| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Unbekanntes Problem mit meinem Acer LaptopWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
18.06.2015, 12:09
| #1 |
 |  Unbekanntes Problem mit meinem Acer Laptop Hallo Leute, seit einiger Zeit merke ich das mein Laptop signifikant langsamer geworden ist, dies macht sich dadurch bemerkbar das es ewig dauert bis bestimmte Icons sich öffnen oder wenn man etwas bei Word schreibt es mehrere Sekunden bis der Eingegebene Text auftaucht. Da ich keine Ahnung habe wie ich so ein Problem beseitigen könnte würde ich euch gerne um Hilfe bitten. Mit freundlichen Grüßen d.rahim |
|
18.06.2015, 13:20
| #2 |
| /// the machine /// TB-Ausbilder    | Unbekanntes Problem mit meinem Acer Laptop hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
24.06.2015, 13:41
| #3 |
| | Unbekanntes Problem mit meinem Acer Laptop Hier der FRST.txt.
__________________# FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-06-2015 01
Ran by Ghafar Rahim (administrator) on GHAFARRAHIM-PC on 24-06-2015 14:36:34
Running from C:\Users\Ghafar Rahim\Downloads
Loaded Profiles: Ghafar Rahim (Available Profiles: Ghafar Rahim & Gast)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
() C:\Program Files (x86)\XSManager\WTGService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
() C:\Program Files (x86)\Mioplanet Battery Meter\Mioplanet Battery Meter.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-29] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-08-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [186408 2013-12-06] (Geek Software GmbH)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
HKLM-x32\...\Winlogon: [Shell] C:\PROGRA~3\Ip8n1qW.bat [ ] () <=== ATTENTION
HKU\S-1-5-21-326697408-1932606760-2851138926-1001\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-326697408-1932606760-2851138926-1001\...\Run: [Google Update] => C:\Users\Ghafar Rahim\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-12] (Google Inc.)
HKU\S-1-5-21-326697408-1932606760-2851138926-1001\...\Run: [Spotify Web Helper] => C:\Users\Ghafar Rahim\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-17] (Spotify Ltd)
HKU\S-1-5-21-326697408-1932606760-2851138926-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-326697408-1932606760-2851138926-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-06] (Microsoft Corporation)
Startup: C:\Users\Ghafar Rahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mioplanet Battery Meter.lnk [2011-04-08]
ShortcutTarget: Mioplanet Battery Meter.lnk -> C:\Program Files (x86)\Mioplanet Battery Meter\Mioplanet Battery Meter.exe ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ghafar Rahim\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ghafar Rahim\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ghafar Rahim\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ghafar Rahim\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ghafar Rahim\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ghafar Rahim\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ghafar Rahim\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-326697408-1932606760-2851138926-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-326697408-1932606760-2851138926-1001] => 192.168.0.56:8080
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland ? mit Hotmail Nachfolger Outlook und Messenger Skype
HKU\S-1-5-21-326697408-1932606760-2851138926-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.search.yahoo.com/?type=501549&fr=spigot-yhp-ie
HKU\S-1-5-21-326697408-1932606760-2851138926-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
SearchScopes: HKU\S-1-5-21-326697408-1932606760-2851138926-1001 -> DefaultScope {B432BD4E-4D98-43AE-81CC-2586D57FC89E} URL = https://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=501549&p={searchTerms}
SearchScopes: HKU\S-1-5-21-326697408-1932606760-2851138926-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-326697408-1932606760-2851138926-1001 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
SearchScopes: HKU\S-1-5-21-326697408-1932606760-2851138926-1001 -> {B432BD4E-4D98-43AE-81CC-2586D57FC89E} URL = https://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=501549&p={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll [2014-01-24] (CANON INC.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-05-28] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-05-12] (Microsoft Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-02-08] (DivX, LLC)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-01-24] (CANON INC.)
BHO-x32: DivX HiQ -> {593DDEC6-7468-4cdd-90E1-42DADAA222E9} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-02-08] (DivX, LLC)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-05-28] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll [2014-01-24] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-01-24] (CANON INC.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-03-23] (Microsoft Corporation)
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424 2013-10-09] (Microsoft Corporation) ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 C:\Windows\System32\mswsock.dll [327168 2013-10-09] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 134.76.10.46 134.76.33.21
FireFox:
========
FF ProfilePath: C:\Users\Ghafar Rahim\AppData\Roaming\Mozilla\Firefox\Profiles\1bmm9w0j.default
FF DefaultSearchUrl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}
FF Homepage: google.de
FF NetworkProxy: "backup.ftp", "192.168.0.1"
FF NetworkProxy: "backup.ftp_port", 8080
FF NetworkProxy: "backup.gopher", "192.168.0.1"
FF NetworkProxy: "backup.gopher_port", 8080
FF NetworkProxy: "backup.socks", "192.168.0.1"
FF NetworkProxy: "backup.socks_port", 8080
FF NetworkProxy: "backup.ssl", "192.168.0.1"
FF NetworkProxy: "backup.ssl_port", 8080
FF NetworkProxy: "ftp", "192.168.0.1"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "gopher", "192.168.0.1"
FF NetworkProxy: "gopher_port", 8080
FF NetworkProxy: "http", "192.168.0.1"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "192.168.0.1"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "socks_version", 4
FF NetworkProxy: "ssl", "192.168.0.1"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_190.dll [2015-06-24] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-24] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-02-08] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-01-24] (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-03-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-326697408-1932606760-2851138926-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Ghafar Rahim\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-326697408-1932606760-2851138926-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Ghafar Rahim\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-326697408-1932606760-2851138926-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Ghafar Rahim\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-326697408-1932606760-2851138926-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ghafar Rahim\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-10-08] (Unity Technologies ApS)
FF user.js: detected! => C:\Users\Ghafar Rahim\AppData\Roaming\Mozilla\Firefox\Profiles\1bmm9w0j.default\user.js [2013-05-06]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2011-03-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2011-03-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2011-03-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2011-03-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2011-03-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2011-03-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2011-03-08] (Apple Inc.)
FF SearchPlugin: C:\Users\Ghafar Rahim\AppData\Roaming\Mozilla\Firefox\Profiles\1bmm9w0j.default\searchplugins\conduit.xml [2011-08-31]
FF SearchPlugin: C:\Users\Ghafar Rahim\AppData\Roaming\Mozilla\Firefox\Profiles\1bmm9w0j.default\searchplugins\yahoo_ff.xml [2014-10-14]
FF Extension: YouTube mp3 - C:\Users\Ghafar Rahim\AppData\Roaming\Mozilla\Firefox\Profiles\1bmm9w0j.default\Extensions\info@youtube-mp3.org.xpi [2012-07-20]
FF Extension: Youtube To MP3 PRO converter - C:\Users\Ghafar Rahim\AppData\Roaming\Mozilla\Firefox\Profiles\1bmm9w0j.default\Extensions\jid0-irAmugmQgdURBSCIFZAcjR8ZQMg@jetpack.xpi [2012-08-13]
FF Extension: YouTube to MP3 - C:\Users\Ghafar Rahim\AppData\Roaming\Mozilla\Firefox\Profiles\1bmm9w0j.default\Extensions\youtube2mp3@mondayx.de.xpi [2012-07-20]
FF Extension: Adblock Plus - C:\Users\Ghafar Rahim\AppData\Roaming\Mozilla\Firefox\Profiles\1bmm9w0j.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-07]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011-02-24]
FF HKLM-x32\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011-02-24]
Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Users\Ghafar Rahim\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Ghafar Rahim\AppData\Local\Google\Chrome\Application\22.0.1229.79\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Ghafar Rahim\AppData\Local\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Ghafar Rahim\AppData\Local\Google\Chrome\Application\22.0.1229.79\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Ghafar Rahim\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Profile: C:\Users\Ghafar Rahim\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (DivX HiQ) - C:\Users\Ghafar Rahim\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae [2012-09-10]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Ghafar Rahim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2012-09-10]
CHR HKLM-x32\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [2011-02-08]
CHR HKLM-x32\...\Chrome\Extension: [ngnjhfpfhadncgafgbneeljaginimmmk] - C:\Users\GHAFAR~1\AppData\Local\Temp\tbch.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [2011-02-08]
StartMenuInternet: Google Chrome.WAKFTUGJO4SASLO4I5UDNVQHUQ - C:\Users\Ghafar Rahim\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2739888 2015-05-19] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTGService; C:\Program Files (x86)\XSManager\WTGService.exe [329848 2013-05-06] ()
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [126080 2013-12-12] (QUALCOMM Incorporated)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [132608 2009-06-29] (Huawei Technologies Co., Ltd.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-24 14:36 - 2015-06-24 14:37 - 00027726 _____ C:\Users\Ghafar Rahim\Downloads\FRST.txt
2015-06-24 14:36 - 2015-06-24 14:36 - 02109952 _____ (Farbar) C:\Users\Ghafar Rahim\Downloads\FRST64.exe
2015-06-24 14:36 - 2015-06-24 14:36 - 00000000 ____D C:\FRST
2015-06-24 14:35 - 2015-06-24 14:35 - 01148928 _____ (Farbar) C:\Users\Ghafar Rahim\Downloads\FRST.exe
2015-06-24 11:27 - 2015-06-24 11:27 - 18174128 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-06-18 13:34 - 2015-06-01 21:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-18 13:34 - 2015-06-01 20:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-18 13:34 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-18 13:34 - 2015-05-23 05:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-18 13:34 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-18 13:34 - 2015-05-23 05:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-18 13:34 - 2015-05-23 05:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-06-18 13:34 - 2015-05-23 05:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-18 13:34 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-18 13:34 - 2015-05-23 05:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-18 13:34 - 2015-05-23 05:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-18 13:34 - 2015-05-23 05:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-18 13:34 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-18 13:34 - 2015-05-23 05:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-18 13:34 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-18 13:34 - 2015-05-23 04:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-18 13:34 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-18 13:34 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-18 13:34 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-18 13:34 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-18 13:34 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-18 13:34 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-18 13:34 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-18 13:34 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-18 13:34 - 2015-05-22 21:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-18 13:34 - 2015-05-22 21:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-18 13:34 - 2015-05-22 21:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-18 13:34 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-18 13:34 - 2015-05-22 21:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-18 13:34 - 2015-05-22 20:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-18 13:34 - 2015-05-22 20:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-18 13:34 - 2015-05-22 20:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-18 13:34 - 2015-05-22 20:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-18 13:34 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-18 13:34 - 2015-05-22 20:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-18 13:34 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-18 13:34 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-18 13:34 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-18 13:34 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-18 13:33 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-18 13:33 - 2015-05-25 20:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-18 13:33 - 2015-05-25 19:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-18 13:33 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-18 13:33 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-18 13:33 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-18 13:33 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-06-18 13:33 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-18 13:33 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-18 13:33 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-18 13:33 - 2015-05-22 20:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-18 13:33 - 2015-05-22 20:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-18 13:33 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-18 13:33 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-18 13:33 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-18 13:33 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-18 13:33 - 2015-05-22 20:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-18 13:33 - 2015-05-22 20:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-18 13:33 - 2015-05-22 20:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-18 13:33 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-18 13:33 - 2015-05-22 20:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-18 13:33 - 2015-05-22 20:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-18 13:33 - 2015-05-22 20:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-18 13:33 - 2015-05-22 20:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-18 13:33 - 2015-05-22 20:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-18 13:33 - 2015-05-22 20:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-18 13:33 - 2015-05-22 20:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-18 13:33 - 2015-05-22 20:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-18 13:33 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-18 13:33 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-18 13:33 - 2015-05-21 15:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-18 13:33 - 2015-04-29 20:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-18 13:33 - 2015-04-29 20:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-18 13:33 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-18 13:33 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-18 13:33 - 2015-04-29 20:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-18 13:33 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-18 13:33 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-18 13:33 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-18 13:33 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-18 13:33 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-18 13:33 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-18 13:33 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-18 13:32 - 2015-05-25 20:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-18 13:32 - 2015-05-25 20:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-18 13:32 - 2015-05-25 20:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-18 13:32 - 2015-05-25 20:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-18 13:32 - 2015-05-25 20:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-18 13:32 - 2015-05-25 20:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-18 13:32 - 2015-05-25 20:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-18 13:32 - 2015-05-25 20:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-18 13:32 - 2015-05-25 20:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-18 13:32 - 2015-05-25 20:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-18 13:32 - 2015-05-25 20:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-18 13:32 - 2015-05-25 20:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-18 13:32 - 2015-05-25 20:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-18 13:32 - 2015-05-25 20:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-18 13:32 - 2015-05-25 20:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-18 13:32 - 2015-05-25 20:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-18 13:32 - 2015-05-25 20:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-18 13:32 - 2015-05-25 20:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-18 13:32 - 2015-05-25 20:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-18 13:32 - 2015-05-25 20:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-18 13:32 - 2015-05-25 20:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-18 13:32 - 2015-05-25 20:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-18 13:32 - 2015-05-25 20:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-18 13:32 - 2015-05-25 20:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-18 13:32 - 2015-05-25 20:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-18 13:32 - 2015-05-25 20:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-18 13:32 - 2015-05-25 20:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-18 13:32 - 2015-05-25 20:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-18 13:32 - 2015-05-25 20:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-18 13:32 - 2015-05-25 20:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-18 13:32 - 2015-05-25 20:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-18 13:32 - 2015-05-25 20:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-18 13:32 - 2015-05-25 20:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-18 13:32 - 2015-05-25 20:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-18 13:32 - 2015-05-25 20:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-18 13:32 - 2015-05-25 20:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-18 13:32 - 2015-05-25 20:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-18 13:32 - 2015-05-25 20:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-18 13:32 - 2015-05-25 20:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-18 13:32 - 2015-05-25 20:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-18 13:32 - 2015-05-25 20:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-18 13:32 - 2015-05-25 20:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-18 13:32 - 2015-05-25 20:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 20:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 20:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-06-18 13:32 - 2015-05-25 20:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-06-18 13:32 - 2015-05-25 20:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-18 13:32 - 2015-05-25 20:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-06-18 13:32 - 2015-05-25 20:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-06-18 13:32 - 2015-05-25 20:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-18 13:32 - 2015-05-25 20:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-06-18 13:32 - 2015-05-25 20:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-18 13:32 - 2015-05-25 20:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-06-18 13:32 - 2015-05-25 20:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-06-18 13:32 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-06-18 13:32 - 2015-05-25 20:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-06-18 13:32 - 2015-05-25 20:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-06-18 13:32 - 2015-05-25 20:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-18 13:32 - 2015-05-25 20:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-06-18 13:32 - 2015-05-25 20:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-18 13:32 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-06-18 13:32 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-06-18 13:32 - 2015-05-25 20:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-06-18 13:32 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-06-18 13:32 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-06-18 13:32 - 2015-05-25 20:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-18 13:32 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-06-18 13:32 - 2015-05-25 19:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-18 13:32 - 2015-05-25 19:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-18 13:32 - 2015-05-25 19:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-06-18 13:32 - 2015-05-25 19:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-18 13:32 - 2015-05-25 19:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-18 13:32 - 2015-05-25 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-06-18 13:32 - 2015-05-25 19:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-18 13:32 - 2015-05-25 19:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-06-18 13:32 - 2015-05-25 19:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 19:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-18 13:32 - 2015-05-25 18:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-18 13:32 - 2015-05-25 18:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-18 13:32 - 2015-05-25 18:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 18:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-18 13:32 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-18 12:59 - 2015-06-18 12:59 - 00000000 ___SD C:\ComboFix
2015-06-04 03:49 - 2015-06-24 14:21 - 00011882 _____ C:\Windows\PFRO.log
2015-06-02 17:56 - 2015-06-04 03:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-05-29 09:03 - 2015-06-06 02:36 - 00000000 ____D C:\Users\Ghafar Rahim\Desktop\!!
