169E7BDB6}|AppName, b0bf4c38-fff9-4c56-b085-e96a60dfd644-2.exe-codedownloader.exe, , [a0987c3e6d1dd66007e4a8dfac59d62a] PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{54F5DDEC-6A30-4814-931D-1BE5B99FC835}|AppName, b0bf4c38-fff9-4c56-b085-e96a60dfd644-2.exe-codedownloader.exe, , [5bdd12a8266485b18d5e7d0a10f57d83] PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{55BBCE5C-6C7D-479A-B931-DB8270269253}|AppName, b0bf4c38-fff9-4c56-b085-e96a60dfd644-2.exe-buttonutil.exe, , [d365ebcf0a80201623c7a8df996ca25e] PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{63255EAC-36F8-4C6B-A3D6-198F8B857A32}|AppName, d65aac7a-2a4c-469e-b060-bafacbc6072c-2.exe-buttonutil.exe, , [013708b2a1e939fd40aaaed9b154b749] PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8F873780-D99B-4B47-AE6D-8B78D1A192F0}|AppName, b0bf4c38-fff9-4c56-b085-e96a60dfd644-2.exe-codedownloader.exe, , [a09824962f5b0f275f8c2265f213c33d] PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9A965602-C423-434B-99AA-AA26E876F9D9}|AppName, b0bf4c38-fff9-4c56-b085-e96a60dfd644-2.exe-buttonutil.exe, , [9b9d704a5139db5bb5351c6bf70eb050] PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A5E275CC-141F-4BE8-8921-B44F11B02BA4}|AppName, b0bf4c38-fff9-4c56-b085-e96a60dfd644-2.exe-buttonutil.exe, , [7cbc05b5117943f35d8dee992dd833cd] PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AE3EEBB6-4603-4888-A958-5F99A1F5901A}|AppName, b0bf4c38-fff9-4c56-b085-e96a60dfd644-2.exe-codedownloader.exe, , [b97f17a32e5ceb4b7873a3e4699cfd03] PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B133EEDF-1364-420E-94D0-C5CB499F7A96}|AppName, d65aac7a-2a4c-469e-b060-bafacbc6072c-2.exe-buttonutil.exe, , [9d9b7e3c3b4fe3537f6b276054b16a96] PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B446E8F7-AE40-4D2A-B853-CB6529306DD2}|AppName, b0bf4c38-fff9-4c56-b085-e96a60dfd644-2.exe-codedownloader.exe, , [1226f3c7eb9fbe783facfb8cec19ac54] PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B4780B6C-4213-4FDB-B596-B019942427B4}|AppName, b0bf4c38-fff9-4c56-b085-e96a60dfd644-2.exe-codedownloader.exe, , [71c79f1b0e7c082ea249b1d64cb9ea16] PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C6D9C07D-5A5E-4BE3-A089-2858194EB4F4}|AppName, b0bf4c38-fff9-4c56-b085-e96a60dfd644-2.exe-buttonutil.exe, , [c1779624800a0d2909e1f19647be6a96] PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D4983D71-3F6E-4922-9FA2-AAE6D7E2A23E}|AppName, d65aac7a-2a4c-469e-b060-bafacbc6072c-2.exe-buttonutil.exe, , [1f19cfebbecc59dd2dbdd8af3acb11ef] PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6F24F44-AD92-4294-8C83-BDA974D525D0}|AppName, b0bf4c38-fff9-4c56-b085-e96a60dfd644-2.exe-codedownloader.exe, , [5ddbefcba0eae353ba31394ef80d12ee] PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E845F300-2FE0-4B63-B14B-9CAA54AF6FA3}|AppName, b0bf4c38-fff9-4c56-b085-e96a60dfd644-2.exe-buttonutil.exe, , [de5a7a4090fa7cba9a508205b4513ac6] PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F315509F-6DDD-4174-8980-91319BF16EB6}|AppName, b0bf4c38-fff9-4c56-b085-e96a60dfd644-2.exe-codedownloader.exe, , [78c003b7197157df648762254cb960a0] PUP.Optional.QuickStart.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MOZILLA\EXTENDS|appid, quick_start@gmail.com, , [d4649a20f3971620d0f98d937a8a6f91] PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS|C:\PROGRAM FILES (X86)\SWEETIM\TOOLBARS\INTERNET EXPLORER\MGHELPERAPP.EXE, 1, , [f543ae0c503a0234d4edc0234cb7768a] PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS|C:\PROGRAM FILES (X86)\SWEETIM\TOOLBARS\INTERNET EXPLORER\MGTOOLBARPROXY.DLL, 1, , [f543ae0c503a0234d4edc0234cb7768a] Registrierungsdaten: 3 PUP.Optional.WebsSearches, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://istart.webssearches.com/web/?type=ds&ts=1398624985&from=tugs&uid=WDCXWD6400BEVT-24A0RT0_WD-WX31A40H7188H7188&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/web/?type=ds&ts=1398624985&from=tugs&uid=WDCXWD6400BEVT-24A0RT0_WD-WX31A40H7188H7188&q={searchTerms}),,[a19795257b0f0b2be607bc78f511fe02] PUP.Optional.WebsSearches, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://istart.webssearches.com/?type=hp&ts=1398624985&from=tugs&uid=WDCXWD6400BEVT-24A0RT0_WD-WX31A40H7188H7188, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1398624985&from=tugs&uid=WDCXWD6400BEVT-24A0RT0_WD-WX31A40H7188H7188),,[58e096246921c96ded00e054679f7d83] PUP.Optional.WebsSearches, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://istart.webssearches.com/web/?type=ds&ts=1398624985&from=tugs&uid=WDCXWD6400BEVT-24A0RT0_WD-WX31A40H7188H7188&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/web/?type=ds&ts=1398624985&from=tugs&uid=WDCXWD6400BEVT-24A0RT0_WD-WX31A40H7188H7188&q={searchTerms}),,[6acef3c792f856e0d41965cf4bbb2bd5] Ordner: 81 PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService, , [f2469723e9a175c1de6e437a847f38c8], PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update, , [f2469723e9a175c1de6e437a847f38c8], PUP.Optional.SweetIM.A, C:\Users\******* *******\AppData\LocalLow\SweetIM, , [e157f2c8464489ad76c7ccf2fa090bf5], PUP.Optional.SweetIM.A, C:\Users\******* *******\AppData\LocalLow\SweetIM\Toolbars, , [e157f2c8464489ad76c7ccf2fa090bf5], PUP.Optional.SweetIM.A, C:\Users\******* *******\AppData\LocalLow\SweetIM\Toolbars\Internet Explorer, , [e157f2c8464489ad76c7ccf2fa090bf5], PUP.Optional.SweetIM.A, C:\Users\******* *******\AppData\LocalLow\SweetIM\Toolbars\Internet Explorer\cache, , [e157f2c8464489ad76c7ccf2fa090bf5], PUP.Optional.WebsSearches.A, C:\Users\******* *******\AppData\Roaming\webssearches, , [dd5b05b5fe8ca3934970ead633d0db25], PUP.Optional.WebsSearches.A, C:\Users\******* *******\AppData\Roaming\webssearches\images, , [dd5b05b5fe8ca3934970ead633d0db25], PUP.Optional.WebsSearches.A, C:\Users\******* *******\AppData\Roaming\webssearches\log, , [dd5b05b5fe8ca3934970ead633d0db25], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\content, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\content\include, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\content\include\tools, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\content\js, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\content\js\lib, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\content\js\module, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\content\js\pack, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\en, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\en-US, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\es, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\es-419, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\fr, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\fr-BE, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\fr-CA, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\fr-CH, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\fr-LU, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\it, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\it-CH, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\pl, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\pt-BR, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\ru, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\ru-MO, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\tr, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\vi, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\zh-CN, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\zh-TW, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\skin, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\defaults, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\defaults\preferences, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\modules, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.Updater.A, C:\Users\******* *******\AppData\Roaming\DSite\UpdateProc, , [53e55466ef9b2c0a8bdfdbf6bc470df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Users\******* *******\AppData\Roaming\SupTab, , [f147e4d60d7d04328e195b768c775da3], PUP.Optional.SweetPacks.A, C:\Program Files (x86)\sweetpacks bundle uninstaller, , [f840c2f83d4de94d8e8348928f74ac54], PUP.Optional.NewPlayer.A, C:\Users\******* *******\AppData\Local\com\NewPlayer.exe_Url_o4dtzvfairwgx2aefcjiiv2m5z1q0lha, , [d46474467911e6502cf7b92aeb1841bf], PUP.Optional.NewPlayer.A, C:\Users\******* *******\AppData\Local\com\NewPlayer.exe_Url_o4dtzvfairwgx2aefcjiiv2m5z1q0lha\2.1.1.7, , [d46474467911e6502cf7b92aeb1841bf], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\conf, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange, , [f543ae0c503a0234d4edc0234cb7768a], Dateien: 256 PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\PluginService.exe, , [7abe6b4f830743f36c4b2964649df40c], PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\DpInterface32.dll, , [a5936e4c3357ae889934f9c3ec15b749], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SupTab.dll, , [c96fb6044b3fa6907f67e58bf60db24e], PUP.Optional.SweetPacks.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll, , [52e6e6d4444659dd5233fd6a49bab14f], PUP.Optional.WpManager, C:\ProgramData\WPM\wprotectmanager.exe, , [2a0ed8e2f9915bdbc88cf5a37b86e41c], PUP.Optional.SupTab.A, C:\Users\******* *******\AppData\Roaming\SupTab\SupTab.dll, , [9c9c09b1800a13233d62b97e37c9d030], PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\DpInterface64.dll, , [2810a614464485b1deef328a3ec38b75], PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\DpInterfacef32.dll, , [073165551e6c2b0b87461e9eff0253ad], PUP.Optional.IEPluginService.A, C:\Program Files (x86)\SupTab\RSHP.exe, , [55e33b7fa9e1c57106394858639ee21e], PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\SearchProtect32.dll, , [fb3defcb4149dc5af7d6a21a8180a25e], PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\SearchProtect64.dll, , [71c79d1d12785adc08c526963ac7d22e], PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\SpAPPSv32.dll, , [e2568f2b5d2d5fd7e8e5a814857c956b], PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\SpAPPSv64.dll, , [ea4e9723206a06301ab3625abd442cd4], PUP.Optional.BrowseFox, C:\Users\******* *******\AppData\Local\wwerwerwe\asdasdasd\ravingreyvenSetup.exe, , [85b34575eb9f63d3ef9b065d8a78718f], PUP.Optional.ScramblePacker.A, C:\Users\******* *******\AppData\Local\wwerwerwe\asdasdasd\setup.exe, , [4eea7149157552e4d7549a19e120916f], PUP.Optional.Conduit.A, C:\Users\******* *******\AppData\Local\wwerwerwe\asdasdasd\sp-downloader.exe, , [ea4e5c5eb3d72511333da8acc53c10f0], PUP.Optional.SweetIM, C:\Windows\Installer\8d91c6f.msi, , [1523b7036e1cc472b88abdaa9c6a0ff1], PUP.Optional.SearchResults.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\searchplugins\Search_Results.xml, , [eb4dcaf0107a79bd243a7a946d97bc44], PUP.Optional.QuickStart.A, C:\Users\******* *******\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx, , [8cacb406fd8d1b1b66637a997d8724dc], PUP.Optional.WebsSearches.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\webssearches.xml, , [092fd3e796f437ffa49f2a08fe062dd3], PUP.Optional.Delta.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\searchplugins\delta.xml, , [4aee0eacf793da5cedf661d2af5540c0], PUP.Optional.BrowserDefender.A, C:\Users\******* *******\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage, , [e94f487207831521f9e573e31beaf709], PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update\conf, , [f2469723e9a175c1de6e437a847f38c8], PUP.Optional.SweetIM.A, C:\Users\******* *******\AppData\LocalLow\SweetIM\Toolbars\Internet Explorer\cache\27638b112811943e97ec5efb691d6916.toolbar48.xml, , [e157f2c8464489ad76c7ccf2fa090bf5], PUP.Optional.SweetIM.A, C:\Users\******* *******\AppData\LocalLow\SweetIM\Toolbars\Internet Explorer\cache\8d03c0783b1e34c2b403cee25e4f3d73.options_remote44b_no_fb.html, , [e157f2c8464489ad76c7ccf2fa090bf5], PUP.Optional.SweetIM.A, C:\Users\******* *******\AppData\LocalLow\SweetIM\Toolbars\Internet Explorer\cache\ccbd8b558f1d599e360b3dc00c89e1b1.facebook2.png, , [e157f2c8464489ad76c7ccf2fa090bf5], PUP.Optional.SweetIM.A, C:\Users\******* *******\AppData\LocalLow\SweetIM\Toolbars\Internet Explorer\cache\d7663980840977888075cdf06da9e63d.facebook2_hover.png, , [e157f2c8464489ad76c7ccf2fa090bf5], PUP.Optional.SweetIM.A, C:\Users\******* *******\AppData\LocalLow\SweetIM\Toolbars\Internet Explorer\cache\dda5971490977d5465f836a12522f1a1.games3.png, , [e157f2c8464489ad76c7ccf2fa090bf5], PUP.Optional.WebsSearches.A, C:\Users\******* *******\AppData\Roaming\webssearches\92.json, , [dd5b05b5fe8ca3934970ead633d0db25], PUP.Optional.WebsSearches.A, C:\Users\******* *******\AppData\Roaming\webssearches\uninstallDlg.xml, , [dd5b05b5fe8ca3934970ead633d0db25], PUP.Optional.WebsSearches.A, C:\Users\******* *******\AppData\Roaming\webssearches\UninstallManager.exe, , [dd5b05b5fe8ca3934970ead633d0db25], PUP.Optional.WebsSearches.A, C:\Users\******* *******\AppData\Roaming\webssearches\images\bg1.png, , [dd5b05b5fe8ca3934970ead633d0db25], PUP.Optional.WebsSearches.A, C:\Users\******* *******\AppData\Roaming\webssearches\images\button1.png, , [dd5b05b5fe8ca3934970ead633d0db25], PUP.Optional.WebsSearches.A, C:\Users\******* *******\AppData\Roaming\webssearches\images\checked.png, , [dd5b05b5fe8ca3934970ead633d0db25], PUP.Optional.WebsSearches.A, C:\Users\******* *******\AppData\Roaming\webssearches\images\close.png, , [dd5b05b5fe8ca3934970ead633d0db25], PUP.Optional.WebsSearches.A, C:\Users\******* *******\AppData\Roaming\webssearches\images\min.png, , [dd5b05b5fe8ca3934970ead633d0db25], PUP.Optional.WebsSearches.A, C:\Users\******* *******\AppData\Roaming\webssearches\images\Thumbs.db, , [dd5b05b5fe8ca3934970ead633d0db25], PUP.Optional.WebsSearches.A, C:\Users\******* *******\AppData\Roaming\webssearches\images\unchecked.png, , [dd5b05b5fe8ca3934970ead633d0db25], PUP.Optional.WebsSearches.A, C:\Users\******* *******\AppData\Roaming\webssearches\log\UninstallManager_2014-04-27[21-36-46-071].log, , [dd5b05b5fe8ca3934970ead633d0db25], PUP.Optional.WebsSearches.A, C:\Users\******* *******\AppData\Roaming\webssearches\log\UninstallManager_2014-04-27[21-37-02-712].log, , [dd5b05b5fe8ca3934970ead633d0db25], PUP.Optional.WebsSearches.A, C:\Users\******* *******\AppData\Roaming\webssearches\log\UninstallManager_2014-05-05[22-06-47-000].log, , [dd5b05b5fe8ca3934970ead633d0db25], PUP.Optional.WebsSearches.A, C:\Users\******* *******\AppData\Roaming\webssearches\log\UninstallManager_2014-05-05[22-12-28-288].log, , [dd5b05b5fe8ca3934970ead633d0db25], PUP.Optional.WebsSearches.A, C:\Users\******* *******\AppData\Roaming\webssearches\log\UninstallManager_2014-05-05[22-12-38-581].log, , [dd5b05b5fe8ca3934970ead633d0db25], PUP.Optional.WebsSearches.A, C:\Users\******* *******\AppData\Roaming\webssearches\log\UninstallManager_2014-05-11[22-46-51-130].log, , [dd5b05b5fe8ca3934970ead633d0db25], PUP.Optional.WebsSearches.A, C:\Users\******* *******\AppData\Roaming\webssearches\log\UninstallManager_2014-05-11[22-58-04-388].log, , [dd5b05b5fe8ca3934970ead633d0db25], PUP.Optional.WebsSearches.A, C:\Users\******* *******\AppData\Roaming\webssearches\log\UninstallManager_2014-05-11[22-58-18-513].log, , [dd5b05b5fe8ca3934970ead633d0db25], PUP.Optional.WebsSearches.A, C:\Users\******* *******\AppData\Roaming\webssearches\log\UninstallManager_2014-05-11[22-58-37-725].log, , [dd5b05b5fe8ca3934970ead633d0db25], PUP.Optional.WebsSearches.A, C:\Users\******* *******\AppData\Roaming\webssearches\log\UninstallManager_2014-05-11[22-58-49-078].log, , [dd5b05b5fe8ca3934970ead633d0db25], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome.manifest, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\install.rdf, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\content\index.html, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\content\quick_start.js, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\content\quick_start.xul, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\content\include\speed_dial.js, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\content\include\tools\about_blank_hook.js, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\content\include\tools\misc.js, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\content\include\tools\popup_image_helper.js, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\content\include\tools\urlrequestor.js, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\content\js\js.js, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\content\js\lib\doT.min.js, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\content\js\lib\jquery-2.1.0.min.js, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\content\js\lib\jquery.autocomplete.js, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\content\js\module\hotSearch.js, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\content\js\module\mostgrid.js, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\content\js\module\search.js, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\content\js\module\stat.js, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\content\js\pack\common.js, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\content\js\pack\ga.js, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\content\js\pack\xagainit.js, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\en\locale.properties, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\en-US\locale.properties, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\es\locale.properties, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\es-419\locale.properties, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\fr\locale.properties, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