2015-05-29 09:03 - 2015-05-11 23:34 - 00156982 _____ C:\Users\Ghafar Rahim\Desktop\7 MCQs on micro-economics(1).pptx
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-24 14:36 - 2011-10-03 22:24 - 00001166 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-326697408-1932606760-2851138926-1001UA.job
2015-06-24 14:30 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-24 14:30 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-24 14:28 - 2013-05-06 12:45 - 01852122 _____ C:\Windows\WindowsUpdate.log
2015-06-24 14:28 - 2012-08-28 19:00 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-24 14:24 - 2012-05-26 00:39 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-24 14:22 - 2015-05-21 08:14 - 00010068 _____ C:\Windows\setupact.log
2015-06-24 14:22 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-24 11:27 - 2012-08-28 19:00 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-24 11:27 - 2012-08-28 19:00 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-24 11:27 - 2011-11-06 11:20 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-24 10:57 - 2012-09-09 23:59 - 00001148 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-326697408-1932606760-2851138926-1001UA.job
2015-06-24 10:57 - 2012-09-09 23:59 - 00001096 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-326697408-1932606760-2851138926-1001Core.job
2015-06-24 10:10 - 2011-03-07 12:05 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-24 10:06 - 2015-03-23 03:22 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-06-20 23:43 - 2011-10-03 22:24 - 00001144 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-326697408-1932606760-2851138926-1001Core.job
2015-06-20 17:12 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-06-20 12:15 - 2010-11-17 20:35 - 00710768 _____ C:\Windows\system32\perfh007.dat
2015-06-20 12:15 - 2010-11-17 20:35 - 00155066 _____ C:\Windows\system32\perfc007.dat
2015-06-20 12:15 - 2009-07-14 07:13 - 01651648 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-19 18:22 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-06-19 17:51 - 2009-07-14 06:45 - 00465824 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-19 17:49 - 2014-12-12 13:23 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-19 17:49 - 2014-05-06 11:27 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-19 17:48 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-19 17:07 - 2013-08-14 14:11 - 00000000 ____D C:\Windows\system32\MRT
2015-06-19 17:00 - 2013-07-05 13:38 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-19 16:58 - 2009-07-14 04:34 - 00000478 _____ C:\Windows\win.ini
2015-06-18 12:59 - 2013-05-06 12:38 - 00000000 ____D C:\Qoobox
2015-06-05 07:20 - 2015-05-20 09:52 - 00000000 ____D C:\Users\Ghafar Rahim\Desktop\BU1003 Economics for Sustainable Business
2015-06-04 03:49 - 2012-06-07 23:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-03 04:12 - 2013-10-24 16:06 - 00001085 _____ C:\Windows\wininit.ini
2015-06-02 06:46 - 2013-12-21 17:36 - 00000000 ____D C:\Users\Ghafar Rahim\AppData\Roaming\Spotify
2015-06-02 06:27 - 2013-12-21 17:37 - 00000000 ____D C:\Users\Ghafar Rahim\AppData\Local\Spotify
2015-06-01 04:29 - 2015-05-20 09:52 - 00000000 ____D C:\Users\Ghafar Rahim\Desktop\BX2014 Financial Management
2015-05-31 12:43 - 2013-07-07 15:13 - 00000000 ____D C:\Users\Ghafar Rahim\Desktop\_
2015-05-29 03:35 - 2011-02-21 21:49 - 00000000 ____D C:\Users\Ghafar Rahim\AppData\Local\Adobe
==================== Files in the root of some directories =======
2013-07-14 17:39 - 2013-07-14 17:39 - 0000004 _____ () C:\Users\Ghafar Rahim\AppData\Roaming\cache.ini
2013-06-26 01:02 - 2013-06-26 01:02 - 0000101 _____ () C:\Users\Ghafar Rahim\AppData\Roaming\mbam.context.scan
2013-05-06 11:34 - 2013-05-06 11:36 - 0007168 ___SH () C:\Users\Ghafar Rahim\AppData\Roaming\Thumbs.db
2011-10-12 21:53 - 2011-10-12 21:53 - 0030236 _____ () C:\Users\Ghafar Rahim\AppData\Roaming\UserTile.png
2006-12-11 20:13 - 2006-12-11 20:13 - 0097336 _____ (Un4seen Developments) C:\Users\Ghafar Rahim\AppData\Local\bass.dll
2006-12-11 20:13 - 2006-12-11 20:13 - 0013872 _____ (Un4seen Developments) C:\Users\Ghafar Rahim\AppData\Local\basscd.dll
2007-08-13 18:46 - 2007-08-13 18:46 - 0102912 _____ (Albert L Faber) C:\Users\Ghafar Rahim\AppData\Local\CDRip.dll
2013-05-13 00:09 - 2013-05-13 00:09 - 0000100 _____ () C:\Users\Ghafar Rahim\AppData\Local\fusioncache.dat
2007-01-18 22:09 - 2007-01-18 22:09 - 0623616 _____ (Ivan Bischof ©2003 - 2005) C:\Users\Ghafar Rahim\AppData\Local\No23 Recorder.exe
2011-12-11 23:31 - 2012-07-24 17:46 - 0001474 _____ () C:\Users\Ghafar Rahim\AppData\Local\RecConfig.xml
2013-01-25 01:42 - 2013-01-25 01:42 - 0003269 _____ () C:\ProgramData\Ip8n1qW.js
2013-01-25 01:42 - 2013-01-25 01:42 - 0000153 _____ () C:\ProgramData\Ip8n1qW.reg
2013-01-28 19:43 - 2013-01-28 19:43 - 0000082 _____ () C:\ProgramData\RgrcJvf.bat
2013-01-28 19:43 - 2013-01-28 19:43 - 0003270 _____ () C:\ProgramData\RgrcJvf.js
2013-01-28 19:43 - 2013-01-28 19:43 - 0000153 _____ () C:\ProgramData\RgrcJvf.reg
Files to move or delete:
====================
C:\ProgramData\Ip8n1qW.js
C:\ProgramData\Ip8n1qW.reg
C:\ProgramData\RgrcJvf.bat
C:\ProgramData\RgrcJvf.js
C:\ProgramData\RgrcJvf.reg
C:\Users\Ghafar Rahim\AppData\Roaming\cache.ini
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-18 13:52
==================== End of log ============================
und Addition #FRST Additions Logfile: [CODE]Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version:21-06-2015 01
Ran by Ghafar Rahim at 2015-06-24 14:38:05
Running from C:\Users\Ghafar Rahim\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-326697408-1932606760-2851138926-500 - Administrator - Disabled)
ASPNET (S-1-5-21-326697408-1932606760-2851138926-1004 - Limited - Enabled)
Gast (S-1-5-21-326697408-1932606760-2851138926-501 - Limited - Disabled) => C:\Users\Gast
Ghafar Rahim (S-1-5-21-326697408-1932606760-2851138926-1001 - Administrator - Enabled) => C:\Users\Ghafar Rahim
HomeGroupUser$ (S-1-5-21-326697408-1932606760-2851138926-1002 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)
Acer Crystal Eye webcam (HKLM-x32\...\{51F026FA-5146-4232-A8BA-1364740BD053}) (Version: 1.0.4.5 - Liteon)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0707.2010 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.4.634 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{BAF4695F-7867-D8B2-528A-A1EF2EE0A9EF}) (Version: 3.0.778.0 - ATI Technologies, Inc.)
Audials TV (HKLM-x32\...\{24EE4523-711A-4BD1-95EA-F73A8A6950D3}) (Version: 1.3.10803.300 - RapidSolution Software AG)
Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden
BestPractice (remove only) (HKLM-x32\...\BestPractice) (Version: - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.0.2.3 - Broadcom Corporation)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.1.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MX920 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX920_series) (Version: 1.00 - Canon Inc.)
ccc-core-static (x32 Version: 2010.0825.2205.37769 - Ihr Firmenname) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform)
ColorPicker Version 2.5 (HKLM-x32\...\{2A999A57-4530-41AC-AF6B-E5B7A28BA357}_is1) (Version: 2.5 - Cronoxyd.de)
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.24.3 - Electronic Arts)
DivX-Setup (HKLM-x32\...\DivX Setup.divx.com) (Version: 2.4.0.6 - DivX, LLC)
Dropbox (HKU\S-1-5-21-326697408-1932606760-2851138926-1001\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Free M4a to MP3 Converter 7.0 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com)
Google Chrome (HKU\S-1-5-21-326697408-1932606760-2851138926-1001\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
HP Deskjet 3000 J310 series - Grundlegende Software für das Gerät (HKLM\...\{6C71F039-AD9F-496E-985E-0A6DC3A41717}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Deskjet 3000 J310 series Hilfe (HKLM-x32\...\{654A65DA-7173-4B51-ACEB-F855201EE033}) (Version: 140.0.66.66 - Hewlett Packard)
HP Officejet 6500 E710a-f - Grundlegende Software für das Gerät (HKLM\...\{8F4884F1-488D-4738-8F71-65A378BB484C}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710a-f Hilfe (HKLM-x32\...\{037CD593-D760-4A00-B030-7BBAFA1123FE}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Acer Inc.)
Lexmark 3500-4500 Series (HKLM-x32\...\Lexmark 3500-4500 Series) (Version: - Lexmark International, Inc.)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4727.1003 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mioplanet Battery Meter (HKLM-x32\...\Mioplanet Battery Meter) (Version: - )
MobileMe Control Panel (HKLM\...\{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}) (Version: 3.1.6.0 - Apple Inc.)
Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MyTomTom 3.2.0.802 (HKLM-x32\...\MyTomTom) (Version: 3.2.0.802 - TomTom)
No23 Recorder (HKLM-x32\...\{22B0E143-2B0B-435B-9F56-136A3D16065F}) (Version: 2.1.0.3 - No23)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8939 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8939 - NTI Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.10.2728 - Electronic Arts, Inc.)
PDF24 Creator 6.1.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6034 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30122 - Realtek Semiconductor Corp.)
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version: - Punk Software)
San Andreas Mod Installer (HKLM-x32\...\San Andreas Mod Installer1.1) (Version: 1.1 - cpmusick)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 1.0.0.0 - Electronic Arts)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-326697408-1932606760-2851138926-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)
Überwachungstool für die Intel® Turbo-Boost-Technik (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
Unity Web Player (HKU\S-1-5-21-326697408-1932606760-2851138926-1001\...\UnityWebPlayer) (Version: 4.5.5f1 - Unity Technologies ApS)
VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0 - DivX, Inc) Hidden
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 1.1.7 (HKLM-x32\...\VLC media player) (Version: 1.1.7 - VideoLAN)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3004 - Acer Incorporated)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Xradio 0.5.1 (HKLM-x32\...\{xradio@xradio.org}_is1) (Version: - Xradio)
XSManager (HKLM-x32\...\XSManager) (Version: 3.2 - XSManager)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-326697408-1932606760-2851138926-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ghafar Rahim\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-326697408-1932606760-2851138926-1001_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-326697408-1932606760-2851138926-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Ghafar Rahim\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-326697408-1932606760-2851138926-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Ghafar Rahim\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-326697408-1932606760-2851138926-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Ghafar Rahim\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-326697408-1932606760-2851138926-1001_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-326697408-1932606760-2851138926-1001_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-326697408-1932606760-2851138926-1001_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-326697408-1932606760-2851138926-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Ghafar Rahim\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-326697408-1932606760-2851138926-1001_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-326697408-1932606760-2851138926-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Ghafar Rahim\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-326697408-1932606760-2851138926-1001_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-326697408-1932606760-2851138926-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Ghafar Rahim\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-326697408-1932606760-2851138926-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Ghafar Rahim\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-326697408-1932606760-2851138926-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ghafar Rahim\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-326697408-1932606760-2851138926-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ghafar Rahim\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-326697408-1932606760-2851138926-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ghafar Rahim\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-326697408-1932606760-2851138926-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ghafar Rahim\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-326697408-1932606760-2851138926-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Ghafar Rahim\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
==================== Restore Points =========================
18-06-2015 12:50:24 Windows Update
19-06-2015 16:55:52 Windows Update
24-06-2015 09:52:57 Windows Update
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2013-05-06 13:44 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {003C3726-1EE7-42FD-8636-907DB48985E6} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {0AAFDD20-6056-4BAB-AAB0-6C4516865B97} - System32\Tasks\{768EBFB9-02E1-4A2F-B627-7F9C10AC5F8D} => C:\Users\Ghafar Rahim\Desktop\Counter-Strike HALF LIVE\hl.exe
Task: {1C7290FB-5455-4643-B263-34BE28576B9B} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-05-28] (Microsoft Corporation)
Task: {1FC9E2DA-881E-42A1-8993-E6FA1945BAD5} - System32\Tasks\{1A9E282A-0B1C-442A-972D-F92A3C99C02B} => C:\Users\Ghafar Rahim\Desktop\Counter-Strike HALF LIVE\hl.exe
Task: {2B65D024-88C4-45D6-9CFE-39ECF177A535} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-326697408-1932606760-2851138926-1001UA => C:\Users\Ghafar Rahim\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {364DE096-2E54-4F61-A757-3185D6CB7883} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation)
Task: {369C5D57-F9DE-422D-806A-8A35F2749972} - \SidebarExecute No Task File <==== ATTENTION
Task: {3B6F8CF1-4978-4BA1-841E-F70FC9DC8295} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {4039F04D-76A3-4EE4-B72A-C50D32A49448} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {41B5CA5A-C26B-4BAC-9ABF-12E8A53ACE21} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-05-19] (Microsoft Corporation)
Task: {421A1491-95C6-41D4-81A7-6C855FDD2F18} - System32\Tasks\{013C0782-EB4F-48E6-A164-C26F9783041C} => C:\Users\Ghafar Rahim\Desktop\Counter-Strike HALF LIVE\hl.exe
Task: {62B23F6C-70AB-4C44-BCD7-E72D59B9F031} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: {653B8F9D-3076-4B95-8388-C03DAFB0A5B8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-05-12] (Microsoft Corporation)
Task: {6A79D65E-F4EE-4405-AB92-ABD3B62673D0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-24] (Adobe Systems Incorporated)
Task: {6AB6DA94-61F9-4DFF-8228-1A1B430B2FC5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-26] (Google Inc.)