\fr-BE\locale.properties, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\fr-CA\locale.properties, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\fr-CH\locale.properties, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\fr-LU\locale.properties, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\it\locale.properties, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\it-CH\locale.properties, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\pl\locale.properties, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\pt-BR\locale.properties, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\ru\locale.properties, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\ru-MO\locale.properties, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\tr\locale.properties, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\vi\locale.properties, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\zh-CN\locale.properties, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\zh-TW\locale.properties, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\skin\default_logo.png, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\skin\googlelogo.png, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\skin\google_trends.png, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\skin\icon.png, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\skin\loading.gif, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\skin\logo.png, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\skin\newtab.ico, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\skin\simple.css, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\skin\style.css, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\defaults\preferences\fvd.js, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\defaults\preferences\preferences.js, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\modules\addonmanager.js, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\modules\aes.js, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\modules\config.js, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\modules\dialogs.js, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\modules\last_tab.js, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\modules\misc.js, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\modules\properties.js, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\modules\remoterequest.js, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\modules\restoreprefs.js, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\modules\settings.js, , [3602e3d7fc8e89ad2df623aa8a797789], PUP.Optional.Updater.A, C:\Users\******* *******\AppData\Roaming\DSite\UpdateProc\config.dat, , [53e55466ef9b2c0a8bdfdbf6bc470df3], PUP.Optional.Updater.A, C:\Users\******* *******\AppData\Roaming\DSite\UpdateProc\TTL.DAT, , [53e55466ef9b2c0a8bdfdbf6bc470df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\ient.json, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\install.data, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\uninstall.exe, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WebDataJs, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\data.html, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE.html, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE8.html, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\main.css, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\ver.txt, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\arrow.png, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_add_logo.png, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_add_logo_hover.png, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_logo.png, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\googlelogo.png, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\googlelogo2.png, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\google_trends.png, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon128.png, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon16.png, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon48.png, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\loading.gif, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\logo32.ico, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\0.png, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\common.js, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ga.js, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ie8.js, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery-1.11.0.min.js, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery.autocomplete.js, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\js.js, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\library.js, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\xagainit.js, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US\messages.json, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419\messages.json, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES\messages.json, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE\messages.json, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA\messages.json, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH\messages.json, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR\messages.json, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU\messages.json, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH\messages.json, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT\messages.json, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl\messages.json, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt\messages.json, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR\messages.json, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru\messages.json, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO\messages.json, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR\messages.json, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI\messages.json, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN\messages.json, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW\messages.json, , [49efb4064b3fc5715e48577af50e14ec], PUP.Optional.SweetPacks.A, C:\Program Files (x86)\sweetpacks bundle uninstaller\uninstaller.exe, , [f840c2f83d4de94d8e8348928f74ac54], PUP.Optional.NewPlayer.A, C:\Users\******* *******\AppData\Local\com\NewPlayer.exe_Url_o4dtzvfairwgx2aefcjiiv2m5z1q0lha\2.1.1.7\user.config, , [d46474467911e6502cf7b92aeb1841bf], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\ClearHist.exe, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\default.xml, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgcommon.dll, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgconfig.dll, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mghooking.dll, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mglogger.dll, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\conf\logger.xml, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcm90.dll, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcp90.dll, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcr90.dll, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\eye_icon.png, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_32x32.png, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\about.html, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\affid.dat, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\basis.xml, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\bing.png, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\clear-history.png, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim-over.gif, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim.gif, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\content-notifier.js, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\dating.png, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\dictionary.png, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\eye_icon_over.png, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\e_cards.png, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\find.png, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\free_stuff.png, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\games.png, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\glitter.png, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\google.png, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\help.png, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\highlight.png, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\locales.xml, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_16x16.png, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_21x18.png, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_about.png, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\more-search-providers.png, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\music.png, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\news.png, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\onstart.js, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\options.html, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\photos.png, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\search-current-site.png, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\shopping.png, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\SmileySmile.png, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\SmileyWink.png, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\sweetim_text.png, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\toolbar.xml, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\video.png, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\web-search.png, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\yahoo.png, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button.png, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_bing.png, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_blank.png, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_current.png, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_dictionary.png, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_google.png, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_hover.png, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_left.png, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_photo.png, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_video.png, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_web.png, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_yahoo.png, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button.png, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_bing.png, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_current.png, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_dictionary.png, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_google.png, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_hover.png, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_left.png, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_photo.png, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_video.png, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_web.png, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_yahoo.png, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button.png, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_bing.png, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_current.png, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_dictionary.png, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_google.png, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_hover.png, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_left.png, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_photo.png, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_video.png, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_web.png, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_yahoo.png, , [f543ae0c503a0234d4edc0234cb7768a], PUP.Optional.HttpBreaker.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.startup.homepage", "hxxp://istart.webssearches.com/?type=hppp&ts=1422705841&from=tugs&uid=WDCXWD6400BEVT-24A0RT0_WD-WX31A40H7188H7188");), ,[ca6e9723741673c3a1b03b4437cf748c] PUP.Optional.QuickStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");), ,[e058f1c986048da92e5d305020e6d12f] PUP.Optional.CrossRider.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.crossrider.bic", "14595745b550aea38e7407b6637b7ea8");), ,[bb7d3a80f29891a50e341c65d72f8d73] Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) Code:
ATTFilter # AdwCleaner v4.206 - Bericht erstellt 13/06/2015 um 18:27:28
# Aktualisiert 01/06/2015 von Xplode
# Datenbank : 2015-05-31.5 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : ******* ******* - LAPTOP*******
# Gestarted von : C:\Users\******* *******\Videos\Desktop\AdwCleaner_4.206.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\Program Files (x86)\DM
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Users\******* *******\AppData\Local\wwerwerwe
Ordner Gelöscht : C:\Users\******* *******\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\******* *******\AppData\Roaming\DSite
Ordner Gelöscht : C:\Users\******* *******\AppData\Roaming\dvdvideosoftiehelpers
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\invalidprefs.js
Datei Gelöscht : C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\user.js
***** [ Geplante Tasks ] *****
Task Gelöscht : DSite
Task Gelöscht : QtraxPlayer
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Schlüssel Gelöscht : HKCU\Software\Mozilla\Extends
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SDP
Schlüssel Gelöscht : HKLM\SOFTWARE\5f0dd88b03fef45
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C424171E-592A-415A-9EB1-DFD6D95D3530}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\qtrax
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\yuna software
Schlüssel Gelöscht : HKLM\SOFTWARE\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Myfree Codec
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\Wpm
Schlüssel Gelöscht : HKLM\SOFTWARE\Taronja
Schlüssel Gelöscht : HKU\.DEFAULT\Software\ImInstaller
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\istart.webssearches.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\portaldosites.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\webssearches.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.portaldosites.com
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17840
-\\ Mozilla Firefox v38.0.5 (x86 de)
[ut2jfejl.default\prefs.js] - Zeile Gelöscht : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
[ut2jfejl.default\prefs.js] - Zeile Gelöscht : user_pref("browser.startup.homepage", "hxxp://istart.webssearches.com/?type=hppp&ts=1422705841&from=tugs&uid=WDCXWD6400BEVT-24A0RT0_WD-WX31A40H7188H7188");
[ut2jfejl.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.crossrider.bic", "14595745b550aea38e7407b6637b7ea8");
[ut2jfejl.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.DockingPositionDown", false);
[ut2jfejl.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false);
[ut2jfejl.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
[ut2jfejl.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mywebsearch.prevDefaultEngine", "webssearches");
[ut2jfejl.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mywebsearch.prevSelectedEngine", "Google");
[ut2jfejl.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[ut2jfejl.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
[ut2jfejl.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._1gMembers_.lastActivePing", "1412449414820");
[ut2jfejl.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._1gMembers_.weather.location", "10001");
[ut2jfejl.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._39Members_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=A819D084-1321-4E2D-B1E1-BEEC09BE9FF2&n=77fce4a9&p2=^UX^xdm170^YY^es&si=MA_MAPS_FIG_SPA_11");
[ut2jfejl.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._39Members_.initialized", true);
[ut2jfejl.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._39Members_.installation.contextKey", "");
[ut2jfejl.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._39Members_.installation.installDate", "2013062313");
[ut2jfejl.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._39Members_.installation.partnerId", "^UX^xdm170^YY^es");
[ut2jfejl.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._39Members_.installation.partnerSubId", "MA_MAPS_FIG_SPA_11");
[ut2jfejl.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._39Members_.installation.success", true);
[ut2jfejl.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._39Members_.installation.toolbarId", "A819D084-1321-4E2D-B1E1-BEEC09BE9FF2");
[ut2jfejl.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._39Members_.lastActivePing", "1399836722148");
[ut2jfejl.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._39Members_.options.defaultSearch", false);
[ut2jfejl.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._39Members_.options.homePageEnabled", false);
[ut2jfejl.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._39Members_.options.keywordEnabled", true);
[ut2jfejl.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._39Members_.options.tabEnabled", true);
[ut2jfejl.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._39Members_.searchHistory", "airberlingermanwingsgaggenau Z?richroutenplanermaxdomeyirumagoogle ?bersetztegoogle ?bersetzteryoutubeRichard Cla[...]
[ut2jfejl.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._39Members_.weather.location", "10001");
[ut2jfejl.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark.lastInstalled", "inboxace@mindspark.com");
[ut2jfejl.default\prefs.js] - Zeile Gelöscht : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=410&sr=0&q=");
-\\ Google Chrome v43.0.2357.124
[C:\Users\******* *******\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://de.ask.com/web?q={searchTerms}
[C:\Users\******* *******\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://feed.plusnetwork.com/?publisher=MessengerPlus&dpid=MessengerPlus&co=ES&userid=75a24c15-c0a1-4ad5-8f97-6b6c0d8a2a90&sp=caddr&q={searchTerms}&t=a1211
[C:\Users\******* *******\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.delta-search.com/?q={searchTerms}&affID=119357&babsrc=SP_ss&mntrId=463AC446198F75DA
[C:\Users\******* *******\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://dts.search-results.com/sr?src=crb&appid=0&systemid=410&sr=0&q={searchTerms}
[C:\Users\******* *******\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://istart.webssearches.com/web/?type=dspp&ts=1434136452&from=tugs&uid=WDCXWD6400BEVT-24A0RT0_WD-WX31A40H7188H7188&q={searchTerms}
[C:\Users\******* *******\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Gelöscht [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
[C:\Users\******* *******\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Gelöscht [Extension] : fjoijdanhaiflhibkljeklcghcmmfffh
[C:\Users\******* *******\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Gelöscht [Extension] : flpcjncodpafbgdpnkljologafpionhb
[C:\Users\******* *******\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Gelöscht [Extension] : gnbcopcndefcccgdofjadnafjljgofam
[C:\Users\******* *******\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Gelöscht [Homepage] : hxxp://www.searchnu.com/410
[C:\Users\******* *******\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Gelöscht [Startup_URLs] : hxxp://istart.webssearches.com/?type=hppp&ts=1421522003&from=tugs&uid=WDCXWD6400BEVT-24A0RT0_WD-WX31A40H7188H7188
*************************
AdwCleaner[R0].txt - [16238 Bytes] - [13/06/2015 18:23:24]
AdwCleaner[S0].txt - [15880 Bytes] - [13/06/2015 18:27:28]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15940 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.9.4 (06.13.2015:2)
OS: Windows 7 Home Premium x64
Ran by ******* ******* on 13.06.2015 at 18:44:06,74
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2361403017-131952453-2753301349-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] C:\Program Files (x86)\mozilla firefox\firefox.cfg
~~~ Folders
Successfully deleted: [Folder] C:\Program Files (x86)\myfree codec
Successfully deleted: [Folder] C:\Users\******* *******\appdata\local\com
~~~ FireFox
~~~ Chrome
[C:\Users\******* *******\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
[C:\Users\******* *******\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
[C:\Users\******* *******\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
[C:\Users\******* *******\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
booedmolknjekdopkepjjeckmjkdpfgl,
fjoijdanhaiflhibkljeklcghcmmfffh,
flpcjncodpafbgdpnkljologafpionhb,
gnbcopcndefcccgdofjadnafjljgofam
]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.06.2015 at 18:49:42,52
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
13.06.2015, 18:03
| #10 |
| | Windows 7 wie kann ich den DHL Trojaner vollständig entfernenCode:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by ******* ******* (administrator) on LAPTOP******* on 13-06-2015 18:59:57
Running from C:\Users\******* *******\Downloads
Loaded Profiles: ******* ******* (Available Profiles: ******* *******)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Expression\Web 4\ExpressionWeb.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [521272 2010-03-22] (Conexant Systems, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [TrayServer] => C:\Program Files (x86)\MAGIX\Video_deluxe_15\TrayServer.exe [90112 2008-08-07] (MAGIX AG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2014208 2014-08-05] (iSkySoft)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\iSkysoft\Video Converter Ultimate\DelayPluginI.exe [1960336 2014-09-26] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-2361403017-131952453-2753301349-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-2361403017-131952453-2753301349-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2015-03-18] (Microsoft Corporation)
HKU\S-1-5-21-2361403017-131952453-2753301349-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-07-17] (Google Inc.)
HKU\S-1-5-21-2361403017-131952453-2753301349-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-2361403017-131952453-2753301349-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-18\...\RunOnce: [WLStart] => C:\Program Files (x86)\Windows Live\Installer\wlstart.exe [786760 2009-07-26] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk [2014-10-03]
ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2010-08-17]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2012-03-24]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\******* *******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012-09-13]
ShortcutTarget: Dropbox.lnk -> C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\******* *******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\STRATO HiDrive.lnk [2013-10-03]
ShortcutTarget: STRATO HiDrive.lnk -> C:\Program Files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive.exe (STRATO)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2361403017-131952453-2753301349-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-19] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-05-23] (DivX, LLC)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-05] (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-19] (Google Inc.)
BHO-x32: iSkysoft Video Converter Ultimate 5.1.0 -> {AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} -> C:\ProgramData\iSkysoft\Video Converter Ultimate\WSBrowserAppMgr.dll [2014-09-26] (Wondershare)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-05] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-19] (Google Inc.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-19] (Google Inc.)
Toolbar: HKU\S-1-5-21-2361403017-131952453-2753301349-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-2361403017-131952453-2753301349-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKU\S-1-5-21-2361403017-131952453-2753301349-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-19] (Google Inc.)
DPF: HKLM {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-04-29] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-04-29] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-04-29] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-04-29] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-04-29] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-04-29] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-04-29] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 - No File
Tcpip\..\Interfaces\{AF4B7A41-3583-463C-B531-3C89CE481D19}: [NameServer] 8.8.8.8,192.168.0.1
Tcpip\..\Interfaces\{DF2B36DA-9763-40AB-827C-61CD9F3CFD95}: [NameServer] 8.8.8.8,192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default
FF NetworkProxy: "ftp", "194.110.219.43"
FF NetworkProxy: "ftp_port", 3129
FF NetworkProxy: "gopher", "194.110.219.43"
FF NetworkProxy: "gopher_port", 3129
FF NetworkProxy: "http", "194.110.219.43"
FF NetworkProxy: "http_port", 3129
FF NetworkProxy: "socks", "194.110.219.43"
FF NetworkProxy: "socks_port", 3129
FF NetworkProxy: "ssl", "194.110.219.43"
FF NetworkProxy: "ssl_port", 3129
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-09] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\windows\system32\npDeployJava1.dll [2012-06-17] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2013-03-21] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-09] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-05-25] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-05] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-24] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-24] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2013-03-21] (Adobe Systems)
FF Plugin HKU\.DEFAULT: @protectdisc.com/NPPDLicenseHelper -> C:\windows\system32\config\systemprofile\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll No File
FF Plugin HKU\S-1-5-21-2361403017-131952453-2753301349-1000: @protectdisc.com/NPPDLicenseHelper -> C:\Users\******* *******\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll [2009-06-25] ( )
FF Extension: Proxy-Listen.de - Proxyswitcher - C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\Extensions\admin@proxy-listen.de.xpi [2014-01-20]
FF Extension: Best Proxy Switcher - C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\Extensions\bestproxyswitcher@bestproxyswitcher.com.xpi [2014-01-20]
FF Extension: anonymoX - C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\Extensions\client@anonymox.net.xpi [2014-01-20]
FF Extension: Firebug - C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\Extensions\firebug@software.joehewitt.com.xpi [2014-05-16]
FF Extension: Adblock Plus - C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-06]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011-07-31]
FF HKLM-x32\...\Firefox\Extensions: [ISVCU@iSkysoft.com] - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com
FF Extension: iSkysoft Video Converter Ultimate - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com [2014-10-04]
Chrome:
=======
CHR RestoreOnStartup: Default -> "hxxp://www.searchnu.com/410"
CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hppp&ts=1421522003&from=tugs&uid=WDCXWD6400BEVT-24A0RT0_WD-WX31A40H7188H7188"
CHR NewTab: Default -> "chrome-extension://lddlkbkjpicecdnicegjgfihibacdefe/config/skin/new-tab.html"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.210.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U21) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Protect Disc License Acquisition Plugin) - C:\Users\******* *******\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Profile: C:\Users\******* *******\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\******* *******\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-08]
CHR Extension: (Google Search) - C:\Users\******* *******\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-08]
CHR Extension: (Google Wallet) - C:\Users\******* *******\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-27]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\******* *******\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-01-08]
CHR Extension: (Gmail) - C:\Users\******* *******\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-08]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-05-23]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [864032 2009-08-11] (Broadcom Corporation.)