Task: {733C5874-1C8D-4CA8-8E44-6D7A6916081F} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Time-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {908A5329-F3BE-4820-A3D2-E3A212B320E9} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-326697408-1932606760-2851138926-1001Core => C:\Users\Ghafar Rahim\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {9D338F4C-32FF-4A3F-B7C8-561DFC538D7C} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {A33E0800-2C1C-4B04-BB12-A3691637E9CD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-26] (Google Inc.)
Task: {A5A2B0BF-12B0-4617-8EE1-8A840D2ED8E8} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2012-08-11] (Microsoft Corporation)
Task: {AD13274F-8318-47EF-8688-782170637488} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-05-19] (Microsoft Corporation)
Task: {B66FDB8D-13BD-4BEE-870A-1F05F222E4C1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
Task: {CEA13092-C2B1-419A-B451-30BC7902CAEC} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {D5971B6F-AE0E-4FB8-877A-5DB4A9D229AC} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {F24D7771-06BB-4969-B342-BEF272B2A9BB} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {F8163D45-B7AC-4823-B950-A0C38E9F78B4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-326697408-1932606760-2851138926-1001Core => C:\Users\Ghafar Rahim\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-12] (Google Inc.)
Task: {FCD6B807-0847-4EC3-BF80-9937A45ECE08} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FF6E8E28-7AD3-4BA3-A35E-2DD6CDA9294C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-326697408-1932606760-2851138926-1001UA => C:\Users\Ghafar Rahim\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-12] (Google Inc.)
Task: {FF9EEA58-3DE6-4AD0-8E2E-DAAE3680DDC1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-05-12] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-326697408-1932606760-2851138926-1001Core.job => C:\Users\Ghafar Rahim\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-326697408-1932606760-2851138926-1001UA.job => C:\Users\Ghafar Rahim\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-326697408-1932606760-2851138926-1001Core.job => C:\Users\Ghafar Rahim\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-326697408-1932606760-2851138926-1001UA.job => C:\Users\Ghafar Rahim\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2015-03-23 03:22 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-11-10 21:00 - 2013-05-06 15:45 - 00329848 ____N () C:\Program Files (x86)\XSManager\WTGService.exe
2015-03-23 03:25 - 2015-03-23 03:25 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2011-04-03 10:24 - 2007-09-02 13:58 - 00495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe
2011-04-08 22:51 - 2011-04-08 22:51 - 00405511 _____ () C:\Program Files (x86)\Mioplanet Battery Meter\Mioplanet Battery Meter.exe
2010-08-26 16:45 - 2010-08-26 16:45 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-08-25 23:04 - 2010-08-25 23:04 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-06-29 00:20 - 2010-06-29 00:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-06-29 00:12 - 2010-06-29 00:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2011-04-03 10:24 - 2007-03-04 10:48 - 00106496 _____ () C:\Program Files (x86)\RocketDock\Docklets\RocketClock\RocketClock.dll
2011-04-03 10:24 - 2007-09-02 13:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll
2014-10-17 09:35 - 2014-10-17 09:35 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\89753abff3827095ec7f3d3fb79f744a\IsdiInterop.ni.dll
2010-08-30 11:03 - 2010-04-13 18:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2015-03-23 03:23 - 2015-03-23 03:25 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2015-06-24 11:27 - 2015-06-24 11:27 - 16867504 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_190.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-326697408-1932606760-2851138926-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ghafar Rahim\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 134.76.10.46 - 134.76.33.21
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\startupfolder: C:^Users^Ghafar Rahim^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^aejolc7.lnk => C:\Windows\pss\aejolc7.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Ghafar Rahim^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Ghafar Rahim^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Ghafar Rahim^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^runctf.lnk => C:\Windows\pss\runctf.lnk.Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: EA Core => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
MSCONFIG\startupreg: Elupyduble => "C:\Users\Ghafar Rahim\AppData\Roaming\Arexa\paaz.exe"
MSCONFIG\startupreg: Facebook Update => "C:\Users\Ghafar Rahim\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Google Update => "C:\Users\Ghafar Rahim\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LManager => C:\Program Files (x86)\Launch Manager\LManager.exe
MSCONFIG\startupreg: lxdiamon => "C:\Program Files (x86) (x86)\Lexmark 3500-4500 Series\lxdiamon.exe"
MSCONFIG\startupreg: lxdimon.exe => "C:\Program Files (x86) (x86)\Lexmark 3500-4500 Series\lxdimon.exe"
MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: mwlDaemon => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{812FE1D0-4972-4EFC-8CF1-0FC96E2AAA30}C:\desktop\spiele\age of empires ii - the conquerors\age2_x1\age2_x1.exe] => (Block) C:\desktop\spiele\age of empires ii - the conquerors\age2_x1\age2_x1.exe
FirewallRules: [UDP Query User{018BC7F8-7EAB-4496-87AE-89046307DFA7}C:\desktop\spiele\age of empires ii - the conquerors\age2_x1\age2_x1.exe] => (Block) C:\desktop\spiele\age of empires ii - the conquerors\age2_x1\age2_x1.exe
FirewallRules: [TCP Query User{93934B05-6AB8-420E-8549-139AEE7B8C47}C:\windows\syswow64\dplaysvr.exe] => (Block) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{C4F03213-7ED2-4910-BAA8-5CDE349FF111}C:\windows\syswow64\dplaysvr.exe] => (Block) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{44203207-492B-41AD-B595-88B27F0B25AD}C:\desktop\spiele\age of empires ii - the conquerors\age2_x1\age2_x2.exe] => (Allow) C:\desktop\spiele\age of empires ii - the conquerors\age2_x1\age2_x2.exe
FirewallRules: [UDP Query User{2F2294DA-4265-4E8C-8166-060B3AD3A451}C:\desktop\spiele\age of empires ii - the conquerors\age2_x1\age2_x2.exe] => (Allow) C:\desktop\spiele\age of empires ii - the conquerors\age2_x1\age2_x2.exe
FirewallRules: [{105B4824-4A42-411A-9445-6FA2DC09E46B}] => (Allow) C:\Users\Ghafar Rahim\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{5F471DCA-69DF-482D-8F5B-970890C3AF1A}] => (Allow) C:\Users\Ghafar Rahim\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{315A90A2-EF6F-4FE5-B004-F18F8B75CA99}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{D6EF273E-8A75-408C-9210-AD7865E02DFE}] => (Allow) C:\Users\Ghafar Rahim\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{9FC93BBD-5958-4DCD-92F1-7EA0657B74D4}] => (Allow) C:\Users\Ghafar Rahim\AppData\Local\Google\Chrome\Application\chrome.exe
FirewallRules: [{16C450D4-E5F0-49E8-A30C-8113384AA4E9}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{47E8277A-B34D-4D5B-B417-217EDF36C855}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{82F25215-5A1B-4B6B-99DA-BC16F5621CC7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{03186DE4-6182-4AA1-BF8A-253602CFB893}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{CE08D2D6-C565-467E-BE09-3CE0665B85C8}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{2DC5FD7F-53E3-4E41-B57B-63FC3EF318AF}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{F27B9560-26C5-4B5F-915B-EEBE6B9FB1EF}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{08B60351-FA6E-4969-938D-B6A7DB3C3F21}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/24/2015 02:32:25 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485933
Error: (06/24/2015 02:32:25 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x5; CorrelationId: {6121F666-C128-43A1-9650-94ED6E6EB93A}
Error: (06/24/2015 10:09:18 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418219
Error: (06/01/2015 10:18:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 38.0.1.5611, Zeitstempel: 0x55541a90
Name des fehlerhaften Moduls: mozalloc.dll, Version: 38.0.1.5611, Zeitstempel: 0x55540a1e
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001aa1
ID des fehlerhaften Prozesses: 0x11c4
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (05/28/2015 04:36:22 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485933
Error: (05/28/2015 04:36:22 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x5; CorrelationId: {CB4736A1-7D7F-4FB9-8029-A1DE4DC962E3}
Error: (05/26/2015 10:50:24 AM) (Source: Google Update) (EventID: 20) (User: GhafarRahim-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned
Error: (05/26/2015 05:37:05 AM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {12BC0AA8-263E-48B7-BBEC-08955D22CB35}
Error: (05/26/2015 05:37:05 AM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {12BC0AA8-263E-48B7-BBEC-08955D22CB35}
Error: (05/26/2015 05:36:12 AM) (Source: Google Update) (EventID: 20) (User: GhafarRahim-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned
System errors:
=============
Error: (06/24/2015 02:23:05 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)
Error: (06/24/2015 02:23:03 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (06/24/2015 09:44:07 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)
Error: (06/24/2015 09:44:01 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (06/22/2015 10:12:00 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)
Error: (06/22/2015 10:11:53 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (06/21/2015 11:20:12 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)
Error: (06/21/2015 11:20:01 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (06/20/2015 03:09:46 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)
Error: (06/20/2015 03:09:39 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Microsoft Office:
=========================
Error: (06/24/2015 02:32:25 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485933
Error: (06/24/2015 02:32:25 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x5; CorrelationId: {6121F666-C128-43A1-9650-94ED6E6EB93A}
Error: (06/24/2015 10:09:18 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418219
Error: (06/01/2015 10:18:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe38.0.1.561155541a90mozalloc.dll38.0.1.561155540a1e8000000300001aa111c401d09c431888bc90C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlld07895d5-0836-11e5-8f9e-1c7508325f42
Error: (05/28/2015 04:36:22 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485933
Error: (05/28/2015 04:36:22 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x5; CorrelationId: {CB4736A1-7D7F-4FB9-8029-A1DE4DC962E3}
Error: (05/26/2015 10:50:24 AM) (Source: Google Update) (EventID: 20) (User: GhafarRahim-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned
Error: (05/26/2015 05:37:05 AM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {12BC0AA8-263E-48B7-BBEC-08955D22CB35}
Error: (05/26/2015 05:37:05 AM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {12BC0AA8-263E-48B7-BBEC-08955D22CB35}
Error: (05/26/2015 05:36:12 AM) (Source: Google Update) (EventID: 20) (User: GhafarRahim-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned
CodeIntegrity Errors:
===================================
Date: 2013-07-15 11:42:18.975
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-07-15 11:42:18.815
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-05-06 13:43:53.154
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-05-06 13:43:53.076
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-05-06 13:43:53.014
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-05-06 13:43:52.936
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-05-06 13:03:23.612
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-05-06 13:03:23.518
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz
Percentage of memory in use: 53%
Total physical RAM: 2550.71 MB
Available physical RAM: 1193.37 MB
Total Pagefile: 5099.63 MB
Available Pagefile: 3149.83 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:452.66 GB) (Free:133.72 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 9B07C48C)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=452.7 GB) - (Type=07 NTFS)
==================== End of log ============================
--- --- --- |
|
25.06.2015, 08:40
| #4 |
| /// the machine /// TB-Ausbilder | Unbekanntes Problem mit meinem Acer Laptop hi, Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.07.2015, 15:33
| #5 |