S2 DBService; C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe [2650112 2010-05-28] (DATA BECKER GmbH & Co KG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®) [File not signed]
S3 IGRS; C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-14] (Lenovo Group Limited)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [509192 2009-08-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [579400 2009-09-22] (Lenovo Group Limited)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S2 Prosieben; C:\Program Files (x86)\maxdome\DCBin\DCService.exe [77032 2009-05-01] (Entriq, Inc.)
S3 PS_MDP; C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-16] (Lenovo Group Limited)
S2 ReadyComm.DirectRouter; C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll [103688 2009-07-14] (Lenovo Group Limited)
S2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [994360 2011-10-14] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-10-14] (Secunia)
S3 StarMoney Business 4.0 OnlineUpdate; C:\Program Files (x86)\StarMoney Business 4.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [554160 2011-11-08] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
S2 StarMoney Business 6.0 OnlineUpdate; C:\Program Files (x86)\StarMoney Business 6.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 TuneUp.Defrag; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe [607048 2011-07-16] (TuneUp Software)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [1403208 2010-05-10] (TuneUp Software)
S3 UPnPService; C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [544768 2006-12-14] (Magix AG) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 Bridge0; C:\Windows\System32\drivers\WDBridge.sys [79376 2009-07-16] (Lenovo)
S3 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [107736 2015-04-14] (Malwarebytes Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [11856 2009-10-14] (TuneUp Software)
R3 usbsmi; C:\Windows\System32\DRIVERS\SMIksdrv.sys [200704 2010-04-20] (SMI)
R3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [11280 2009-07-16] (Lenovo)
S3 WsAudio_Device(1); C:\Windows\System32\drivers\VirtualAudio1.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(2); C:\Windows\System32\drivers\VirtualAudio2.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(3); C:\Windows\System32\drivers\VirtualAudio3.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(4); C:\Windows\System32\drivers\VirtualAudio4.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(5); C:\Windows\System32\drivers\VirtualAudio5.sys [31080 2013-01-25] (Wondershare)
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files (x86)\Lenovo\PlayMovie\000.fcl [146928 2010-01-21] (CyberLink Corp.)
U3 BcmSqlStartupSvc; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 IviRegMgr; No ImagePath
S3 MsgPlusDriver; system32\DRIVERS\MsgPlusDriver.sys [X]
U2 RichVideo; No ImagePath
U3 SQLWriter; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-13 18:59 - 2015-06-13 18:59 - 00000000 ____D C:\Users\******* *******\Downloads\FRST-OlderVersion
2015-06-13 18:44 - 2015-06-13 18:44 - 00000207 _____ C:\windows\tweaking.com-regbackup-LAPTOP*******-Windows-7-Home-Premium-(64-bit).dat
2015-06-13 18:44 - 2015-06-13 18:44 - 00000000 ____D C:\RegBackup
2015-06-13 18:22 - 2015-06-13 18:27 - 00000000 ____D C:\AdwCleaner
2015-06-13 16:52 - 2015-06-13 16:52 - 00001102 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-13 16:52 - 2015-06-13 16:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-06-13 16:52 - 2015-06-13 16:52 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-06-13 16:52 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-06-13 16:52 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-06-13 16:50 - 2015-06-13 16:51 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\******* *******\Downloads\mbam-setup-2.1.6.1022.exe
2015-06-12 21:33 - 2015-06-13 18:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-12 21:24 - 2015-06-12 21:24 - 00035152 _____ C:\ComboFix.txt
2015-06-12 20:54 - 2015-06-12 21:24 - 00000000 ____D C:\Qoobox
2015-06-12 20:54 - 2015-06-12 21:20 - 00000000 ____D C:\windows\erdnt
2015-06-12 20:54 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe
2015-06-12 20:54 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe
2015-06-12 20:54 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-06-12 20:54 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-06-12 20:54 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-06-12 20:54 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe
2015-06-12 20:54 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe
2015-06-12 20:54 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe
2015-06-11 08:59 - 2015-06-11 08:59 - 00000000 ____D C:\Users\******* *******\AppData\Local\GWX
2015-06-10 22:42 - 2015-05-25 20:24 - 05569984 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-06-10 22:42 - 2015-05-25 20:21 - 01728960 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-06-10 22:42 - 2015-05-25 20:19 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-06-10 22:42 - 2015-05-25 20:19 - 01255424 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2015-06-10 22:42 - 2015-05-25 20:19 - 01162752 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-06-10 22:42 - 2015-05-25 20:19 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2015-06-10 22:42 - 2015-05-25 20:19 - 00728576 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-06-10 22:42 - 2015-05-25 20:19 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-06-10 22:42 - 2015-05-25 20:19 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-06-10 22:42 - 2015-05-25 20:19 - 00113664 _____ (Microsoft Corporation) C:\windows\system32\sechost.dll
2015-06-10 22:42 - 2015-05-25 20:18 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2015-06-10 22:42 - 2015-05-25 20:18 - 00404992 _____ (Microsoft Corporation) C:\windows\system32\tracerpt.exe
2015-06-10 22:42 - 2015-05-25 20:18 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\logman.exe
2015-06-10 22:42 - 2015-05-25 20:07 - 03989440 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-06-10 22:42 - 2015-05-25 20:07 - 03934144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-06-10 22:42 - 2015-05-25 20:04 - 01310744 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-06-10 22:42 - 2015-05-25 20:01 - 00641536 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2015-06-10 22:42 - 2015-05-25 20:01 - 00635392 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2015-06-10 22:42 - 2015-05-25 20:01 - 00551424 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-06-10 22:42 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\windows\SysWOW64\tracerpt.exe
2015-06-10 22:42 - 2015-05-25 19:59 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-06-10 22:42 - 2015-05-25 19:00 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2015-06-10 22:41 - 2015-05-25 20:23 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-06-10 22:41 - 2015-05-25 20:23 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-06-10 22:41 - 2015-05-25 20:19 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-06-10 22:41 - 2015-05-25 20:19 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-06-10 22:41 - 2015-05-25 20:19 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-06-10 22:41 - 2015-05-25 20:19 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-06-10 22:41 - 2015-05-25 20:19 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-06-10 22:41 - 2015-05-25 20:19 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-06-10 22:41 - 2015-05-25 20:19 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-06-10 22:41 - 2015-05-25 20:19 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-06-10 22:41 - 2015-05-25 20:19 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-06-10 22:41 - 2015-05-25 20:19 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-06-10 22:41 - 2015-05-25 20:19 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-06-10 22:41 - 2015-05-25 20:19 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-06-10 22:41 - 2015-05-25 20:19 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-06-10 22:41 - 2015-05-25 20:19 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-06-10 22:41 - 2015-05-25 20:18 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-06-10 22:41 - 2015-05-25 20:18 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-06-10 22:41 - 2015-05-25 20:18 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-06-10 22:41 - 2015-05-25 20:18 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-06-10 22:41 - 2015-05-25 20:18 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\typeperf.exe
2015-06-10 22:41 - 2015-05-25 20:18 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-06-10 22:41 - 2015-05-25 20:18 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\relog.exe
2015-06-10 22:41 - 2015-05-25 20:18 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-06-10 22:41 - 2015-05-25 20:18 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-06-10 22:41 - 2015-05-25 20:18 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\diskperf.exe
2015-06-10 22:41 - 2015-05-25 20:14 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-06-10 22:41 - 2015-05-25 20:14 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:01 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-06-10 22:41 - 2015-05-25 20:01 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-06-10 22:41 - 2015-05-25 20:01 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-06-10 22:41 - 2015-05-25 20:01 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-06-10 22:41 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\windows\SysWOW64\sechost.dll
2015-06-10 22:41 - 2015-05-25 20:01 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-06-10 22:41 - 2015-05-25 20:01 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-06-10 22:41 - 2015-05-25 20:01 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-06-10 22:41 - 2015-05-25 20:01 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-06-10 22:41 - 2015-05-25 20:01 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-06-10 22:41 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\logman.exe
2015-06-10 22:41 - 2015-05-25 20:00 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-06-10 22:41 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\windows\SysWOW64\typeperf.exe
2015-06-10 22:41 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\windows\SysWOW64\relog.exe
2015-06-10 22:41 - 2015-05-25 20:00 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-06-10 22:41 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\diskperf.exe
2015-06-10 22:41 - 2015-05-25 19:59 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-06-10 22:41 - 2015-05-25 19:59 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-06-10 22:41 - 2015-05-25 19:59 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-06-10 22:41 - 2015-05-25 19:57 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-06-10 22:41 - 2015-05-25 19:57 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 18:50 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-06-10 22:41 - 2015-05-25 18:50 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-06-10 22:41 - 2015-05-25 18:48 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 18:48 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 18:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-10 22:36 - 2015-05-22 20:18 - 01021440 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-06-10 22:36 - 2015-05-22 20:18 - 00757248 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-06-10 22:36 - 2015-05-22 20:18 - 00700416 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-06-10 22:36 - 2015-05-22 20:18 - 00423424 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-06-10 22:36 - 2015-05-22 20:18 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-06-10 22:36 - 2015-05-22 20:18 - 00045568 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-06-10 22:36 - 2015-05-22 20:13 - 01119232 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-06-10 22:36 - 2015-05-21 15:19 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-06-10 22:36 - 2015-04-29 20:22 - 14635008 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2015-06-10 22:36 - 2015-04-29 20:21 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2015-06-10 22:36 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2015-06-10 22:36 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2015-06-10 22:36 - 2015-04-29 20:19 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2015-06-10 22:36 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2015-06-10 22:36 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwmp.dll
2015-06-10 22:36 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdxm.ocx
2015-06-10 22:36 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxmasf.dll
2015-06-10 22:36 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2015-06-10 22:35 - 2015-05-25 19:08 - 03206144 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-06-10 22:35 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
2015-06-10 22:35 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll
2015-06-10 22:35 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\stream.sys
2015-06-10 22:27 - 2015-06-01 21:16 - 00389840 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-06-10 22:27 - 2015-06-01 20:07 - 00342736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-06-10 22:27 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-06-10 22:27 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-06-10 22:27 - 2015-05-23 05:28 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-06-10 22:27 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-06-10 22:27 - 2015-05-23 05:15 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-06-10 22:27 - 2015-05-23 05:15 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-06-10 22:27 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-06-10 22:27 - 2015-05-23 05:13 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-06-10 22:27 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-06-10 22:27 - 2015-05-23 05:09 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-06-10 22:27 - 2015-05-23 05:08 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-06-10 22:27 - 2015-05-23 05:06 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-06-10 22:27 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-06-10 22:27 - 2015-05-23 05:05 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-06-10 22:27 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-06-10 22:27 - 2015-05-23 04:57 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-06-10 22:27 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-10 22:27 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-06-10 22:27 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-06-10 22:27 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-06-10 22:27 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-06-10 22:27 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-06-10 22:27 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-06-10 22:27 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-06-10 22:27 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-06-10 22:27 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-06-10 22:27 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-06-10 22:27 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-06-10 22:27 - 2015-05-22 21:16 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-06-10 22:27 - 2015-05-22 21:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-06-10 22:27 - 2015-05-22 21:01 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-06-10 22:27 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-06-10 22:27 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-06-10 22:27 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-06-10 22:27 - 2015-05-22 21:00 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-06-10 22:27 - 2015-05-22 20:59 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-06-10 22:27 - 2015-05-22 20:53 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-06-10 22:27 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-06-10 22:27 - 2015-05-22 20:52 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-06-10 22:27 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-06-10 22:27 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-06-10 22:27 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-06-10 22:27 - 2015-05-22 20:47 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-06-10 22:27 - 2015-05-22 20:47 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-06-10 22:27 - 2015-05-22 20:40 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-06-10 22:27 - 2015-05-22 20:36 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-06-10 22:27 - 2015-05-22 20:29 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 22:27 - 2015-05-22 20:25 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-06-10 22:27 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-06-10 22:27 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-06-10 22:27 - 2015-05-22 20:07 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-06-10 22:27 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-06-10 22:27 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-06-10 22:27 - 2015-05-22 20:05 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-06-10 22:27 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-06-10 22:27 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-06-10 22:27 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-06-10 22:27 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-06-10 20:59 - 2015-06-13 16:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-10 20:59 - 2015-06-12 21:13 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-06-10 20:58 - 2015-06-13 18:16 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-10 20:57 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-06-08 23:00 - 2015-06-08 23:00 - 770331069 _____ C:\windows\MEMORY.DMP
2015-06-08 23:00 - 2015-06-08 23:00 - 00532192 _____ C:\windows\Minidump\060815-20389-01.dmp
2015-06-08 22:00 - 2015-06-08 22:00 - 00380416 _____ C:\Users\******* *******\Downloads\Gmer-19357.exe
2015-06-08 21:56 - 2015-06-08 21:59 - 00052853 _____ C:\Users\******* *******\Downloads\Addition.txt
2015-06-08 21:54 - 2015-06-13 19:00 - 00000000 ____D C:\FRST
2015-06-08 21:54 - 2015-06-13 18:59 - 00029550 _____ C:\Users\******* *******\Downloads\FRST.txt
2015-06-08 21:53 - 2015-06-13 18:59 - 02109952 _____ (Farbar) C:\Users\******* *******\Downloads\FRST64.exe
2015-06-08 21:50 - 2015-06-08 21:50 - 00000000 _____ C:\Users\******* *******\defogger_reenable
2015-06-04 16:41 - 2015-06-09 18:27 - 00000000 ____D C:\Users\******* *******\AppData\Local\CrashDumps
2015-06-03 21:55 - 2015-06-03 21:55 - 00000000 ____D C:\12bf32d59e7e9d01b7adf8
2015-06-03 21:29 - 2015-06-03 21:29 - 00000000 ____D C:\windows\TempF16AF546-20B3-53CA-3D77-3D0C91573871-Signatures
2015-06-03 21:05 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-06-03 21:05 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-24 12:50 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-05-24 12:50 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-05-24 12:50 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2015-05-24 12:50 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2015-05-24 12:50 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2015-05-24 12:50 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2015-05-24 12:50 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\jnwmon.dll
2015-05-24 12:50 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\windows\SysWOW64\InkEd.dll
2015-05-24 12:48 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\windows\system32\services.exe
2015-05-24 12:46 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\windows\system32\wpdshext.dll
2015-05-24 12:46 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\windows\SysWOW64\wpdshext.dll
2015-05-24 12:43 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\apphelp.dll
2015-05-24 12:43 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\windows\system32\aelupsvc.dll
2015-05-24 12:43 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\windows\system32\sdbinst.exe
2015-05-24 12:43 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\shimeng.dll
2015-05-24 12:43 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\shimeng.dll
2015-05-24 12:43 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\windows\SysWOW64\apphelp.dll
2015-05-24 12:43 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\windows\SysWOW64\sdbinst.exe
2015-05-24 12:43 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\windows\SysWOW64\poqexec.exe
2015-05-24 12:43 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-13 18:51 - 2011-07-17 22:33 - 00001110 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-13 18:45 - 2010-08-17 09:59 - 01864346 _____ C:\windows\WindowsUpdate.log
2015-06-13 18:41 - 2009-07-14 06:45 - 00022464 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-13 18:41 - 2009-07-14 06:45 - 00022464 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-13 18:38 - 2013-05-22 21:08 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-06-13 18:33 - 2012-09-13 21:27 - 00000000 ___RD C:\Users\******* *******\Dropbox
2015-06-13 18:33 - 2012-09-13 21:22 - 00000000 ____D C:\Users\******* *******\AppData\Roaming\Dropbox
2015-06-13 18:32 - 2011-08-19 10:08 - 00000000 ____D C:\Users\******* *******\AppData\Roaming\Skype
2015-06-13 18:29 - 2014-12-15 22:49 - 00007455 _____ C:\windows\setupact.log
2015-06-13 18:29 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-06-13 18:28 - 2014-12-15 22:48 - 00131908 _____ C:\windows\PFRO.log
2015-06-13 18:07 - 2014-05-16 23:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-13 18:06 - 2010-08-17 11:02 - 00000000 ____D C:\windows\PCHEALTH
2015-06-13 16:49 - 2013-04-08 21:57 - 00000000 ____D C:\Program Files (x86)\StarMoney Business 6.0 S-Edition
2015-06-12 21:24 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2015-06-12 21:14 - 2009-07-14 04:34 - 00000215 _____ C:\windows\system.ini
2015-06-12 21:12 - 2009-07-14 04:34 - 67108864 _____ C:\windows\system32\config\components.bak
2015-06-12 21:12 - 2009-07-14 04:34 - 23592960 _____ C:\windows\system32\config\SYSTEM.bak
2015-06-12 21:12 - 2009-07-14 04:34 - 106692608 _____ C:\windows\system32\config\SOFTWARE.bak
2015-06-12 21:12 - 2009-07-14 04:34 - 00524288 _____ C:\windows\system32\config\DEFAULT.bak
2015-06-12 21:12 - 2009-07-14 04:34 - 00061440 _____ C:\windows\system32\config\SAM.bak
2015-06-12 21:12 - 2009-07-14 04:34 - 00028672 _____ C:\windows\system32\config\SECURITY.bak
2015-06-12 02:06 - 2011-07-15 00:08 - 00000000 ____D C:\Users\******* *******\AppData\Local\Adobe
2015-06-11 20:48 - 2015-01-26 21:46 - 00000000 __SHD C:\Users\******* *******\AppData\Local\EmieBrowserModeList
2015-06-11 20:48 - 2014-07-18 17:03 - 00000000 __SHD C:\Users\******* *******\AppData\Local\EmieUserList
2015-06-11 20:48 - 2014-07-18 17:03 - 00000000 __SHD C:\Users\******* *******\AppData\Local\EmieSiteList
2015-06-11 20:37 - 2009-07-14 05:20 - 00000000 ____D C:\windows\system
2015-06-11 08:59 - 2009-07-14 07:09 - 00000000 ____D C:\windows\System32\Tasks\WPD
2015-06-11 04:44 - 2009-07-14 05:20 - 00000000 ____D C:\windows\rescache
2015-06-11 04:00 - 2010-08-17 01:39 - 00699682 _____ C:\windows\system32\perfh007.dat
2015-06-11 04:00 - 2010-08-17 01:39 - 00149790 _____ C:\windows\system32\perfc007.dat
2015-06-11 04:00 - 2009-07-14 07:13 - 01620684 _____ C:\windows\system32\PerfStringBackup.INI
2015-06-11 03:54 - 2009-07-14 06:45 - 05057440 _____ C:\windows\system32\FNTCACHE.DAT
2015-06-11 03:51 - 2014-12-10 19:53 - 00000000 ____D C:\windows\system32\appraiser
2015-06-11 03:51 - 2014-05-11 21:12 - 00000000 ___SD C:\windows\system32\CompatTel
2015-06-11 03:51 - 2009-07-14 05:20 - 00000000 ____D C:\windows\PolicyDefinitions
2015-06-11 03:44 - 2011-07-17 10:22 - 00000000 ____D C:\Users\******* *******\Documents\Outlook-Dateien
2015-06-11 03:30 - 2011-07-14 16:53 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-11 03:23 - 2013-08-15 23:08 - 00000000 ____D C:\windows\system32\MRT
2015-06-11 03:05 - 2011-08-21 11:56 - 140135120 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-06-11 03:02 - 2009-07-14 04:34 - 00000510 _____ C:\windows\win.ini
2015-06-10 20:52 - 2011-07-16 16:22 - 00000000 ____D C:\Users\******* *******\AppData\Roaming\Apple Computer
2015-06-10 20:51 - 2011-10-21 17:06 - 00000000 ____D C:\Users\******* *******\AppData\Local\13EFF61B-C0BE-4E7C-A631-8DB65ADD1790.aplzod
2015-06-09 23:39 - 2013-05-22 21:08 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-06-09 23:39 - 2013-05-22 21:08 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-09 23:39 - 2013-05-22 21:08 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-06-08 23:00 - 2012-07-30 11:56 - 00000000 ____D C:\windows\Minidump
2015-06-08 21:50 - 2011-07-14 16:42 - 00000000 ____D C:\Users\******* *******
2015-06-05 10:58 - 2009-07-14 05:20 - 00000000 ____D C:\windows\system32\NDF
2015-06-04 16:47 - 2015-01-17 21:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Audio Pack
2015-06-03 22:45 - 2012-05-16 15:27 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-06-03 22:45 - 2012-05-16 15:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-06-03 22:43 - 2015-04-05 20:46 - 00000000 ___SD C:\windows\SysWOW64\GWX
2015-06-03 22:43 - 2015-04-05 20:46 - 00000000 ___SD C:\windows\system32\GWX
2015-06-03 22:43 - 2009-07-29 09:23 - 00000000 ____D C:\Program Files\Windows Journal
2015-06-03 22:43 - 2009-07-14 05:20 - 00000000 ____D C:\windows\system32\AdvancedInstallers
2015-06-03 22:42 - 2012-06-28 17:58 - 00002077 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-06-03 22:42 - 2012-06-28 17:53 - 00001912 _____ C:\windows\epplauncher.mif
2015-06-03 22:41 - 2012-06-28 17:58 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-06-03 22:41 - 2012-06-28 17:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2015-06-03 21:40 - 2014-08-28 12:57 - 00000000 ____D C:\ProgramData\CanonIJPLM
2015-06-03 21:04 - 2013-03-18 22:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-24 12:46 - 2011-07-17 22:33 - 00004106 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-24 12:46 - 2011-07-17 22:33 - 00003854 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-24 12:46 - 2011-07-17 22:33 - 00001106 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
==================== Files in the root of some directories =======
2011-01-12 02:00 - 2011-01-12 02:00 - 0146944 _____ () C:\Program Files (x86)\Common Files\dsfFLACDecoder.dll
2011-01-12 02:00 - 2011-01-12 02:00 - 0221184 _____ () C:\Program Files (x86)\Common Files\dsfFLACEncoder.dll
2011-01-12 02:00 - 2011-01-12 02:00 - 0204800 _____ () C:\Program Files (x86)\Common Files\dsfNativeFLACSource.dll
2012-05-11 14:16 - 2012-05-11 14:16 - 0171520 _____ () C:\Program Files (x86)\Common Files\dsfOggDemux2.dll
2011-01-12 02:00 - 2011-01-12 02:00 - 0240128 _____ () C:\Program Files (x86)\Common Files\dsfVorbisDecoder.dll
2009-07-11 23:08 - 2009-07-11 23:08 - 0001860 _____ () C:\Program Files (x86)\Common Files\Microsoft.VC90.CRT.manifest
2011-04-18 22:51 - 2011-04-18 22:51 - 0569680 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\MSVCP90.dll
2011-04-18 22:51 - 2011-04-18 22:51 - 0653136 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\MSVCR90.dll
2010-12-16 21:39 - 2010-12-16 21:39 - 0412672 _____ (Google) C:\Program Files (x86)\Common Files\vp8decoder.dll
2010-12-16 21:39 - 2010-12-16 21:39 - 0701440 _____ (Google) C:\Program Files (x86)\Common Files\vp8encoder.dll
2010-12-16 21:39 - 2010-12-16 21:39 - 0302592 _____ (Google) C:\Program Files (x86)\Common Files\webmmux.dll
2010-12-16 21:39 - 2010-12-16 21:39 - 0292352 _____ (Google) C:\Program Files (x86)\Common Files\webmsplit.dll
2011-01-12 02:00 - 2011-01-12 02:00 - 0030208 _____ () C:\Program Files (x86)\Common Files\wmpinfo.dll
2013-08-02 18:51 - 2013-08-02 18:51 - 0000132 _____ () C:\Users\******* *******\AppData\Roaming\Adobe CS6-GIF-Format - Voreinstellungen
2013-08-02 18:48 - 2015-04-27 20:13 - 0000132 _____ () C:\Users\******* *******\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2011-10-06 22:37 - 2011-10-06 22:38 - 0013003 _____ () C:\Users\******* *******\AppData\Roaming\Kommagetrennte Werte (DOS).CAL
2013-09-18 21:50 - 2013-09-18 23:38 - 145672688 _____ () C:\Users\******* *******\AppData\Local\ACCCx2_1_2_232.zip.aamdownload
2013-09-18 21:50 - 2013-09-18 23:38 - 0001817 _____ () C:\Users\******* *******\AppData\Local\ACCCx2_1_2_232.zip.aamdownload.aamd
2013-06-29 18:43 - 2013-06-29 18:43 - 0001456 _____ () C:\Users\******* *******\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2015-02-08 21:28 - 2015-02-08 21:28 - 0003560 _____ () C:\Users\******* *******\AppData\Local\recently-used.xbel
2011-07-14 17:34 - 2011-07-14 17:34 - 0000088 _____ () C:\ProgramData\profile.xml
Some files in TEMP:
====================
C:\Users\******* *******\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp5bx_bd.dll
C:\Users\******* *******\AppData\Local\Temp\d_8-vj54.dll
C:\Users\******* *******\AppData\Local\Temp\Quarantine.exe
C:\Users\******* *******\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-05 07:14
==================== End of log ============================
Liebe Grüße und herzlichen Dank |
|
14.06.2015, 15:39
| #11 |
| /// the machine /// TB-Ausbilder | Windows 7 wie kann ich den DHL Trojaner vollständig entfernenESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
15.06.2015, 07:53
| #12 |
| | Windows 7 wie kann ich den DHL Trojaner vollständig entfernenCode:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=6024ac5024f4394fa53f50f7edbf23dd
# end=init
# utc_time=2015-06-14 06:29:05
# local_time=2015-06-14 08:29:05 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24323
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=6024ac5024f4394fa53f50f7edbf23dd
# end=updated
# utc_time=2015-06-14 06:37:10
# local_time=2015-06-14 08:37:10 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=6024ac5024f4394fa53f50f7edbf23dd
# engine=24323
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-06-14 11:10:32
# local_time=2015-06-15 01:10:32 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 959317 105617054 0 0
# scanned=447586
# found=3
# cleaned=0
# scan_time=16401
sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir"
sh=FDF652F803592E6840E076A89A19BF655686B8A8 ft=1 fh=de76e936397b25d2 vn="Variante von Win32/Adware.Yontoo.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll.vir"
sh=A416ACC21756868987F275190BD1033BF74E180C ft=1 fh=d3699c00a2c5c199 vn="Variante von Win32/Adware.Synatix.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\******* *******\AppData\Local\wwerwerwe\asdasdasd\protegere.exe.vir"
Rest folgt |
|
15.06.2015, 18:30
| #13 |
| /// the machine /// TB-Ausbilder | Windows 7 wie kann ich den DHL Trojaner vollständig entfernen ich warte dann auf den Rest
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
15.06.2015, 19:49
| #14 |
| | Windows 7 wie kann ich den DHL Trojaner vollständig entfernenCode:
ATTFilter Results of screen317's Security Check version 1.002
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Secunia PSI (2.0.0.4003)
TuneUp Utilities
TuneUp Utilities Language Pack (de-DE)
TuneUp Utilities
Java 8 Update 25
Java version 32-bit out of Date!