| | Unbekanntes Problem mit meinem Acer Laptop #Malwarebytes Anti-Rootkit BETA 1.09.1.1004 www.malwarebytes.org Database version: main: v2015.07.01.02 rootkit: v2015.06.30.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.17843 Ghafar Rahim :: GHAFARRAHIM-PC [administrator] 01.07.2015 13:29:48 mbar-log-2015-07-01 (13-29-48).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 442200 Time elapsed: 59 minute(s), 59 second(s) [aborted] Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) # Malwarebytes Anti-Rootkit BETA 1.09.1.1004 www.malwarebytes.org Database version: main: v2015.07.01.02 rootkit: v2015.06.30.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.17843 Ghafar Rahim :: GHAFARRAHIM-PC [administrator] 01.07.2015 14:34:09 mbar-log-2015-07-01 (14-34-09).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 466046 Time elapsed: 58 minute(s), 18 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) # 16:30:52.0331 0x15a4 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04 16:30:58.0165 0x15a4 ============================================================ 16:30:58.0165 0x15a4 Current date / time: 2015/07/01 16:30:58.0165 16:30:58.0165 0x15a4 SystemInfo: 16:30:58.0165 0x15a4 16:30:58.0165 0x15a4 OS Version: 6.1.7601 ServicePack: 1.0 16:30:58.0165 0x15a4 Product type: Workstation 16:30:58.0165 0x15a4 ComputerName: GHAFARRAHIM-PC 16:30:58.0165 0x15a4 UserName: Ghafar Rahim 16:30:58.0165 0x15a4 Windows directory: C:\Windows 16:30:58.0165 0x15a4 System windows directory: C:\Windows 16:30:58.0165 0x15a4 Running under WOW64 16:30:58.0165 0x15a4 Processor architecture: Intel x64 16:30:58.0165 0x15a4 Number of processors: 4 16:30:58.0165 0x15a4 Page size: 0x1000 16:30:58.0165 0x15a4 Boot type: Normal boot 16:30:58.0165 0x15a4 ============================================================ 16:30:58.0352 0x15a4 KLMD registered as C:\Windows\system32\drivers\24510491.sys 16:30:58.0649 0x15a4 System UUID: {F54780FF-22E7-3AEB-EED1-9779BEA08641} 16:30:59.0039 0x15a4 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 16:30:59.0054 0x15a4 ============================================================ 16:30:59.0054 0x15a4 \Device\Harddisk0\DR0: 16:30:59.0054 0x15a4 MBR partitions: 16:30:59.0054 0x15a4 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000 16:30:59.0054 0x15a4 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x38953000 16:30:59.0054 0x15a4 ============================================================ 16:30:59.0070 0x15a4 C: <-> \Device\Harddisk0\DR0\Partition2 16:30:59.0070 0x15a4 ============================================================ 16:30:59.0070 0x15a4 Initialize success 16:30:59.0070 0x15a4 ============================================================ 16:31:04.0265 0x15ec ============================================================ 16:31:04.0265 0x15ec Scan started 16:31:04.0265 0x15ec Mode: Manual; 16:31:04.0265 0x15ec ============================================================ 16:31:04.0265 0x15ec KSN ping started 16:31:17.0961 0x15ec KSN ping finished: true 16:31:19.0818 0x15ec ================ Scan system memory ======================== 16:31:19.0818 0x15ec System memory - ok 16:31:19.0818 0x15ec ================ Scan services ============================= 16:31:20.0036 0x15ec [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 16:31:20.0052 0x15ec 1394ohci - ok 16:31:20.0130 0x15ec [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys 16:31:20.0130 0x15ec ACPI - ok 16:31:20.0208 0x15ec [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 16:31:20.0208 0x15ec AcpiPmi - ok 16:31:20.0379 0x15ec [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 16:31:20.0379 0x15ec AdobeARMservice - ok 16:31:20.0551 0x15ec [ 6259A5B669AE018A5E53247259A101C3, 1CD2102FAF1DCEB6B8278D098A7C1A85ED6D6E5DCF7F70E0E9A5166B67C8D057 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 16:31:20.0551 0x15ec AdobeFlashPlayerUpdateSvc - ok 16:31:20.0598 0x15ec [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 16:31:20.0613 0x15ec adp94xx - ok 16:31:20.0645 0x15ec [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 16:31:20.0645 0x15ec adpahci - ok 16:31:20.0691 0x15ec [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 16:31:20.0691 0x15ec adpu320 - ok 16:31:20.0754 0x15ec [ 83BFCCAC53795E8A5055A93672D0C46C, B2B03473D950A5BA9DE59D81E7B14C1FAFF17B2A4D8A5808588F5CC21D63B291 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 16:31:20.0754 0x15ec AeLookupSvc - ok 16:31:20.0816 0x15ec [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys 16:31:20.0832 0x15ec AFD - ok 16:31:20.0879 0x15ec [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys 16:31:20.0894 0x15ec agp440 - ok 16:31:20.0925 0x15ec [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe 16:31:20.0925 0x15ec ALG - ok 16:31:21.0003 0x15ec [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys 16:31:21.0003 0x15ec aliide - ok 16:31:21.0050 0x15ec [ FF779F9DE1CDF477033858B7681CEDA8, F190057C680F41BEF49FA7BE26A5827C124EC0BFE19D3E21ED93A3287E732D99 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 16:31:21.0050 0x15ec AMD External Events Utility - ok 16:31:21.0128 0x15ec [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys 16:31:21.0128 0x15ec amdide - ok 16:31:21.0175 0x15ec [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 16:31:21.0175 0x15ec AmdK8 - ok 16:31:21.0409 0x15ec [ EF2B99DCEE397B45F50594696D7B5339, 568BD4AFD14C32A1602AE98D00A6C05372C0AE48D17CBC9257272A57F72E69D4 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys 16:31:21.0518 0x15ec amdkmdag - ok 16:31:21.0549 0x15ec [ 239DCE60BEE6E1576C803948AB4D54C5, BC346ACD57E9BDBBC4C659B1C9CB4D696A42B2AB3DBC387A169C89D11D15A673 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys 16:31:21.0549 0x15ec amdkmdap - ok 16:31:21.0565 0x15ec [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 16:31:21.0565 0x15ec AmdPPM - ok 16:31:21.0627 0x15ec [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys 16:31:21.0627 0x15ec amdsata - ok 16:31:21.0659 0x15ec [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 16:31:21.0659 0x15ec amdsbs - ok 16:31:21.0674 0x15ec [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys 16:31:21.0674 0x15ec amdxata - ok 16:31:21.0737 0x15ec [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID C:\Windows\system32\drivers\appid.sys 16:31:21.0737 0x15ec AppID - ok 16:31:21.0752 0x15ec [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc C:\Windows\System32\appidsvc.dll 16:31:21.0752 0x15ec AppIDSvc - ok 16:31:21.0815 0x15ec [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll 16:31:21.0815 0x15ec Appinfo - ok 16:31:21.0877 0x15ec [ 650D03E40F93FAE323CB841F80368E5C, F67B97CFDCE2EE9294977725268EFDB0DD724BD16E7ED5BFCA45375AA8EBA5BB ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 16:31:21.0877 0x15ec Apple Mobile Device - ok 16:31:21.0939 0x15ec [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys 16:31:21.0939 0x15ec arc - ok 16:31:21.0955 0x15ec [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 16:31:21.0955 0x15ec arcsas - ok 16:31:22.0111 0x15ec [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 16:31:22.0111 0x15ec aspnet_state - ok 16:31:22.0158 0x15ec [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 16:31:22.0158 0x15ec AsyncMac - ok 16:31:22.0220 0x15ec [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys 16:31:22.0220 0x15ec atapi - ok 16:31:22.0314 0x15ec [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 16:31:22.0329 0x15ec AudioEndpointBuilder - ok 16:31:22.0376 0x15ec [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv C:\Windows\System32\Audiosrv.dll 16:31:22.0376 0x15ec AudioSrv - ok 16:31:22.0439 0x15ec [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll 16:31:22.0439 0x15ec AxInstSV - ok 16:31:22.0485 0x15ec [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 16:31:22.0485 0x15ec b06bdrv - ok 16:31:22.0548 0x15ec [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 16:31:22.0548 0x15ec b57nd60a - ok 16:31:22.0719 0x15ec [ 2D659B569A76CDB83B815675A80D7096, 8246BD350017B6CBADA4BBDBAB8B708B0A8F1AD5ADD4B2DE1BA610B4A188C262 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys 16:31:22.0782 0x15ec BCM43XX - ok 16:31:22.0844 0x15ec [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll 16:31:22.0844 0x15ec BDESVC - ok 16:31:22.0875 0x15ec [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys 16:31:22.0875 0x15ec Beep - ok 16:31:22.0985 0x15ec [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll 16:31:23.0000 0x15ec BFE - ok 16:31:23.0109 0x15ec [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll 16:31:23.0125 0x15ec BITS - ok 16:31:23.0172 0x15ec [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 16:31:23.0172 0x15ec blbdrive - ok 16:31:23.0265 0x15ec [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 16:31:23.0265 0x15ec Bonjour Service - ok 16:31:23.0343 0x15ec [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 16:31:23.0343 0x15ec bowser - ok 16:31:23.0375 0x15ec [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 16:31:23.0375 0x15ec BrFiltLo - ok 16:31:23.0390 0x15ec [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 16:31:23.0390 0x15ec BrFiltUp - ok 16:31:23.0406 0x15ec [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys 16:31:23.0406 0x15ec BridgeMP - ok 16:31:23.0484 0x15ec [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll 16:31:23.0484 0x15ec Browser - ok 16:31:23.0499 0x15ec [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys 16:31:23.0515 0x15ec Brserid - ok 16:31:23.0531 0x15ec [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 16:31:23.0531 0x15ec BrSerWdm - ok 16:31:23.0562 0x15ec [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 16:31:23.0562 0x15ec BrUsbMdm - ok 16:31:23.0562 0x15ec [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 16:31:23.0562 0x15ec BrUsbSer - ok 16:31:23.0593 0x15ec [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 16:31:23.0593 0x15ec BTHMODEM - ok 16:31:23.0640 0x15ec [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll 16:31:23.0640 0x15ec bthserv - ok 16:31:23.0702 0x15ec catchme - ok 16:31:23.0733 0x15ec [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 16:31:23.0749 0x15ec cdfs - ok 16:31:23.0811 0x15ec [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 16:31:23.0811 0x15ec cdrom - ok 16:31:23.0889 0x15ec [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll 16:31:23.0889 0x15ec CertPropSvc - ok 16:31:23.0921 0x15ec [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys 16:31:23.0921 0x15ec circlass - ok 16:31:23.0999 0x15ec [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS C:\Windows\system32\CLFS.sys 16:31:23.0999 0x15ec CLFS - ok 16:31:24.0201 0x15ec [ 85FF7BE64BF886933E4385FC5CA97C99, FFD5CBC07C016CC78342BC4DFBEF9E70285BEADEB0DB70CD92D065A68CB2814F ] ClickToRunSvc C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe 16:31:24.0248 0x15ec ClickToRunSvc - ok 16:31:24.0357 0x15ec [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 16:31:24.0357 0x15ec clr_optimization_v2.0.50727_32 - ok 16:31:24.0435 0x15ec [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 16:31:24.0435 0x15ec clr_optimization_v2.0.50727_64 - ok 16:31:24.0529 0x15ec [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 16:31:24.0545 0x15ec clr_optimization_v4.0.30319_32 - ok 16:31:24.0591 0x15ec [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 16:31:24.0591 0x15ec clr_optimization_v4.0.30319_64 - ok 16:31:24.0623 0x15ec [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 16:31:24.0623 0x15ec CmBatt - ok 16:31:24.0669 0x15ec [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys 16:31:24.0669 0x15ec cmdide - ok 16:31:24.0747 0x15ec [ F34031DC6D1745154F54B04AFF54F5D1, CDC5CCCB7F9A19C6F9459754895F60B149C2BDBADEF2620F75FAA9B870757758 ] cmnsusbser C:\Windows\system32\DRIVERS\cmnsusbser.sys 16:31:24.0747 0x15ec cmnsusbser - ok 16:31:24.0810 0x15ec [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG C:\Windows\system32\Drivers\cng.sys 16:31:24.0825 0x15ec CNG - ok 16:31:24.0888 0x15ec [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 16:31:24.0888 0x15ec Compbatt - ok 16:31:24.0950 0x15ec [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 16:31:24.0950 0x15ec CompositeBus - ok 16:31:24.0966 0x15ec COMSysApp - ok 16:31:24.0981 0x15ec [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 16:31:24.0981 0x15ec crcdisk - ok 16:31:25.0044 0x15ec [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc C:\Windows\system32\cryptsvc.dll 16:31:25.0044 0x15ec CryptSvc - ok 16:31:25.0106 0x15ec [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll 16:31:25.0122 0x15ec DcomLaunch - ok 16:31:25.0153 0x15ec [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll 16:31:25.0169 0x15ec defragsvc - ok 16:31:25.0215 0x15ec [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys 16:31:25.0215 0x15ec DfsC - ok 16:31:25.0278 0x15ec [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll 16:31:25.0278 0x15ec Dhcp - ok 16:31:25.0387 0x15ec [ AA5319FA8602676B5D3A2B4A1355896D, 57532E16FF0DDE3D62B6B6DC35E2598DD453140E9277247965A1E835645E588A ] DiagTrack C:\Windows\system32\diagtrack.dll 16:31:25.0403 0x15ec DiagTrack - ok 16:31:25.0449 0x15ec [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys 16:31:25.0449 0x15ec discache - ok 16:31:25.0481 0x15ec [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys 16:31:25.0481 0x15ec Disk - ok 16:31:25.0543 0x15ec [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll 16:31:25.0543 0x15ec Dnscache - ok 16:31:25.0605 0x15ec [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll 16:31:25.0605 0x15ec dot3svc - ok 16:31:25.0652 0x15ec [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll 16:31:25.0652 0x15ec DPS - ok 16:31:25.0715 0x15ec [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 16:31:25.0715 0x15ec drmkaud - ok 16:31:25.0793 0x15ec [ 9CF46FDF163E06B83D03FF929EF2296C, 40BB0226361DEC2E6CBFE79CA092083986BD3D94564ED5F3E54CA2EE9A756837 ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe 16:31:25.0793 0x15ec DsiWMIService - ok 16:31:25.0871 0x15ec [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 16:31:25.0902 0x15ec DXGKrnl - ok 16:31:25.0964 0x15ec [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll 16:31:25.0964 0x15ec EapHost - ok 16:31:26.0089 0x15ec [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 16:31:26.0198 0x15ec ebdrv - ok 16:31:26.0261 0x15ec [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] EFS C:\Windows\System32\lsass.exe 16:31:26.0261 0x15ec EFS - ok 16:31:26.0354 0x15ec [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 16:31:26.0370 0x15ec ehRecvr - ok 16:31:26.0417 0x15ec [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe 16:31:26.0417 0x15ec ehSched - ok 16:31:26.0463 0x15ec [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 16:31:26.0479 0x15ec elxstor - ok 16:31:26.0573 0x15ec [ 3EA2C4F68A782839D97B3C83595575B6, D4C3BFD0B6817B73BE9F2378FA946BD1C213A4FB9EB3F7D2C79E9B6D9F895106 ] ePowerSvc C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe 16:31:26.0604 0x15ec ePowerSvc - ok 16:31:26.0651 0x15ec [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys 16:31:26.0666 0x15ec ErrDev - ok 16:31:26.0713 0x15ec [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll 16:31:26.0713 0x15ec EventSystem - ok 16:31:26.0775 0x15ec [ 251AF86E0A4DDF3A6B181ED5103B06B1, 1823E7C87F0D8972A89D71B1FB633C5D43744F9803E6A8B866F6EA610032437C ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys 16:31:26.0775 0x15ec ewusbnet - ok 16:31:26.0791 0x15ec [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys 16:31:26.0791 0x15ec exfat - ok 16:31:26.0822 0x15ec [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys 16:31:26.0822 0x15ec fastfat - ok 16:31:26.0900 0x15ec [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe 16:31:26.0931 0x15ec Fax - ok 16:31:26.0963 0x15ec [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys 16:31:26.0963 0x15ec fdc - ok 16:31:26.0994 0x15ec [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll 16:31:26.0994 0x15ec fdPHost - ok 16:31:27.0009 0x15ec [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll 16:31:27.0009 0x15ec FDResPub - ok 16:31:27.0025 0x15ec [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 16:31:27.0025 0x15ec FileInfo - ok 16:31:27.0041 0x15ec [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 16:31:27.0041 0x15ec Filetrace - ok 16:31:27.0103 0x15ec [ BB0667B0171B632B97EA759515476F07, 07A123B2182D5813D2898928C231638353CF086606E9D5A5AF4A2A73E17CEC27 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 