Adobe Flash Player 17.0.0.188
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (38.0.5)
Google Chrome (43.0.2357.124)
Google Chrome (43.0.2357.81)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by ******* ******* (administrator) on LAPTOP******* on 15-06-2015 20:41:12
Running from C:\Users\******* *******\Downloads
Loaded Profiles: ******* ******* (Available Profiles: ******* *******)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Expression\Web 4\ExpressionWeb.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
() C:\Users\******* *******\Videos\Desktop\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [521272 2010-03-22] (Conexant Systems, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [TrayServer] => C:\Program Files (x86)\MAGIX\Video_deluxe_15\TrayServer.exe [90112 2008-08-07] (MAGIX AG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2014208 2014-08-05] (iSkySoft)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\iSkysoft\Video Converter Ultimate\DelayPluginI.exe [1960336 2014-09-26] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-2361403017-131952453-2753301349-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-2361403017-131952453-2753301349-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2015-03-18] (Microsoft Corporation)
HKU\S-1-5-21-2361403017-131952453-2753301349-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-07-17] (Google Inc.)
HKU\S-1-5-21-2361403017-131952453-2753301349-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-2361403017-131952453-2753301349-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-18\...\RunOnce: [WLStart] => C:\Program Files (x86)\Windows Live\Installer\wlstart.exe [786760 2009-07-26] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk [2014-10-03]
ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2010-08-17]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2012-03-24]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\******* *******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012-09-13]
ShortcutTarget: Dropbox.lnk -> C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\******* *******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\STRATO HiDrive.lnk [2013-10-03]
ShortcutTarget: STRATO HiDrive.lnk -> C:\Program Files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive.exe (STRATO)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2361403017-131952453-2753301349-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-19] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-05-23] (DivX, LLC)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-05] (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-19] (Google Inc.)
BHO-x32: iSkysoft Video Converter Ultimate 5.1.0 -> {AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} -> C:\ProgramData\iSkysoft\Video Converter Ultimate\WSBrowserAppMgr.dll [2014-09-26] (Wondershare)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-05] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-19] (Google Inc.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-19] (Google Inc.)
Toolbar: HKU\S-1-5-21-2361403017-131952453-2753301349-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-2361403017-131952453-2753301349-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKU\S-1-5-21-2361403017-131952453-2753301349-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-19] (Google Inc.)
DPF: HKLM {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-04-29] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-04-29] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-04-29] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-04-29] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-04-29] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-04-29] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-04-29] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 - No File
Tcpip\..\Interfaces\{AF4B7A41-3583-463C-B531-3C89CE481D19}: [NameServer] 8.8.8.8,192.168.0.1
Tcpip\..\Interfaces\{DF2B36DA-9763-40AB-827C-61CD9F3CFD95}: [NameServer] 8.8.8.8,192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default
FF Homepage: hxxp://www.google.de/
FF NetworkProxy: "ftp", "194.110.219.43"
FF NetworkProxy: "ftp_port", 3129
FF NetworkProxy: "gopher", "194.110.219.43"
FF NetworkProxy: "gopher_port", 3129
FF NetworkProxy: "http", "194.110.219.43"
FF NetworkProxy: "http_port", 3129
FF NetworkProxy: "socks", "194.110.219.43"
FF NetworkProxy: "socks_port", 3129
FF NetworkProxy: "ssl", "194.110.219.43"
FF NetworkProxy: "ssl_port", 3129
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-09] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\windows\system32\npDeployJava1.dll [2012-06-17] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2013-03-21] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-09] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-05-25] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-05] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-24] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-24] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2013-03-21] (Adobe Systems)
FF Plugin HKU\.DEFAULT: @protectdisc.com/NPPDLicenseHelper -> C:\windows\system32\config\systemprofile\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll No File
FF Plugin HKU\S-1-5-21-2361403017-131952453-2753301349-1000: @protectdisc.com/NPPDLicenseHelper -> C:\Users\******* *******\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll [2009-06-25] ( )
FF Extension: Proxy-Listen.de - Proxyswitcher - C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\Extensions\admin@proxy-listen.de.xpi [2014-01-20]
FF Extension: Best Proxy Switcher - C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\Extensions\bestproxyswitcher@bestproxyswitcher.com.xpi [2014-01-20]
FF Extension: anonymoX - C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\Extensions\client@anonymox.net.xpi [2014-01-20]
FF Extension: Firebug - C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\Extensions\firebug@software.joehewitt.com.xpi [2014-05-16]
FF Extension: Adblock Plus - C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-06]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011-07-31]
FF HKLM-x32\...\Firefox\Extensions: [ISVCU@iSkysoft.com] - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com
FF Extension: iSkysoft Video Converter Ultimate - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com [2014-10-04]
Chrome:
=======
CHR RestoreOnStartup: Default -> "hxxp://www.searchnu.com/410"
CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hppp&ts=1421522003&from=tugs&uid=WDCXWD6400BEVT-24A0RT0_WD-WX31A40H7188H7188"
CHR NewTab: Default -> "chrome-extension://lddlkbkjpicecdnicegjgfihibacdefe/config/skin/new-tab.html"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.210.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U21) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Protect Disc License Acquisition Plugin) - C:\Users\******* *******\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Profile: C:\Users\******* *******\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\******* *******\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-08]
CHR Extension: (Google Search) - C:\Users\******* *******\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-08]
CHR Extension: (Google Wallet) - C:\Users\******* *******\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-27]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\******* *******\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-01-08]
CHR Extension: (Gmail) - C:\Users\******* *******\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-08]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-05-23]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [864032 2009-08-11] (Broadcom Corporation.)
S2 DBService; C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe [2650112 2010-05-28] (DATA BECKER GmbH & Co KG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®) [File not signed]
S3 IGRS; C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-14] (Lenovo Group Limited)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [509192 2009-08-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [579400 2009-09-22] (Lenovo Group Limited)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S2 Prosieben; C:\Program Files (x86)\maxdome\DCBin\DCService.exe [77032 2009-05-01] (Entriq, Inc.)
S3 PS_MDP; C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-16] (Lenovo Group Limited)
S2 ReadyComm.DirectRouter; C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll [103688 2009-07-14] (Lenovo Group Limited)
S2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [994360 2011-10-14] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-10-14] (Secunia)
S3 StarMoney Business 4.0 OnlineUpdate; C:\Program Files (x86)\StarMoney Business 4.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [554160 2011-11-08] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
S2 StarMoney Business 6.0 OnlineUpdate; C:\Program Files (x86)\StarMoney Business 6.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 TuneUp.Defrag; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe [607048 2011-07-16] (TuneUp Software)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [1403208 2010-05-10] (TuneUp Software)
S3 UPnPService; C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [544768 2006-12-14] (Magix AG) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 Bridge0; C:\Windows\System32\drivers\WDBridge.sys [79376 2009-07-16] (Lenovo)
S3 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [107736 2015-04-14] (Malwarebytes Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [11856 2009-10-14] (TuneUp Software)
R3 usbsmi; C:\Windows\System32\DRIVERS\SMIksdrv.sys [200704 2010-04-20] (SMI)
R3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [11280 2009-07-16] (Lenovo)
S3 WsAudio_Device(1); C:\Windows\System32\drivers\VirtualAudio1.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(2); C:\Windows\System32\drivers\VirtualAudio2.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(3); C:\Windows\System32\drivers\VirtualAudio3.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(4); C:\Windows\System32\drivers\VirtualAudio4.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(5); C:\Windows\System32\drivers\VirtualAudio5.sys [31080 2013-01-25] (Wondershare)
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files (x86)\Lenovo\PlayMovie\000.fcl [146928 2010-01-21] (CyberLink Corp.)