16:31:27.0119 0x15ec FLEXnet Licensing Service - ok 16:31:27.0134 0x15ec [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 16:31:27.0134 0x15ec flpydisk - ok 16:31:27.0197 0x15ec [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 16:31:27.0197 0x15ec FltMgr - ok 16:31:27.0290 0x15ec [ E612E86FA15EA1EF9A52433A2743C447, 8A66164541D2EE2334B6DE3995C31138EA85E3A06BC7FD901E60D345E4E1E8A8 ] FontCache C:\Windows\system32\FntCache.dll 16:31:27.0321 0x15ec FontCache - ok 16:31:27.0399 0x15ec [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 16:31:27.0399 0x15ec FontCache3.0.0.0 - ok 16:31:27.0431 0x15ec [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 16:31:27.0431 0x15ec FsDepends - ok 16:31:27.0477 0x15ec [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 16:31:27.0477 0x15ec Fs_Rec - ok 16:31:27.0524 0x15ec [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 16:31:27.0540 0x15ec fvevol - ok 16:31:27.0555 0x15ec [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 16:31:27.0555 0x15ec gagp30kx - ok 16:31:27.0618 0x15ec [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 16:31:27.0618 0x15ec GEARAspiWDM - ok 16:31:27.0696 0x15ec [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll 16:31:27.0727 0x15ec gpsvc - ok 16:31:27.0805 0x15ec [ 0191DEE9B9EB7902AF2CF4F67301095D, 9E2E263E84167E1AD3FFCEA84066AF07CD6A653F5D8266A619E4973BC4B25460 ] GREGService C:\Program Files (x86)\Acer\Registration\GREGsvc.exe 16:31:27.0805 0x15ec GREGService - ok 16:31:27.0930 0x15ec [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 16:31:27.0945 0x15ec gupdate - ok 16:31:27.0945 0x15ec [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 16:31:27.0945 0x15ec gupdatem - ok 16:31:27.0977 0x15ec [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 16:31:27.0977 0x15ec hcw85cir - ok 16:31:28.0055 0x15ec [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 16:31:28.0070 0x15ec HdAudAddService - ok 16:31:28.0133 0x15ec [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 16:31:28.0133 0x15ec HDAudBus - ok 16:31:28.0164 0x15ec [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys 16:31:28.0179 0x15ec HECIx64 - ok 16:31:28.0195 0x15ec [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 16:31:28.0195 0x15ec HidBatt - ok 16:31:28.0211 0x15ec [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 16:31:28.0211 0x15ec HidBth - ok 16:31:28.0226 0x15ec [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 16:31:28.0226 0x15ec HidIr - ok 16:31:28.0257 0x15ec [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\System32\hidserv.dll 16:31:28.0273 0x15ec hidserv - ok 16:31:28.0335 0x15ec [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 16:31:28.0335 0x15ec HidUsb - ok 16:31:28.0382 0x15ec [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll 16:31:28.0382 0x15ec hkmsvc - ok 16:31:28.0445 0x15ec [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll 16:31:28.0460 0x15ec HomeGroupListener - ok 16:31:28.0507 0x15ec [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 16:31:28.0507 0x15ec HomeGroupProvider - ok 16:31:28.0569 0x15ec [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 16:31:28.0569 0x15ec HpSAMD - ok 16:31:28.0647 0x15ec [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP C:\Windows\system32\drivers\HTTP.sys 16:31:28.0679 0x15ec HTTP - ok 16:31:28.0757 0x15ec [ 4B5C07DB91A0099272FAAE732E1152BD, E0408F85A2E1E310F5143A01A34456F120875D21E0E9D0A9F9EBC96514CFC47C ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys 16:31:28.0757 0x15ec hwdatacard - ok 16:31:28.0803 0x15ec [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 16:31:28.0803 0x15ec hwpolicy - ok 16:31:28.0866 0x15ec [ 9C13A2691AC410CC7469F298684DCA5D, 2B07FE759B479A36AB4DE185AF8B4295396A1F8674587721BE7C92FC31ADFF0D ] hwusbfake C:\Windows\system32\DRIVERS\ewusbfake.sys 16:31:28.0866 0x15ec hwusbfake - ok 16:31:28.0944 0x15ec [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 16:31:28.0944 0x15ec i8042prt - ok 16:31:28.0991 0x15ec [ 1384872112E8E7FD5786ECEB8BDDF4C9, DC7844691740805A94F2901F8CB56F1591AF4F0F9C6D92D6B8595F89E6FA5F02 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 16:31:29.0006 0x15ec iaStor - ok 16:31:29.0069 0x15ec [ 6B24D1C3096DE796D15571079EA5E98C, 89566A7BDEDA7A663110F72B6301998651937E1E3E541EAB054169CEC8C7353F ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe 16:31:29.0069 0x15ec IAStorDataMgrSvc - ok 16:31:29.0115 0x15ec [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 16:31:29.0131 0x15ec iaStorV - ok 16:31:29.0209 0x15ec [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 16:31:29.0240 0x15ec idsvc - ok 16:31:29.0303 0x15ec IEEtwCollectorService - ok 16:31:29.0334 0x15ec [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 16:31:29.0334 0x15ec iirsp - ok 16:31:29.0427 0x15ec [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll 16:31:29.0459 0x15ec IKEEXT - ok 16:31:29.0505 0x15ec [ DD587A55390ED2295BCE6D36AD567DA9, AEB7DCB8EF89BEE8D9649A05FC482B1E4E3F44243D57A2577C862EB69166C48E ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys 16:31:29.0505 0x15ec Impcd - ok 16:31:29.0630 0x15ec [ 235362D403D9D677514649D88DB31914, 522F5BA88169ADEC1EEB595BFBBCD6417DF38CD93A0D2B2FD0AF4C907FF6D965 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 16:31:29.0724 0x15ec IntcAzAudAddService - ok 16:31:29.0786 0x15ec [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys 16:31:29.0786 0x15ec intelide - ok 16:31:29.0802 0x15ec [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 16:31:29.0802 0x15ec intelppm - ok 16:31:29.0849 0x15ec [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll 16:31:29.0849 0x15ec IPBusEnum - ok 16:31:29.0895 0x15ec [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 16:31:29.0895 0x15ec IpFilterDriver - ok 16:31:29.0973 0x15ec [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 16:31:29.0989 0x15ec iphlpsvc - ok 16:31:30.0036 0x15ec [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 16:31:30.0051 0x15ec IPMIDRV - ok 16:31:30.0067 0x15ec [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys 16:31:30.0067 0x15ec IPNAT - ok 16:31:30.0161 0x15ec [ 7FAE5B6CDB18B0B2E81F32869F595022, D873A7EE94749E1700E8F6B8BB7B485AE1B0B83388D63BE06335720498D4794F ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 16:31:30.0176 0x15ec iPod Service - ok 16:31:30.0192 0x15ec [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys 16:31:30.0192 0x15ec IRENUM - ok 16:31:30.0254 0x15ec [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys 16:31:30.0254 0x15ec isapnp - ok 16:31:30.0317 0x15ec [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 16:31:30.0317 0x15ec iScsiPrt - ok 16:31:30.0363 0x15ec [ 37E053A2CF8F0082B689ED74106E0CEC, 431D3A3212152A76878C9CA347056B62B2A5A3E0211C4D930639C426EE73A0B7 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys 16:31:30.0379 0x15ec k57nd60a - ok 16:31:30.0426 0x15ec [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 16:31:30.0426 0x15ec kbdclass - ok 16:31:30.0488 0x15ec [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 16:31:30.0488 0x15ec kbdhid - ok 16:31:30.0504 0x15ec [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] KeyIso C:\Windows\system32\lsass.exe 16:31:30.0504 0x15ec KeyIso - ok 16:31:30.0551 0x15ec [ BF69D973523D539A35807946C6DA7E16, 38F2C59B0857131961DBEA48C4A5DFA9BE7B564941935086B8DC8DBEF896F3EC ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 16:31:30.0551 0x15ec KSecDD - ok 16:31:30.0597 0x15ec [ 272C27711C8AA6E7815EE33F8ACA9C66, 0A5A10A7A3E87DB92E06395A6676B94FE8B7AD6704864075D443CDC9BABDB4DF ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 16:31:30.0613 0x15ec KSecPkg - ok 16:31:30.0644 0x15ec [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 16:31:30.0644 0x15ec ksthunk - ok 16:31:30.0691 0x15ec [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll 16:31:30.0691 0x15ec KtmRm - ok 16:31:30.0769 0x15ec [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\System32\srvsvc.dll 16:31:30.0769 0x15ec LanmanServer - ok 16:31:30.0816 0x15ec [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 16:31:30.0816 0x15ec LanmanWorkstation - ok 16:31:30.0863 0x15ec [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 16:31:30.0863 0x15ec lltdio - ok 16:31:30.0909 0x15ec [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll 16:31:30.0909 0x15ec lltdsvc - ok 16:31:30.0925 0x15ec [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll 16:31:30.0925 0x15ec lmhosts - ok 16:31:31.0003 0x15ec [ DBC1136A62BD4DECC3632DF650284C2E, 2D6344357D21A9062019C7DDF3DB440ABC724CDA925471BBFA8CCAC65E6A2C80 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 16:31:31.0003 0x15ec LMS - ok 16:31:31.0050 0x15ec [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 16:31:31.0050 0x15ec LSI_FC - ok 16:31:31.0065 0x15ec [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 16:31:31.0065 0x15ec LSI_SAS - ok 16:31:31.0081 0x15ec [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 16:31:31.0081 0x15ec LSI_SAS2 - ok 16:31:31.0097 0x15ec [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 16:31:31.0097 0x15ec LSI_SCSI - ok 16:31:31.0128 0x15ec [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys 16:31:31.0128 0x15ec luafv - ok 16:31:31.0175 0x15ec [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 16:31:31.0175 0x15ec Mcx2Svc - ok 16:31:31.0190 0x15ec [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 16:31:31.0206 0x15ec megasas - ok 16:31:31.0221 0x15ec [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 16:31:31.0221 0x15ec MegaSR - ok 16:31:31.0237 0x15ec [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll 16:31:31.0253 0x15ec MMCSS - ok 16:31:31.0253 0x15ec [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys 16:31:31.0253 0x15ec Modem - ok 16:31:31.0284 0x15ec [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 16:31:31.0284 0x15ec monitor - ok 16:31:31.0346 0x15ec [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 16:31:31.0362 0x15ec mouclass - ok 16:31:31.0377 0x15ec [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 16:31:31.0377 0x15ec mouhid - ok 16:31:31.0424 0x15ec [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 16:31:31.0424 0x15ec mountmgr - ok 16:31:31.0502 0x15ec [ 9FC679D10A7377BB04ECC3D0E2E26B53, 24ACD4EC1618A052C29E4463138B28F62C8B78D442DB82F4925E64FC5849A096 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 16:31:31.0502 0x15ec MozillaMaintenance - ok 16:31:31.0549 0x15ec [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys 16:31:31.0565 0x15ec mpio - ok 16:31:31.0596 0x15ec [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 16:31:31.0611 0x15ec mpsdrv - ok 16:31:31.0674 0x15ec [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll 16:31:31.0705 0x15ec MpsSvc - ok 16:31:31.0783 0x15ec [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 16:31:31.0799 0x15ec MRxDAV - ok 16:31:31.0845 0x15ec [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 16:31:31.0845 0x15ec mrxsmb - ok 16:31:31.0892 0x15ec [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 16:31:31.0908 0x15ec mrxsmb10 - ok 16:31:31.0908 0x15ec [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 16:31:31.0923 0x15ec mrxsmb20 - ok 16:31:31.0970 0x15ec [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys 16:31:31.0970 0x15ec msahci - ok 16:31:32.0017 0x15ec [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys 16:31:32.0017 0x15ec msdsm - ok 16:31:32.0033 0x15ec [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe 16:31:32.0048 0x15ec MSDTC - ok 16:31:32.0079 0x15ec [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys 16:31:32.0079 0x15ec Msfs - ok 16:31:32.0095 0x15ec [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 16:31:32.0111 0x15ec mshidkmdf - ok 16:31:32.0157 0x15ec [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 16:31:32.0157 0x15ec msisadrv - ok 16:31:32.0189 0x15ec [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 16:31:32.0189 0x15ec MSiSCSI - ok 16:31:32.0189 0x15ec msiserver - ok 16:31:32.0220 0x15ec [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 16:31:32.0220 0x15ec MSKSSRV - ok 16:31:32.0251 0x15ec [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 16:31:32.0251 0x15ec MSPCLOCK - ok 16:31:32.0251 0x15ec [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 16:31:32.0251 0x15ec MSPQM - ok 16:31:32.0313 0x15ec [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 16:31:32.0329 0x15ec MsRPC - ok 16:31:32.0376 0x15ec [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 16:31:32.0376 0x15ec mssmbios - ok 16:31:32.0391 0x15ec [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 16:31:32.0391 0x15ec MSTEE - ok 16:31:32.0407 0x15ec [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 16:31:32.0407 0x15ec MTConfig - ok 16:31:32.0423 0x15ec [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys 16:31:32.0423 0x15ec Mup - ok 16:31:32.0485 0x15ec [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll 16:31:32.0501 0x15ec napagent - ok 16:31:32.0532 0x15ec [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 16:31:32.0547 0x15ec NativeWifiP - ok 16:31:32.0625 0x15ec [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys 16:31:32.0657 0x15ec NDIS - ok 16:31:32.0672 0x15ec [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 16:31:32.0672 0x15ec NdisCap - ok 16:31:32.0703 0x15ec [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 16:31:32.0703 0x15ec NdisTapi - ok 16:31:32.0750 0x15ec [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 16:31:32.0750 0x15ec Ndisuio - ok 16:31:32.0813 0x15ec [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 16:31:32.0813 0x15ec NdisWan - ok 16:31:32.0859 0x15ec [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 16:31:32.0859 0x15ec NDProxy - ok 16:31:32.0891 0x15ec [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 16:31:32.0891 0x15ec NetBIOS - ok 16:31:32.0953 0x15ec [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 16:31:32.0953 0x15ec NetBT - ok 16:31:32.0969 0x15ec [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] Netlogon C:\Windows\system32\lsass.exe 16:31:32.0969 0x15ec Netlogon - ok 16:31:33.0000 0x15ec [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll 16:31:33.0015 0x15ec Netman - ok 16:31:33.0093 0x15ec [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 16:31:33.0093 0x15ec NetMsmqActivator - ok 16:31:33.0140 0x15ec [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 16:31:33.0140 0x15ec NetPipeActivator - ok 16:31:33.0156 0x15ec [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll 16:31:33.0156 0x15ec netprofm - ok 16:31:33.0171 0x15ec [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 16:31:33.0171 0x15ec NetTcpActivator - ok 16:31:33.0187 0x15ec [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 16:31:33.0187 0x15ec NetTcpPortSharing - ok 16:31:33.0218 0x15ec [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 16:31:33.0218 0x15ec nfrd960 - ok 16:31:33.0281 0x15ec [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll 16:31:33.0281 0x15ec NlaSvc - ok 16:31:33.0390 0x15ec [ 5839A8027D6D324A7CD494051A96628C, 474F2D0BB463ABE68D7C4D2C630860AED4B722EC62C616C91EE00AA965378382 ] NOBU C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe 16:31:33.0468 0x15ec NOBU - ok 16:31:33.0499 0x15ec [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys 16:31:33.0499 0x15ec Npfs - ok 16:31:33.0530 0x15ec [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll 16:31:33.0530 0x15ec nsi - ok 16:31:33.0546 0x15ec [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 16:31:33.0546 0x15ec nsiproxy - ok 16:31:33.0639 0x15ec [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 16:31:33.0702 0x15ec Ntfs - ok 16:31:33.0764 0x15ec [ 9A308FCDCCA98A15B6F62D36A272160E, 3991F70D42C1949067ED48CF4EB815E06360B077F6A2369AC76BF0892C3C33EE ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe 16:31:33.0764 0x15ec NTI IScheduleSvc - ok 16:31:33.0795 0x15ec [ EE3BA1024594D5D09E314F206B94069E, 34C8EC3DF1C3088D8A0442CAA4F5506665AFB2DF016709457ED2AB7DA45F53A6 ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys 16:31:33.0795 0x15ec NTIDrvr - ok 16:31:33.0811 0x15ec [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys 16:31:33.0811 0x15ec Null - ok 16:31:33.0873 0x15ec [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys 16:31:33.0873 0x15ec nvraid - ok 16:31:33.0905 0x15ec [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys 16:31:33.0905 0x15ec nvstor - ok 16:31:33.0967 0x15ec [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 16:31:33.0967 0x15ec nv_agp - ok 16:31:34.0029 0x15ec [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 16:31:34.0029 0x15ec ohci1394 - ok 16:31:34.0154 0x15ec [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 16:31:34.0154 0x15ec ose - ok 16:31:34.0373 0x15ec [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 16:31:34.0529 0x15ec osppsvc - ok 16:31:34.0731 0x15ec [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 16:31:34.0747 0x15ec p2pimsvc - ok 16:31:34.0778 0x15ec [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll 16:31:34.0794 0x15ec p2psvc - ok 16:31:34.0809 0x15ec [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys 16:31:34.0809 0x15ec Parport - ok 16:31:34.0872 0x15ec [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys 16:31:34.0872 0x15ec partmgr - ok 16:31:34.0919 0x15ec [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc C:\Windows\System32\pcasvc.dll 16:31:34.0934 0x15ec PcaSvc - ok 16:31:34.0981 0x15ec [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys 16:31:34.0981 0x15ec pci - ok 16:31:35.0028 0x15ec [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys 16:31:35.0028 0x15ec pciide - ok 16:31:35.0059 0x15ec [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 16:31:35.0075 0x15ec pcmcia - ok 16:31:35.0090 0x15ec [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys 16:31:35.0090 0x15ec pcw - ok 16:31:35.0153 0x15ec [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH C:\Windows\system32\drivers\peauth.sys 16:31:35.0168 0x15ec PEAUTH - ok 16:31:35.0262 0x15ec [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe 16:31:35.0262 0x15ec PerfHost - ok 16:31:35.0355 0x15ec [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll 16:31:35.0402 0x15ec pla - ok 16:31:35.0465 0x15ec [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 16:31:35.0480 0x15ec PlugPlay - ok 16:31:35.0511 0x15ec [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 16:31:35.0511 0x15ec PNRPAutoReg - ok 16:31:35.0543 0x15ec [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 16:31:35.0558 0x15ec PNRPsvc - ok 16:31:35.0605 0x15ec [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 16:31:35.0621 0x15ec PolicyAgent - ok 16:31:35.0667 0x15ec [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll 16:31:35.0667 0x15ec Power - ok 16:31:35.0730 0x15ec [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 16:31:35.0730 0x15ec PptpMiniport - ok 16:31:35.0761 0x15ec [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys 16:31:35.0761 0x15ec Processor - ok 16:31:35.0808 0x15ec [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll 16:31:35.0823 0x15ec ProfSvc - ok 16:31:35.0839 0x15ec [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] ProtectedStorage C:\Windows\system32\lsass.exe 16:31:35.0839 0x15ec ProtectedStorage - ok 16:31:35.0901 0x15ec [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys 16:31:35.0901 0x15ec Psched - ok 16:31:35.0979 0x15ec [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 16:31:36.0042 0x15ec ql2300 - ok 16:31:36.0073 0x15ec [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 16:31:36.0073 0x15ec ql40xx - ok 16:31:36.0104 0x15ec [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll 16:31:36.0120 0x15ec QWAVE - ok 16:31:36.0135 0x15ec [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 16:31:36.0135 0x15ec QWAVEdrv - ok 16:31:36.0151 0x15ec [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 16:31:36.0151 0x15ec RasAcd - ok 16:31:36.0198 0x15ec [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 16:31:36.0198 0x15ec RasAgileVpn - ok 16:31:36.0229 0x15ec [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll 16:31:36.0229 0x15ec RasAuto - ok 16:31:36.0276 0x15ec [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 16:31:36.0291 0x15ec Rasl2tp - ok 16:31:36.0354 0x15ec [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll 16:31:36.0369 0x15ec RasMan - ok 16:31:36.0416 0x15ec [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 16:31:36.0416 0x15ec RasPppoe - ok 16:31:36.0447 0x15ec [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 16:31:36.0447 0x15ec RasSstp - ok 16:31:36.0510 0x15ec [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 16:31:36.0525 0x15ec rdbss - ok 16:31:36.0541 0x15ec [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 16:31:36.0541 0x15ec rdpbus - ok 16:31:36.0557 0x15ec [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 16:31:36.0557 0x15ec RDPCDD - ok 16:31:36.0588 0x15ec [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 16:31:36.0588 0x15ec RDPENCDD - ok 16:31:36.0603 0x15ec [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 16:31:36.0603 0x15ec RDPREFMP - ok 16:31:36.0650 0x15ec [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 16:31:36.0650 0x15ec RDPWD - ok 16:31:36.0713 0x15ec [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 16:31:36.0713 0x15ec rdyboost - ok 16:31:36.0759 0x15ec [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll 16:31:36.0759 0x15ec RemoteAccess - ok 16:31:36.0791 0x15ec [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll 16:31:36.0806 0x15ec RemoteRegistry - ok 16:31:36.0822 0x15ec [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 16:31:36.0822 0x15ec RpcEptMapper - ok 16:31:36.0837 0x15ec [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe 16:31:36.0837 0x15ec RpcLocator - ok 16:31:36.0900 0x15ec [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll 16:31:36.0915 0x15ec RpcSs - ok 16:31:36.0931 0x15ec [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 16:31:36.0947 0x15ec rspndr - ok 16:31:36.0978 0x15ec [ 763AE0C6D9DF4C24B7E2C26036A8188A, 1728D9BDF910324988B3D28459AB0A15C57CBBA79D2DFE377342DF3486BA9D48 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys 16:31:36.0993 0x15ec RSUSBSTOR - ok 16:31:37.0040 0x15ec [ D6D381B76056C668679723938F06F16C, A26C35EB588BF32F5CD22554BE5A05380D50FF1B7D399687EE50DC24C32DA341 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys 16:31:37.0040 0x15ec RTHDMIAzAudService - ok 16:31:37.0056 0x15ec [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] SamSs C:\Windows\system32\lsass.exe 16:31:37.0056 0x15ec SamSs - ok 16:31:37.0103 0x15ec [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 16:31:37.0103 0x15ec sbp2port - ok 16:31:37.0134 0x15ec [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll 16:31:37.0149 0x15ec SCardSvr - ok 16:31:37.0196 0x15ec [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 16:31:37.0196 0x15ec scfilter - ok 16:31:37.0274 0x15ec [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll 16:31:37.0305 0x15ec Schedule - ok 16:31:37.0368 0x15ec [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll 16:31:37.0368 0x15ec SCPolicySvc - ok 16:31:37.0415 0x15ec [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll 16:31:37.0430 0x15ec SDRSVC - ok 16:31:37.0461 0x15ec [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys 16:31:37.0461 0x15ec secdrv - ok 16:31:37.0508 0x15ec [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll 16:31:37.0508 0x15ec seclogon - ok 16:31:37.0539 0x15ec [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\system32\sens.dll 16:31:37.0539 0x15ec SENS - ok 16:31:37.0539 0x15ec [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll 16:31:37.0539 0x15ec SensrSvc - ok 16:31:37.0555 0x15ec [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 16:31:37.0555 0x15ec Serenum - ok 16:31:37.0602 0x15ec [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys 16:31:37.0602 0x15ec Serial - ok 16:31:37.0649 0x15ec [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 16:31:37.0649 0x15ec sermouse - ok 16:31:37.0711 0x15ec [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll 16:31:37.0711 0x15ec SessionEnv - ok 16:31:37.0758 0x15ec [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 16:31:37.0758 0x15ec sffdisk - ok 16:31:37.0773 0x15ec [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 16:31:37.0773 0x15ec sffp_mmc - ok 16:31:37.0789 0x15ec [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 16:31:37.0789 0x15ec sffp_sd - ok 16:31:37.0820 0x15ec [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 16:31:37.0820 0x15ec sfloppy - ok 16:31:37.0883 0x15ec [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll 16:31:37.0898 0x15ec SharedAccess - ok 16:31:37.0976 0x15ec [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 16:31:37.0992 0x15ec ShellHWDetection - ok 16:31:38.0023 0x15ec [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 16:31:38.0023 0x15ec SiSRaid2 - ok 16:31:38.0039 0x15ec [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 16:31:38.0039 0x15ec SiSRaid4 - ok 16:31:38.0132 0x15ec [ F6EF225A23D336CA30001E5007644C24, B0A4B1256C1074F1B4F73E3BBA16FD4683D6EEA583DEEF8E11EFD29BA7541F2A ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 16:31:38.0148 0x15ec SkypeUpdate - ok 16:31:38.0163 0x15ec [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys 16:31:38.0163 0x15ec Smb - ok 16:31:38.0195 0x15ec [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 16:31:38.0195 0x15ec SNMPTRAP - ok 16:31:38.0195 0x15ec [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys 16:31:38.0195 0x15ec spldr - ok 16:31:38.0257 0x15ec [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe 16:31:38.0288 0x15ec Spooler - ok 16:31:38.0444 0x15ec [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe 16:31:38.0553 0x15ec sppsvc - ok 16:31:38.0585 0x15ec [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll 16:31:38.0585 0x15ec sppuinotify - ok 16:31:38.0647 0x15ec [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys 16:31:38.0663 0x15ec srv - ok 16:31:38.0678 0x15ec [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 16:31:38.0678 0x15ec srv2 - ok 16:31:38.0709 0x15ec [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 16:31:38.0709 0x15ec srvnet - ok 16:31:38.0725 0x15ec [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 16:31:38.0725 0x15ec SSDPSRV - ok 16:31:38.0741 0x15ec [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll 16:31:38.0741 0x15ec SstpSvc - ok 16:31:38.0772 0x15ec [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 16:31:38.0772 0x15ec stexstor - ok 16:31:38.0834 0x15ec [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys 16:31:38.0834 0x15ec StillCam - ok 16:31:38.0912 0x15ec [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll 16:31:38.0928 0x15ec stisvc - ok 16:31:38.0990 0x15ec [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys 16:31:38.0990 0x15ec swenum - ok 16:31:39.0021 0x15ec [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll 16:31:39.0037 0x15ec swprv - ok 16:31:39.0099 0x15ec [ 064A2530A4A7C7CEC1BE6A1945645BE4, 06E4B59B6BFCEE1E2F1EDED77621C9DFED09F460E94065E528A2F746B568193D ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 16:31:39.0099 0x15ec SynTP - ok 16:31:39.0193 0x15ec [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll 16:31:39.0240 0x15ec SysMain - ok 16:31:39.0302 0x15ec [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll 16:31:39.0302 0x15ec TabletInputService - ok 16:31:39.0349 0x15ec [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll 16:31:39.0365 0x15ec TapiSrv - ok 16:31:39.0380 0x15ec [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll 16:31:39.0396 0x15ec TBS - ok 16:31:39.0489 0x15ec [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 16:31:39.0536 0x15ec Tcpip - ok 16:31:39.0630 0x15ec [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 16:31:39.0645 0x15ec TCPIP6 - ok 16:31:39.0708 0x15ec [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 16:31:39.0708 0x15ec tcpipreg - ok 16:31:39.0723 0x15ec [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 16:31:39.0723 0x15ec TDPIPE - ok 16:31:39.0770 0x15ec [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 16:31:39.0786 0x15ec TDTCP - ok 16:31:39.0833 0x15ec [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx C:\Windows\system32\DRIVERS\tdx.sys 16:31:39.0833 0x15ec tdx - ok 16:31:39.0879 0x15ec [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys 16:31:39.0879 0x15ec TermDD - ok 16:31:39.0957 0x15ec [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll 16:31:39.0989 0x15ec TermService - ok 16:31:40.0020 0x15ec [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll 16:31:40.0020 0x15ec Themes - ok 16:31:40.0051 0x15ec [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll 16:31:40.0051 0x15ec THREADORDER - ok 16:31:40.0067 0x15ec [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll 16:31:40.0067 0x15ec TrkWks - ok 16:31:40.0145 0x15ec [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 16:31:40.0145 0x15ec TrustedInstaller - ok 16:31:40.0191 0x15ec [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 16:31:40.0191 0x15ec tssecsrv - ok 16:31:40.0269 0x15ec [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 16:31:40.0269 