U3 BcmSqlStartupSvc; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 IviRegMgr; No ImagePath
S3 MsgPlusDriver; system32\DRIVERS\MsgPlusDriver.sys [X]
U2 RichVideo; No ImagePath
U3 SQLWriter; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-14 20:27 - 2015-06-14 20:27 - 02870984 _____ (ESET) C:\Users\******* *******\Downloads\esetsmartinstaller_deu.exe
2015-06-13 18:59 - 2015-06-13 18:59 - 00000000 ____D C:\Users\******* *******\Downloads\FRST-OlderVersion
2015-06-13 18:44 - 2015-06-13 18:44 - 00000207 _____ C:\windows\tweaking.com-regbackup-LAPTOP*******-Windows-7-Home-Premium-(64-bit).dat
2015-06-13 18:44 - 2015-06-13 18:44 - 00000000 ____D C:\RegBackup
2015-06-13 18:22 - 2015-06-13 18:27 - 00000000 ____D C:\AdwCleaner
2015-06-13 16:52 - 2015-06-13 16:52 - 00001102 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-13 16:52 - 2015-06-13 16:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-06-13 16:52 - 2015-06-13 16:52 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-06-13 16:52 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-06-13 16:52 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-06-13 16:50 - 2015-06-13 16:51 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\******* *******\Downloads\mbam-setup-2.1.6.1022.exe
2015-06-12 21:33 - 2015-06-13 18:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-12 21:24 - 2015-06-12 21:24 - 00035152 _____ C:\ComboFix.txt
2015-06-12 20:54 - 2015-06-12 21:24 - 00000000 ____D C:\Qoobox
2015-06-12 20:54 - 2015-06-12 21:20 - 00000000 ____D C:\windows\erdnt
2015-06-12 20:54 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe
2015-06-12 20:54 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe
2015-06-12 20:54 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-06-12 20:54 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-06-12 20:54 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-06-12 20:54 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe
2015-06-12 20:54 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe
2015-06-12 20:54 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe
2015-06-11 08:59 - 2015-06-11 08:59 - 00000000 ____D C:\Users\******* *******\AppData\Local\GWX
2015-06-10 22:42 - 2015-05-25 20:24 - 05569984 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-06-10 22:42 - 2015-05-25 20:21 - 01728960 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-06-10 22:42 - 2015-05-25 20:19 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-06-10 22:42 - 2015-05-25 20:19 - 01255424 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2015-06-10 22:42 - 2015-05-25 20:19 - 01162752 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-06-10 22:42 - 2015-05-25 20:19 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2015-06-10 22:42 - 2015-05-25 20:19 - 00728576 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-06-10 22:42 - 2015-05-25 20:19 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-06-10 22:42 - 2015-05-25 20:19 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-06-10 22:42 - 2015-05-25 20:19 - 00113664 _____ (Microsoft Corporation) C:\windows\system32\sechost.dll
2015-06-10 22:42 - 2015-05-25 20:18 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2015-06-10 22:42 - 2015-05-25 20:18 - 00404992 _____ (Microsoft Corporation) C:\windows\system32\tracerpt.exe
2015-06-10 22:42 - 2015-05-25 20:18 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\logman.exe
2015-06-10 22:42 - 2015-05-25 20:07 - 03989440 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-06-10 22:42 - 2015-05-25 20:07 - 03934144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-06-10 22:42 - 2015-05-25 20:04 - 01310744 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-06-10 22:42 - 2015-05-25 20:01 - 00641536 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2015-06-10 22:42 - 2015-05-25 20:01 - 00635392 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2015-06-10 22:42 - 2015-05-25 20:01 - 00551424 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-06-10 22:42 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\windows\SysWOW64\tracerpt.exe
2015-06-10 22:42 - 2015-05-25 19:59 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-06-10 22:42 - 2015-05-25 19:00 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2015-06-10 22:41 - 2015-05-25 20:23 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-06-10 22:41 - 2015-05-25 20:23 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-06-10 22:41 - 2015-05-25 20:19 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-06-10 22:41 - 2015-05-25 20:19 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-06-10 22:41 - 2015-05-25 20:19 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-06-10 22:41 - 2015-05-25 20:19 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-06-10 22:41 - 2015-05-25 20:19 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-06-10 22:41 - 2015-05-25 20:19 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-06-10 22:41 - 2015-05-25 20:19 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-06-10 22:41 - 2015-05-25 20:19 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-06-10 22:41 - 2015-05-25 20:19 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-06-10 22:41 - 2015-05-25 20:19 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-06-10 22:41 - 2015-05-25 20:19 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-06-10 22:41 - 2015-05-25 20:19 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-06-10 22:41 - 2015-05-25 20:19 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-06-10 22:41 - 2015-05-25 20:19 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-06-10 22:41 - 2015-05-25 20:18 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-06-10 22:41 - 2015-05-25 20:18 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-06-10 22:41 - 2015-05-25 20:18 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-06-10 22:41 - 2015-05-25 20:18 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-06-10 22:41 - 2015-05-25 20:18 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\typeperf.exe
2015-06-10 22:41 - 2015-05-25 20:18 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-06-10 22:41 - 2015-05-25 20:18 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\relog.exe
2015-06-10 22:41 - 2015-05-25 20:18 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-06-10 22:41 - 2015-05-25 20:18 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-06-10 22:41 - 2015-05-25 20:18 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\diskperf.exe
2015-06-10 22:41 - 2015-05-25 20:14 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-06-10 22:41 - 2015-05-25 20:14 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:01 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-06-10 22:41 - 2015-05-25 20:01 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-06-10 22:41 - 2015-05-25 20:01 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-06-10 22:41 - 2015-05-25 20:01 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-06-10 22:41 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\windows\SysWOW64\sechost.dll
2015-06-10 22:41 - 2015-05-25 20:01 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-06-10 22:41 - 2015-05-25 20:01 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-06-10 22:41 - 2015-05-25 20:01 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-06-10 22:41 - 2015-05-25 20:01 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-06-10 22:41 - 2015-05-25 20:01 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-06-10 22:41 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\logman.exe
2015-06-10 22:41 - 2015-05-25 20:00 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-06-10 22:41 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\windows\SysWOW64\typeperf.exe
2015-06-10 22:41 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\windows\SysWOW64\relog.exe
2015-06-10 22:41 - 2015-05-25 20:00 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-06-10 22:41 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\diskperf.exe
2015-06-10 22:41 - 2015-05-25 19:59 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-06-10 22:41 - 2015-05-25 19:59 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-06-10 22:41 - 2015-05-25 19:59 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-06-10 22:41 - 2015-05-25 19:57 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-06-10 22:41 - 2015-05-25 19:57 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 18:50 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-06-10 22:41 - 2015-05-25 18:50 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-06-10 22:41 - 2015-05-25 18:48 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 18:48 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 18:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-10 22:36 - 2015-05-22 20:18 - 01021440 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-06-10 22:36 - 2015-05-22 20:18 - 00757248 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-06-10 22:36 - 2015-05-22 20:18 - 00700416 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-06-10 22:36 - 2015-05-22 20:18 - 00423424 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-06-10 22:36 - 2015-05-22 20:18 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-06-10 22:36 - 2015-05-22 20:18 - 00045568 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-06-10 22:36 - 2015-05-22 20:13 - 01119232 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-06-10 22:36 - 2015-05-21 15:19 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-06-10 22:36 - 2015-04-29 20:22 - 14635008 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2015-06-10 22:36 - 2015-04-29 20:21 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2015-06-10 22:36 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2015-06-10 22:36 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2015-06-10 22:36 - 2015-04-29 20:19 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2015-06-10 22:36 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2015-06-10 22:36 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwmp.dll
2015-06-10 22:36 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdxm.ocx
2015-06-10 22:36 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxmasf.dll
2015-06-10 22:36 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2015-06-10 22:35 - 2015-05-25 19:08 - 03206144 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-06-10 22:35 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
2015-06-10 22:35 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll
2015-06-10 22:35 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\stream.sys
2015-06-10 22:27 - 2015-06-01 21:16 - 00389840 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-06-10 22:27 - 2015-06-01 20:07 - 00342736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-06-10 22:27 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-06-10 22:27 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-06-10 22:27 - 2015-05-23 05:28 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-06-10 22:27 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-06-10 22:27 - 2015-05-23 05:15 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-06-10 22:27 - 2015-05-23 05:15 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-06-10 22:27 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-06-10 22:27 - 2015-05-23 05:13 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-06-10 22:27 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-06-10 22:27 - 2015-05-23 05:09 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-06-10 22:27 - 2015-05-23 05:08 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-06-10 22:27 - 2015-05-23 05:06 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-06-10 22:27 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-06-10 22:27 - 2015-05-23 05:05 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-06-10 22:27 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-06-10 22:27 - 2015-05-23 04:57 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-06-10 22:27 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-10 22:27 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-06-10 22:27 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-06-10 22:27 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-06-10 22:27 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-06-10 22:27 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-06-10 22:27 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-06-10 22:27 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-06-10 22:27 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-06-10 22:27 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-06-10 22:27 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-06-10 22:27 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-06-10 22:27 - 2015-05-22 21:16 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-06-10 22:27 - 2015-05-22 21:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-06-10 22:27 - 2015-05-22 21:01 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-06-10 22:27 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-06-10 22:27 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-06-10 22:27 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-06-10 22:27 - 2015-05-22 21:00 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-06-10 22:27 - 2015-05-22 20:59 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-06-10 22:27 - 2015-05-22 20:53 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-06-10 22:27 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-06-10 22:27 - 2015-05-22 20:52 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-06-10 22:27 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-06-10 22:27 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-06-10 22:27 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-06-10 22:27 - 2015-05-22 20:47 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-06-10 22:27 - 2015-05-22 20:47 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-06-10 22:27 - 2015-05-22 20:40 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-06-10 22:27 - 2015-05-22 20:36 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-06-10 22:27 - 2015-05-22 20:29 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 22:27 - 2015-05-22 20:25 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-06-10 22:27 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-06-10 22:27 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-06-10 22:27 - 2015-05-22 20:07 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-06-10 22:27 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-06-10 22:27 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-06-10 22:27 - 2015-05-22 20:05 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-06-10 22:27 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-06-10 22:27 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-06-10 22:27 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-06-10 22:27 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-06-10 20:59 - 2015-06-13 16:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-10 20:59 - 2015-06-12 21:13 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-06-10 20:58 - 2015-06-13 18:16 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-10 20:57 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-06-08 23:00 - 2015-06-08 23:00 - 770331069 _____ C:\windows\MEMORY.DMP