0x15ec TsUsbFlt - ok 16:31:40.0332 0x15ec [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 16:31:40.0332 0x15ec tunnel - ok 16:31:40.0363 0x15ec [ 825E7A1F48FB8BCFBA27C178AAB4E275, 94F039917B52BEFFFE383E14A6169AE81B6E79C30BA7DD017A9CFE15708A1605 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys 16:31:40.0363 0x15ec TurboB - ok 16:31:40.0394 0x15ec [ B206BE1174D5964D49A56BB6C4E0524A, 9D7DA11220B69E2EDEA9E55EC0E4CB554DD7F638ABF49B76353CE5A5C75965B8 ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe 16:31:40.0394 0x15ec TurboBoost - ok 16:31:40.0441 0x15ec [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 16:31:40.0441 0x15ec uagp35 - ok 16:31:40.0457 0x15ec [ A17D5E1A6DF4EAB0A480F2C490DE4C9D, 1EA835F172B6BF3D7F496E079DF1CDF00122B2110C08D61427582BC9405D2B7B ] UBHelper C:\Windows\system32\drivers\UBHelper.sys 16:31:40.0457 0x15ec UBHelper - ok 16:31:40.0519 0x15ec [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 16:31:40.0519 0x15ec udfs - ok 16:31:40.0566 0x15ec [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe 16:31:40.0566 0x15ec UI0Detect - ok 16:31:40.0628 0x15ec [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 16:31:40.0628 0x15ec uliagpkx - ok 16:31:40.0675 0x15ec [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys 16:31:40.0675 0x15ec umbus - ok 16:31:40.0706 0x15ec [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 16:31:40.0706 0x15ec UmPass - ok 16:31:40.0831 0x15ec [ 7466809E6DA561D60C2F1CE8EDE3C73F, A3185049282A51B17C3DA839AF7E90F1CD395B2FB5587514EB2D65CB22854E2C ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 16:31:40.0909 0x15ec UNS - ok 16:31:40.0987 0x15ec [ F9EC9ACD504D823D9B9CA98A4F8D3CA2, 58DAD5111C598F14CB199FE6A61FA5918F29513B778A8664FD05EFAB3C665D4F ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe 16:31:40.0987 0x15ec Updater Service - ok 16:31:41.0034 0x15ec [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll 16:31:41.0034 0x15ec upnphost - ok 16:31:41.0096 0x15ec [ 5C3BE22E485B9BF11FCEFDC676C728D0, F55061066ECF6920D56518A677BB538C18B7F1BB150ED6DB3591408F44E8D53A ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 16:31:41.0112 0x15ec USBAAPL64 - ok 16:31:41.0159 0x15ec [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 16:31:41.0159 0x15ec usbccgp - ok 16:31:41.0221 0x15ec [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys 16:31:41.0221 0x15ec usbcir - ok 16:31:41.0268 0x15ec [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\drivers\usbehci.sys 16:31:41.0268 0x15ec usbehci - ok 16:31:41.0315 0x15ec [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 16:31:41.0330 0x15ec usbhub - ok 16:31:41.0377 0x15ec [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys 16:31:41.0377 0x15ec usbohci - ok 16:31:41.0408 0x15ec [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 16:31:41.0408 0x15ec usbprint - ok 16:31:41.0471 0x15ec [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\Windows\system32\drivers\usbscan.sys 16:31:41.0471 0x15ec usbscan - ok 16:31:41.0517 0x15ec [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 16:31:41.0517 0x15ec USBSTOR - ok 16:31:41.0564 0x15ec [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 16:31:41.0564 0x15ec usbuhci - ok 16:31:41.0642 0x15ec [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys 16:31:41.0642 0x15ec usbvideo - ok 16:31:41.0705 0x15ec [ 7B28E2FBE75115660FAB31079C0A9F29, 81BB5A3E64B652A672A0782A88ABF6DDD729D38712D0706CE0FB9DE6D1EE1515 ] usb_rndisx C:\Windows\system32\drivers\usb8023x.sys 16:31:41.0705 0x15ec usb_rndisx - ok 16:31:41.0736 0x15ec [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll 16:31:41.0736 0x15ec UxSms - ok 16:31:41.0751 0x15ec [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] VaultSvc C:\Windows\system32\lsass.exe 16:31:41.0751 0x15ec VaultSvc - ok 16:31:41.0814 0x15ec [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 16:31:41.0814 0x15ec vdrvroot - ok 16:31:41.0876 0x15ec [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe 16:31:41.0892 0x15ec vds - ok 16:31:41.0939 0x15ec [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 16:31:41.0939 0x15ec vga - ok 16:31:41.0939 0x15ec [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys 16:31:41.0939 0x15ec VgaSave - ok 16:31:42.0001 0x15ec [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 16:31:42.0001 0x15ec vhdmp - ok 16:31:42.0048 0x15ec [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys 16:31:42.0048 0x15ec viaide - ok 16:31:42.0110 0x15ec [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys 16:31:42.0110 0x15ec volmgr - ok 16:31:42.0173 0x15ec [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 16:31:42.0173 0x15ec volmgrx - ok 16:31:42.0235 0x15ec [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys 16:31:42.0235 0x15ec volsnap - ok 16:31:42.0282 0x15ec [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 16:31:42.0282 0x15ec vsmraid - ok 16:31:42.0375 0x15ec [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe 16:31:42.0422 0x15ec VSS - ok 16:31:42.0438 0x15ec [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 16:31:42.0453 0x15ec vwifibus - ok 16:31:42.0453 0x15ec [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 16:31:42.0453 0x15ec vwififlt - ok 16:31:42.0500 0x15ec [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 16:31:42.0500 0x15ec vwifimp - ok 16:31:42.0531 0x15ec [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll 16:31:42.0547 0x15ec W32Time - ok 16:31:42.0563 0x15ec [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 16:31:42.0563 0x15ec WacomPen - ok 16:31:42.0641 0x15ec [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 16:31:42.0641 0x15ec WANARP - ok 16:31:42.0641 0x15ec [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 16:31:42.0641 0x15ec Wanarpv6 - ok 16:31:42.0734 0x15ec [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 16:31:42.0781 0x15ec WatAdminSvc - ok 16:31:42.0875 0x15ec [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe 16:31:42.0937 0x15ec wbengine - ok 16:31:42.0968 0x15ec [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 16:31:42.0968 0x15ec WbioSrvc - ok 16:31:43.0031 0x15ec [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll 16:31:43.0046 0x15ec wcncsvc - ok 16:31:43.0077 0x15ec [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 16:31:43.0077 0x15ec WcsPlugInService - ok 16:31:43.0109 0x15ec [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys 16:31:43.0109 0x15ec Wd - ok 16:31:43.0187 0x15ec [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 16:31:43.0218 0x15ec Wdf01000 - ok 16:31:43.0280 0x15ec [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost C:\Windows\system32\wdi.dll 16:31:43.0280 0x15ec WdiServiceHost - ok 16:31:43.0280 0x15ec [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost C:\Windows\system32\wdi.dll 16:31:43.0280 0x15ec WdiSystemHost - ok 16:31:43.0343 0x15ec [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll 16:31:43.0343 0x15ec WebClient - ok 16:31:43.0374 0x15ec [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll 16:31:43.0389 0x15ec Wecsvc - ok 16:31:43.0405 0x15ec [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll 16:31:43.0405 0x15ec wercplsupport - ok 16:31:43.0436 0x15ec [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll 16:31:43.0436 0x15ec WerSvc - ok 16:31:43.0467 0x15ec [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 16:31:43.0467 0x15ec WfpLwf - ok 16:31:43.0467 0x15ec [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys 16:31:43.0483 0x15ec WIMMount - ok 16:31:43.0514 0x15ec WinDefend - ok 16:31:43.0545 0x15ec WinHttpAutoProxySvc - ok 16:31:43.0623 0x15ec [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 16:31:43.0623 0x15ec Winmgmt - ok 16:31:43.0717 0x15ec [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\Windows\system32\WsmSvc.dll 16:31:43.0796 0x15ec WinRM - ok 16:31:43.0874 0x15ec [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 16:31:43.0874 0x15ec WinUsb - ok 16:31:43.0921 0x15ec [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll 16:31:43.0952 0x15ec Wlansvc - ok 16:31:43.0999 0x15ec [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 16:31:43.0999 0x15ec WmiAcpi - ok 16:31:44.0030 0x15ec [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 16:31:44.0030 0x15ec wmiApSrv - ok 16:31:44.0061 0x15ec WMPNetworkSvc - ok 16:31:44.0108 0x15ec [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll 16:31:44.0108 0x15ec WPCSvc - ok 16:31:44.0155 0x15ec [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 16:31:44.0155 0x15ec WPDBusEnum - ok 16:31:44.0170 0x15ec [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 16:31:44.0170 0x15ec ws2ifsl - ok 16:31:44.0217 0x15ec [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\system32\wscsvc.dll 16:31:44.0233 0x15ec wscsvc - ok 16:31:44.0280 0x15ec [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys 16:31:44.0280 0x15ec WSDPrintDevice - ok 16:31:44.0342 0x15ec [ 4A2A5C50DD1A63577D3ACA94269FBC7F, F75C1906D431CF871AD954218DF32A0F206E45FF49332DEF9F13C0A36A407047 ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys 16:31:44.0342 0x15ec WSDScan - ok 16:31:44.0342 0x15ec WSearch - ok 16:31:44.0482 0x15ec [ 88D5841677EF05E1E0CF6217A1F9FD18, 9E5B60161316979B8A2DC301D0C1A7072ED1C9654D75EF7D689798678C9ECA53 ] WTGService C:\Program Files (x86)\XSManager\WTGService.exe 16:31:44.0482 0x15ec WTGService - ok 16:31:44.0623 0x15ec [ 0814A74C853F50B354F08F83DDA9F7FB, 0A63BAA8DE451B8C2C71FEF961718E769B9BAC305C76D24048C664CB27D0DF28 ] wuauserv C:\Windows\system32\wuaueng.dll 16:31:44.0701 0x15ec wuauserv - ok 16:31:44.0763 0x15ec [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 16:31:44.0763 0x15ec WudfPf - ok 16:31:44.0810 0x15ec [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 16:31:44.0810 0x15ec WUDFRd - ok 16:31:44.0872 0x15ec [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 16:31:44.0872 0x15ec wudfsvc - ok 16:31:44.0919 0x15ec [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll 16:31:44.0935 0x15ec WwanSvc - ok 16:31:44.0982 0x15ec ================ Scan global =============================== 16:31:45.0013 0x15ec [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll 16:31:45.0075 0x15ec [ 2313AF8D5A9CEB4A55400A01DD311A95, A5779FE967EA2703E86BEDC32CD736617AF278C72048228F038DFC628E1E0AA2 ] C:\Windows\system32\winsrv.dll 16:31:45.0091 0x15ec [ 2313AF8D5A9CEB4A55400A01DD311A95, A5779FE967EA2703E86BEDC32CD736617AF278C72048228F038DFC628E1E0AA2 ] C:\Windows\system32\winsrv.dll 16:31:45.0122 0x15ec [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll 16:31:45.0169 0x15ec [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe 16:31:45.0184 0x15ec [ Global ] - ok 16:31:45.0184 0x15ec ================ Scan MBR ================================== 16:31:45.0184 0x15ec [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 16:31:45.0512 0x15ec \Device\Harddisk0\DR0 - ok 16:31:45.0512 0x15ec ================ Scan VBR ================================== 16:31:45.0512 0x15ec [ A24D36F1A310F562923C78325CFE7DAA ] \Device\Harddisk0\DR0\Partition1 16:31:45.0543 0x15ec \Device\Harddisk0\DR0\Partition1 - ok 16:31:45.0559 0x15ec [ EC0D479D10A798393AEFF1195ABEDEA9 ] \Device\Harddisk0\DR0\Partition2 16:31:45.0590 0x15ec \Device\Harddisk0\DR0\Partition2 - ok 16:31:45.0590 0x15ec ================ Scan generic autorun ====================== 16:31:45.0949 0x15ec [ 8CB8E0C93C5459B45BE1FA628FB0D761, F06830359F11515BA1CA5EC061F5B254E5A4676FBEC8AFAC23B56BB413B7E63F ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe 16:31:46.0276 0x15ec RtHDVCpl - ok 16:31:46.0276 0x15ec SynTPEnh - ok 16:31:46.0401 0x15ec [ 147B96A5AEA8CEF3A34D8E378EAAA9B2, AC60E8184AC0DF277C26617AAD06F13A315B459AE47D9093161FB3DD652195B1 ] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe 16:31:46.0432 0x15ec Acer ePower Management - ok 16:31:46.0479 0x15ec [ 9ECF375A6E4E74D056F4B54E76D58721, 29C89504C369CC40BC6BEDE965F52736CB01FA70644059392C912FFB35C4ED0A ] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe 16:31:46.0479 0x15ec IAStorIcon - ok 16:31:46.0526 0x15ec [ 94F80155B91B8DF7A0EAD527C853D377, 3E35B686DB526592F2ABF4B3E6EAACE1E784A5552C1CE074E85661388E66C153 ] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe 16:31:46.0526 0x15ec BackupManagerTray - ok 16:31:46.0604 0x15ec [ 08544009D6125F01198505EA4D8711A3, D84E61DC2E6F3B34CD895D8052376F767A3DA571BB0DB174ECB2D7A3BB0C0440 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe 16:31:46.0604 0x15ec StartCCC - ok 16:31:46.0698 0x15ec [ 42CDFB2273EEC623B903C311B19FB484, D0FF021BF53FB6CB994D2455D9B5AE69EC2990216738424731D5EAFBA8EE8506 ] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe 16:31:46.0698 0x15ec AppleSyncNotifier - ok 16:31:46.0791 0x15ec [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe 16:31:46.0807 0x15ec Adobe ARM - ok 16:31:46.0869 0x15ec [ 7DFCCC67990B6DE7F30F553A4E4612A4, 9FF98D6FD2539CEFC9F42103A7F72388BED6EE590400559B92BC7430228DA36A ] C:\Program Files (x86)\RocketDock\RocketDock.exe 16:31:46.0885 0x15ec RocketDock - ok 16:31:47.0025 0x15ec [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] C:\Users\Ghafar Rahim\AppData\Local\Google\Update\GoogleUpdate.exe 16:31:47.0041 0x15ec Google Update - ok 16:31:47.0228 0x15ec [ 08DFA176E4FC0E63ACD8EC854449D2B0, B8CA204C3F318CD9D12F61CDDA5C66184A48D6206F019AD11DB2605FDBEB288D ] C:\Users\Ghafar Rahim\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe 16:31:47.0275 0x15ec Spotify Web Helper - ok 16:31:47.0275 0x15ec Waiting for KSN requests completion. In queue: 65 16:31:48.0289 0x15ec Waiting for KSN requests completion. In queue: 65 16:31:49.0303 0x15ec Waiting for KSN requests completion. In queue: 65 16:31:50.0332 0x15ec Win FW state via NFP2: disabled 16:31:53.0062 0x15ec ============================================================ 16:31:53.0062 0x15ec Scan finished 16:31:53.0062 0x15ec ============================================================ 16:31:53.0062 0x0c08 Detected object count: 0 16:31:53.0062 0x0c08 Actual detected object count: 0 |
|
02.07.2015, 06:28
| #6 |
| /// the machine /// TB-Ausbilder | Unbekanntes Problem mit meinem Acer Laptop So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Scan mit Combofix
__________________ --> Unbekanntes Problem mit meinem Acer Laptop |
|
02.07.2015, 10:19
| #7 |
| | Unbekanntes Problem mit meinem Acer LaptopCode:
ATTFilter ComboFix 15-06-30.01 - Ghafar Rahim 02.07.2015 10:37:15.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.2551.1595 [GMT 2:00]
ausgeführt von:: c:\users\Ghafar Rahim\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\wininit.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-06-02 bis 2015-07-02 ))))))))))))))))))))))))))))))
.
.