2015-06-08 23:00 - 2015-06-08 23:00 - 00532192 _____ C:\windows\Minidump\060815-20389-01.dmp
2015-06-08 22:00 - 2015-06-08 22:00 - 00380416 _____ C:\Users\******* *******\Downloads\Gmer-19357.exe
2015-06-08 21:56 - 2015-06-08 21:59 - 00052853 _____ C:\Users\******* *******\Downloads\Addition.txt
2015-06-08 21:54 - 2015-06-15 20:41 - 00030534 _____ C:\Users\******* *******\Downloads\FRST.txt
2015-06-08 21:54 - 2015-06-15 20:41 - 00000000 ____D C:\FRST
2015-06-08 21:53 - 2015-06-13 18:59 - 02109952 _____ (Farbar) C:\Users\******* *******\Downloads\FRST64.exe
2015-06-08 21:50 - 2015-06-08 21:50 - 00000000 _____ C:\Users\******* *******\defogger_reenable
2015-06-04 16:41 - 2015-06-09 18:27 - 00000000 ____D C:\Users\******* *******\AppData\Local\CrashDumps
2015-06-03 21:55 - 2015-06-03 21:55 - 00000000 ____D C:\12bf32d59e7e9d01b7adf8
2015-06-03 21:29 - 2015-06-03 21:29 - 00000000 ____D C:\windows\TempF16AF546-20B3-53CA-3D77-3D0C91573871-Signatures
2015-06-03 21:05 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-06-03 21:05 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-24 12:50 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-05-24 12:50 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-05-24 12:50 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2015-05-24 12:50 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2015-05-24 12:50 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2015-05-24 12:50 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2015-05-24 12:50 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\jnwmon.dll
2015-05-24 12:50 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\windows\SysWOW64\InkEd.dll
2015-05-24 12:48 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\windows\system32\services.exe
2015-05-24 12:46 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\windows\system32\wpdshext.dll
2015-05-24 12:46 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\windows\SysWOW64\wpdshext.dll
2015-05-24 12:43 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\apphelp.dll
2015-05-24 12:43 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\windows\system32\aelupsvc.dll
2015-05-24 12:43 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\windows\system32\sdbinst.exe
2015-05-24 12:43 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\shimeng.dll
2015-05-24 12:43 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\shimeng.dll
2015-05-24 12:43 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\windows\SysWOW64\apphelp.dll
2015-05-24 12:43 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\windows\SysWOW64\sdbinst.exe
2015-05-24 12:43 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\windows\SysWOW64\poqexec.exe
2015-05-24 12:43 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-15 20:42 - 2011-08-19 10:08 - 00000000 ____D C:\Users\******* *******\AppData\Roaming\Skype
2015-06-15 20:38 - 2013-05-22 21:08 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-06-15 20:19 - 2009-07-14 06:45 - 00022464 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-15 20:19 - 2009-07-14 06:45 - 00022464 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-15 19:53 - 2010-08-17 09:59 - 02030021 _____ C:\windows\WindowsUpdate.log
2015-06-15 19:51 - 2011-07-17 22:33 - 00001110 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-15 11:52 - 2014-06-01 15:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
2015-06-15 02:00 - 2011-07-15 00:08 - 00000000 ____D C:\Users\******* *******\AppData\Local\Adobe
2015-06-13 19:33 - 2011-07-17 10:22 - 00000000 ____D C:\Users\******* *******\Documents\Outlook-Dateien
2015-06-13 19:26 - 2011-10-21 17:06 - 00000000 ____D C:\Users\******* *******\AppData\Local\13EFF61B-C0BE-4E7C-A631-8DB65ADD1790.aplzod
2015-06-13 18:33 - 2012-09-13 21:27 - 00000000 ___RD C:\Users\******* *******\Dropbox
2015-06-13 18:33 - 2012-09-13 21:22 - 00000000 ____D C:\Users\******* *******\AppData\Roaming\Dropbox
2015-06-13 18:29 - 2014-12-15 22:49 - 00007455 _____ C:\windows\setupact.log
2015-06-13 18:29 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-06-13 18:28 - 2014-12-15 22:48 - 00131908 _____ C:\windows\PFRO.log
2015-06-13 18:07 - 2014-05-16 23:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-13 18:07 - 2010-08-17 11:02 - 00000000 ____D C:\windows\PCHEALTH
2015-06-13 16:49 - 2013-04-08 21:57 - 00000000 ____D C:\Program Files (x86)\StarMoney Business 6.0 S-Edition
2015-06-12 21:24 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2015-06-12 21:14 - 2009-07-14 04:34 - 00000215 _____ C:\windows\system.ini
2015-06-12 21:12 - 2009-07-14 04:34 - 67108864 _____ C:\windows\system32\config\components.bak
2015-06-12 21:12 - 2009-07-14 04:34 - 23592960 _____ C:\windows\system32\config\SYSTEM.bak
2015-06-12 21:12 - 2009-07-14 04:34 - 106692608 _____ C:\windows\system32\config\SOFTWARE.bak
2015-06-12 21:12 - 2009-07-14 04:34 - 00524288 _____ C:\windows\system32\config\DEFAULT.bak
2015-06-12 21:12 - 2009-07-14 04:34 - 00061440 _____ C:\windows\system32\config\SAM.bak
2015-06-12 21:12 - 2009-07-14 04:34 - 00028672 _____ C:\windows\system32\config\SECURITY.bak
2015-06-11 20:48 - 2015-01-26 21:46 - 00000000 __SHD C:\Users\******* *******\AppData\Local\EmieBrowserModeList
2015-06-11 20:48 - 2014-07-18 17:03 - 00000000 __SHD C:\Users\******* *******\AppData\Local\EmieUserList
2015-06-11 20:48 - 2014-07-18 17:03 - 00000000 __SHD C:\Users\******* *******\AppData\Local\EmieSiteList
2015-06-11 20:37 - 2009-07-14 05:20 - 00000000 ____D C:\windows\system
2015-06-11 08:59 - 2009-07-14 07:09 - 00000000 ____D C:\windows\System32\Tasks\WPD
2015-06-11 04:44 - 2009-07-14 05:20 - 00000000 ____D C:\windows\rescache
2015-06-11 04:00 - 2010-08-17 01:39 - 00699682 _____ C:\windows\system32\perfh007.dat
2015-06-11 04:00 - 2010-08-17 01:39 - 00149790 _____ C:\windows\system32\perfc007.dat
2015-06-11 04:00 - 2009-07-14 07:13 - 01620684 _____ C:\windows\system32\PerfStringBackup.INI
2015-06-11 03:54 - 2009-07-14 06:45 - 05057440 _____ C:\windows\system32\FNTCACHE.DAT
2015-06-11 03:51 - 2014-12-10 19:53 - 00000000 ____D C:\windows\system32\appraiser
2015-06-11 03:51 - 2014-05-11 21:12 - 00000000 ___SD C:\windows\system32\CompatTel
2015-06-11 03:51 - 2009-07-14 05:20 - 00000000 ____D C:\windows\PolicyDefinitions
2015-06-11 03:30 - 2011-07-14 16:53 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-11 03:23 - 2013-08-15 23:08 - 00000000 ____D C:\windows\system32\MRT
2015-06-11 03:05 - 2011-08-21 11:56 - 140135120 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-06-11 03:02 - 2009-07-14 04:34 - 00000510 _____ C:\windows\win.ini
2015-06-10 20:52 - 2011-07-16 16:22 - 00000000 ____D C:\Users\******* *******\AppData\Roaming\Apple Computer
2015-06-09 23:39 - 2013-05-22 21:08 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-06-09 23:39 - 2013-05-22 21:08 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-09 23:39 - 2013-05-22 21:08 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-06-08 23:00 - 2012-07-30 11:56 - 00000000 ____D C:\windows\Minidump
2015-06-08 21:50 - 2011-07-14 16:42 - 00000000 ____D C:\Users\******* *******
2015-06-05 10:58 - 2009-07-14 05:20 - 00000000 ____D C:\windows\system32\NDF
2015-06-04 16:47 - 2015-01-17 21:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Audio Pack
2015-06-03 22:45 - 2012-05-16 15:27 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-06-03 22:45 - 2012-05-16 15:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-06-03 22:43 - 2015-04-05 20:46 - 00000000 ___SD C:\windows\SysWOW64\GWX
2015-06-03 22:43 - 2015-04-05 20:46 - 00000000 ___SD C:\windows\system32\GWX
2015-06-03 22:43 - 2009-07-29 09:23 - 00000000 ____D C:\Program Files\Windows Journal
2015-06-03 22:43 - 2009-07-14 05:20 - 00000000 ____D C:\windows\system32\AdvancedInstallers
2015-06-03 22:42 - 2012-06-28 17:58 - 00002077 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-06-03 22:42 - 2012-06-28 17:53 - 00001912 _____ C:\windows\epplauncher.mif
2015-06-03 22:41 - 2012-06-28 17:58 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-06-03 22:41 - 2012-06-28 17:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2015-06-03 21:40 - 2014-08-28 12:57 - 00000000 ____D C:\ProgramData\CanonIJPLM
2015-06-03 21:04 - 2013-03-18 22:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-24 12:46 - 2011-07-17 22:33 - 00004106 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-24 12:46 - 2011-07-17 22:33 - 00003854 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-24 12:46 - 2011-07-17 22:33 - 00001106 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
==================== Files in the root of some directories =======
2011-01-12 02:00 - 2011-01-12 02:00 - 0146944 _____ () C:\Program Files (x86)\Common Files\dsfFLACDecoder.dll
2011-01-12 02:00 - 2011-01-12 02:00 - 0221184 _____ () C:\Program Files (x86)\Common Files\dsfFLACEncoder.dll
2011-01-12 02:00 - 2011-01-12 02:00 - 0204800 _____ () C:\Program Files (x86)\Common Files\dsfNativeFLACSource.dll
2012-05-11 14:16 - 2012-05-11 14:16 - 0171520 _____ () C:\Program Files (x86)\Common Files\dsfOggDemux2.dll
2011-01-12 02:00 - 2011-01-12 02:00 - 0240128 _____ () C:\Program Files (x86)\Common Files\dsfVorbisDecoder.dll
2009-07-11 23:08 - 2009-07-11 23:08 - 0001860 _____ () C:\Program Files (x86)\Common Files\Microsoft.VC90.CRT.manifest
2011-04-18 22:51 - 2011-04-18 22:51 - 0569680 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\MSVCP90.dll
2011-04-18 22:51 - 2011-04-18 22:51 - 0653136 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\MSVCR90.dll
2010-12-16 21:39 - 2010-12-16 21:39 - 0412672 _____ (Google) C:\Program Files (x86)\Common Files\vp8decoder.dll
2010-12-16 21:39 - 2010-12-16 21:39 - 0701440 _____ (Google) C:\Program Files (x86)\Common Files\vp8encoder.dll
2010-12-16 21:39 - 2010-12-16 21:39 - 0302592 _____ (Google) C:\Program Files (x86)\Common Files\webmmux.dll
2010-12-16 21:39 - 2010-12-16 21:39 - 0292352 _____ (Google) C:\Program Files (x86)\Common Files\webmsplit.dll
2011-01-12 02:00 - 2011-01-12 02:00 - 0030208 _____ () C:\Program Files (x86)\Common Files\wmpinfo.dll
2013-08-02 18:51 - 2013-08-02 18:51 - 0000132 _____ () C:\Users\******* *******\AppData\Roaming\Adobe CS6-GIF-Format - Voreinstellungen
2013-08-02 18:48 - 2015-04-27 20:13 - 0000132 _____ () C:\Users\******* *******\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2011-10-06 22:37 - 2011-10-06 22:38 - 0013003 _____ () C:\Users\******* *******\AppData\Roaming\Kommagetrennte Werte (DOS).CAL
2013-09-18 21:50 - 2013-09-18 23:38 - 145672688 _____ () C:\Users\******* *******\AppData\Local\ACCCx2_1_2_232.zip.aamdownload
2013-09-18 21:50 - 2013-09-18 23:38 - 0001817 _____ () C:\Users\******* *******\AppData\Local\ACCCx2_1_2_232.zip.aamdownload.aamd
2013-06-29 18:43 - 2013-06-29 18:43 - 0001456 _____ () C:\Users\******* *******\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2015-02-08 21:28 - 2015-02-08 21:28 - 0003560 _____ () C:\Users\******* *******\AppData\Local\recently-used.xbel
2011-07-14 17:34 - 2011-07-14 17:34 - 0000088 _____ () C:\ProgramData\profile.xml
Some files in TEMP:
====================
C:\Users\******* *******\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp5bx_bd.dll
C:\Users\******* *******\AppData\Local\Temp\d_8-vj54.dll
C:\Users\******* *******\AppData\Local\Temp\Quarantine.exe
C:\Users\******* *******\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-14 13:44
==================== End of log ============================
Liebe Grüße und Danke |
|
16.06.2015, 16:03
| #15 |
| /// the machine /// TB-Ausbilder | Windows 7 wie kann ich den DHL Trojaner vollständig entfernen Java und Adobe updaten. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter FF NetworkProxy: "ftp", "194.110.219.43"
FF NetworkProxy: "ftp_port", 3129
FF NetworkProxy: "gopher", "194.110.219.43"
FF NetworkProxy: "gopher_port", 3129
FF NetworkProxy: "http", "194.110.219.43"
FF NetworkProxy: "http_port", 3129
FF NetworkProxy: "socks", "194.110.219.43"
FF NetworkProxy: "socks_port", 3129
FF NetworkProxy: "ssl", "194.110.219.43"
FF NetworkProxy: "ssl_port", 3129
FF NetworkProxy: "type", 0
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
 Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde:  Combofix deinstallieren
Alle Logs gepostet? Dann lade Dir bitte  DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...  und/oder das Forum mit einer kleinen Spende  unterstützen.   Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. Meine Empfehlung:  Emsisoft Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional:  NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.Lade Software von einem sauberen Portal wie  .Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows 7 wie kann ich den DHL Trojaner vollständig entfernen |
| adware, booten, browser, converter, cpu, desktop, entfernen, firefox, flash player, helper, homepage, iexplore.exe, installmanager.exe, internet, internet explorer, launch, newtab, programm, rundll, security, server, software, svchost.exe, trojaner, trojaner board, usb, viren, windows, zipdatei |
WARNUNG an die MITLESER: 
+ R Taste und schreibe Combofix /Uninstall in das 
Linear-Darstellung