2015-07-02 08:55 . 2015-07-02 08:55 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-07-02 08:55 . 2015-07-02 08:55 -------- d-----w- c:\users\Gast\AppData\Local\temp
2015-07-02 08:55 . 2015-07-02 08:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-07-01 11:29 . 2015-07-01 13:34 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-06-30 10:15 . 2015-06-12 07:50 12221144 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FBE145B0-4137-4318-9404-009C040C8316}\mpengine.dll
2015-06-25 22:28 . 2015-06-25 22:28 -------- d-----w- c:\users\Ghafar Rahim\AppData\Local\Skype
2015-06-24 12:36 . 2015-06-24 12:38 -------- d-----w- C:\FRST
2015-06-24 09:27 . 2015-06-24 09:27 18174128 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2015-06-18 11:33 . 2015-06-01 19:16 814288 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2015-06-18 11:32 . 2015-05-25 18:19 728576 ----a-w- c:\windows\system32\kerberos.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-01 19:30 . 2012-08-28 17:00 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-07-01 19:30 . 2011-11-06 09:20 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-01 12:33 . 2014-11-11 13:18 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-07-01 12:33 . 2014-11-11 13:17 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-06-19 15:00 . 2013-07-05 11:38 140135120 ----a-w- c:\windows\system32\MRT.exe
2015-05-25 18:01 . 2015-06-18 11:32 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-05-19 11:11 . 2015-03-23 01:29 627920 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2015-05-01 13:17 . 2015-05-13 09:12 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-01 13:16 . 2015-05-13 09:12 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-04-20 03:17 . 2015-05-13 05:31 1647104 ----a-w- c:\windows\system32\DWrite.dll
2015-04-20 03:17 . 2015-05-13 05:31 1179136 ----a-w- c:\windows\system32\FntCache.dll
2015-04-20 02:56 . 2015-05-13 05:30 1250816 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-04-18 03:10 . 2015-05-13 05:32 460800 ----a-w- c:\windows\system32\certcli.dll
2015-04-18 02:56 . 2015-05-13 05:32 342016 ----a-w- c:\windows\SysWow64\certcli.dll
2015-04-14 01:38 . 2015-04-14 01:38 1217192 ----a-w- c:\windows\SysWow64\FM20.DLL
2015-04-13 03:28 . 2015-05-13 05:31 328704 ----a-w- c:\windows\system32\services.exe
2015-04-08 03:29 . 2015-05-13 05:30 275456 ----a-w- c:\windows\system32\InkEd.dll
2015-04-08 03:29 . 2015-05-13 05:30 24576 ----a-w- c:\windows\system32\jnwmon.dll
2015-04-08 03:14 . 2015-05-13 05:30 216064 ----a-w- c:\windows\SysWow64\InkEd.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-05-28 09:31 1729752 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-05-28 09:31 1729752 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-05-28 09:31 1729752 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Ghafar Rahim\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Ghafar Rahim\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Ghafar Rahim\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Spotify Web Helper"="c:\users\Ghafar Rahim\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-12-17 1676344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-25 98304]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2013-12-06 186408]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2012-08-31 452272]
.
c:\users\Ghafar Rahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Mioplanet Battery Meter.lnk - c:\program files (x86)\Mioplanet Battery Meter\Mioplanet Battery Meter.exe "c:\program files (x86)\Mioplanet Battery Meter\Mioplanet Battery Meter.mio" "AUTOSTART" [2011-4-8 405511]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="c:\progra~3\Ip8n1qW.bat"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\DRIVERS\cmnsusbser.sys;c:\windows\SYSNATIVE\DRIVERS\cmnsusbser.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbfake.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 WTGService;WTGService;c:\program files (x86)\XSManager\WTGService.exe;c:\program files (x86)\XSManager\WTGService.exe [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2015-07-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-28 19:30]
.
2015-06-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-326697408-1932606760-2851138926-1001Core.job
- c:\users\Ghafar Rahim\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-03 21:31]
.
2015-07-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-326697408-1932606760-2851138926-1001UA.job
- c:\users\Ghafar Rahim\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-03 21:31]
.
2015-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-25 22:39]
.
2015-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-25 22:39]
.
2015-07-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-326697408-1932606760-2851138926-1001Core.job
- c:\users\Ghafar Rahim\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-09 11:44]
.
2015-07-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-326697408-1932606760-2851138926-1001UA.job
- c:\users\Ghafar Rahim\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-09 11:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-05-28 10:56 2334936 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-05-28 10:56 2334936 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-05-28 10:56 2334936 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Ghafar Rahim\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Ghafar Rahim\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Ghafar Rahim\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Ghafar Rahim\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://de.search.yahoo.com/?type=501549&fr=spigot-yhp-ie
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 192.168.0.56:8080
uInternet Settings,ProxyOverride = *.local;<local>
IE: An OneNote s&enden - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Ghafar Rahim\AppData\Roaming\Mozilla\Firefox\Profiles\1bmm9w0j.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: network.proxy.ftp - 192.168.0.1
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - 192.168.0.1
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - 192.168.0.1
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 192.168.0.1
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 192.168.0.1
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Lexmark 3500-4500 Series - c:\program files (x86) (x86)\Lexmark 3500-4500 Series\Install\x64\Uninst.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_190_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_190_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_190_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_190_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_190.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_190.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_190.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_190.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-07-02 11:04:28
ComboFix-quarantined-files.txt 2015-07-02 09:04
ComboFix2.txt 2013-05-06 11:47
ComboFix3.txt 2013-05-06 11:11
.
Vor Suchlauf: 17 Verzeichnis(se), 139.870.564.352 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 139.553.656.832 Bytes frei
.
- - End Of File - - A23811E9944700B4B52FFF1A0BC5309C
der PC ist signifikant langsamer geworden, bzw. er reagiert sehr langsam. Hoffe das hilft irgendwie. Mit freundlichen Grüßen! |
|
02.07.2015, 17:05
| #8 |
| /// the machine /// TB-Ausbilder | Unbekanntes Problem mit meinem Acer Laptop Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
03.07.2015, 13:24
| #9 |
| | Unbekanntes Problem mit meinem Acer LaptopCode:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Update, 03.07.2015 12:26, SYSTEM, GHAFARRAHIM-PC, Manual, Remediation Database, 2015.3.9.1, 2015.7.1.2, Update, 03.07.2015 12:26, SYSTEM, GHAFARRAHIM-PC, Manual, Domain Database, 0.0.0.0, 2015.6.12.1, Update, 03.07.2015 12:26, SYSTEM, GHAFARRAHIM-PC, Manual, IP Database, 0.0.0.0, 2015.6.12.1, Update, 03.07.2015 12:26, SYSTEM, GHAFARRAHIM-PC, Manual, Rootkit Database, 2015.2.25.1, 2015.7.1.1, Update, 03.07.2015 12:27, SYSTEM, GHAFARRAHIM-PC, Manual, Malware Database, 2015.3.9.5, 2015.7.3.1, Update, 03.07.2015 12:27, SYSTEM, GHAFARRAHIM-PC, Manual, program, 2.1.6.1022, 2.1.8.0, Error, 03.07.2015 12:29, SYSTEM, GHAFARRAHIM-PC, Update, Bad md5 or size: akadomains, 11, Error, 03.07.2015 12:29, SYSTEM, GHAFARRAHIM-PC, Update, Bad md5 or size: akaips, 11, Update, 03.07.2015 12:29, SYSTEM, GHAFARRAHIM-PC, Manual, Remediation Database, 2015.5.13.1, 2015.7.1.2, Update, 03.07.2015 12:29, SYSTEM, GHAFARRAHIM-PC, Manual, Domain Database, 0.0.0.0, 2015.6.12.1, Update, 03.07.2015 12:29, SYSTEM, GHAFARRAHIM-PC, Manual, IP Database, 0.0.0.0, 2015.6.12.1, Update, 03.07.2015 12:29, SYSTEM, GHAFARRAHIM-PC, Manual, Rootkit Database, 2015.6.2.1, 2015.7.1.1, Update, 03.07.2015 12:29, SYSTEM, GHAFARRAHIM-PC, Manual, AKA IP Database, 0.0.0.0, 2015.6.12.1, Update, 03.07.2015 12:29, SYSTEM, GHAFARRAHIM-PC, Manual, AKA Domain Database, 0.0.0.0, 2015.6.12.1, Update, 03.07.2015 12:29, SYSTEM, GHAFARRAHIM-PC, Manual, Malware Database, 2015.6.3.3, 2015.7.3.1, Update, 03.07.2015 12:30, SYSTEM, GHAFARRAHIM-PC, Manual, Malware Database, 2015.7.3.1, 2015.7.3.2, Scan, 03.07.2015 13:47, SYSTEM, GHAFARRAHIM-PC, Manual, Start: 03.07.2015 12:30, Dauer: 1 Std. 9 Min. 35 Sek., Bedrohungssuchlauf, Abgeschlossen, 0 Malware-Erkennung, 112 Nicht-Malware-Erkennungen, Error, 03.07.2015 13:49, SYSTEM, GHAFARRAHIM-PC, Protection, IsLicensed, 13, Protection, 03.07.2015 13:49, SYSTEM, GHAFARRAHIM-PC, Protection, Malware Protection, Stopping, Protection, 03.07.2015 13:49, SYSTEM, GHAFARRAHIM-PC, Protection, Malware Protection, Stopped, (end) Code:
ATTFilter # AdwCleaner v4.207 - Bericht erstellt 03/07/2015 um 13:55:59
# Aktualisiert 21/06/2015 von Xplode
# Datenbank : 2015-07-02.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Ghafar Rahim - GHAFARRAHIM-PC
# Gestarted von : C:\Users\Ghafar Rahim\Downloads\AdwCleaner_4.207.exe
# Option : Suchlauf
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\Users\Ghafar Rahim\AppData\Roaming\Mozilla\Firefox\Profiles\1bmm9w0j.default\user.js
Ordner Gefunden : C:\Program Files (x86)\Common Files\Tobit
Ordner Gefunden : C:\Program Files (x86)\GreenTree Applications
Ordner Gefunden : C:\Users\Ghafar Rahim\AppData\Local\Conduit
Ordner Gefunden : C:\Users\Ghafar Rahim\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Ghafar Rahim\AppData\Roaming\Tobit
***** [ Geplante Tasks ] *****
Task Gefunden : LaunchSignup
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Daten Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local;<local>
Daten Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - 192.168.0.56:8080
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : [x64] HKCU\Software\Conduit
Schlüssel Gefunden : [x64] HKCU\Software\OCS
Schlüssel Gefunden : [x64] HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gefunden : HKLM\SOFTWARE\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Wert Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [DefaultConnectionSettings]
Wert Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [SavedLegacySettings]
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17840
-\\ Mozilla Firefox v39.0 (x86 de)
[1bmm9w0j.default] - Zeile Gefunden : user_pref("CT2319825..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
[1bmm9w0j.default] - Zeile Gefunden : user_pref("CT2319825..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
[1bmm9w0j.default] - Zeile Gefunden : user_pref("CT2319825.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
[1bmm9w0j.default] - Zeile Gefunden : user_pref("CT2319825.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
[1bmm9w0j.default] - Zeile Gefunden : user_pref("CT2319825.InstallationType", "ConduitIntegration");
[1bmm9w0j.default] - Zeile Gefunden : user_pref("CT2319825.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
[1bmm9w0j.default] - Zeile Gefunden : user_pref("CT2319825.SearchEngineBeforeUnload", "Winload Customized Web Search");
[1bmm9w0j.default] - Zeile Gefunden : user_pref("CT2319825.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q=");
[1bmm9w0j.default] - Zeile Gefunden : user_pref("CT2319825.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
[1bmm9w0j.default] - Zeile Gefunden : user_pref("CT2319825.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
[1bmm9w0j.default] - Zeile Gefunden : user_pref("CT2319825.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2319825");
[1bmm9w0j.default] - Zeile Gefunden : user_pref("CT2319825.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
[1bmm9w0j.default] - Zeile Gefunden : user_pref("CT2319825.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
[1bmm9w0j.default] - Zeile Gefunden : user_pref("CT2319825.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
[1bmm9w0j.default] - Zeile Gefunden : user_pref("CT2319825.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
[1bmm9w0j.default] - Zeile Gefunden : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2319825&SearchSource=13");
[1bmm9w0j.default] - Zeile Gefunden : user_pref("CommunityToolbar.ConduitSearchList", "Winload Customized Web Search");
[1bmm9w0j.default] - Zeile Gefunden : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2319825", "\"1282729563\"");
[1bmm9w0j.default] - Zeile Gefunden : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2319825", "\"1282729563\"");
[1bmm9w0j.default] - Zeile Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=de", "oIwsta2spzadhjRgiY1Nhw==");
[1bmm9w0j.default] - Zeile Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=de", "WiZSpHJzJ/uTUKvfHHyj/w==");
[1bmm9w0j.default] - Zeile Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=de", "9H/gICSaMqbmx+Gd+8W4Sg==");
[1bmm9w0j.default] - Zeile Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=de", "eJfMrdrGnhGHiiPiYjgAww==");
[1bmm9w0j.default] - Zeile Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"07879643d3acc1:0\"");
[1bmm9w0j.default] - Zeile Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.0.10", "\"80ee9485875dcc1:0\"");
[1bmm9w0j.default] - Zeile Gefunden : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2319825", "\"634501322816130000\"");
[1bmm9w0j.default] - Zeile Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2319825&octid=CT2319825", "\"1313478201\"");
[1bmm9w0j.default] - Zeile Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=ct2319825&octid=CT2319825", "\"1313478201\"");
[1bmm9w0j.default] - Zeile Gefunden : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer_dead.gif", "\"0a8c48d3330c81:0\"");
[1bmm9w0j.default] - Zeile Gefunden : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/maxi.gif", "\"091b5fe2e30c81:0\"");
[1bmm9w0j.default] - Zeile Gefunden : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.gif", "\"0e2106f3030c81:0\"");
[1bmm9w0j.default] - Zeile Gefunden : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/pause.gif", "\"0d4e6ab4430c81:0\"");
[1bmm9w0j.default] - Zeile Gefunden : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif", "\"0f475394430c81:0\"");
[1bmm9w0j.default] - Zeile Gefunden : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play_mini.gif", "\"02fce414430c81:0\"");
[1bmm9w0j.default] - Zeile Gefunden : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif", "\"08d9ef44430c81:0\"");
[1bmm9w0j.default] - Zeile Gefunden : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif", "\"066e8863030c81:0\"");
[1bmm9w0j.default] - Zeile Gefunden : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"634510680517330000\"");
[1bmm9w0j.default] - Zeile Gefunden : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Ghafar Rahim\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\1bmm9w0j.default\\conduitCommon\\modules\\3.6.0.10");
[1bmm9w0j.default] - Zeile Gefunden : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.6.0.10");
[1bmm9w0j.default] - Zeile Gefunden : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
[1bmm9w0j.default] - Zeile Gefunden : user_pref("CommunityToolbar.ToolbarsList", "CT2319825");
[1bmm9w0j.default] - Zeile Gefunden : user_pref("CommunityToolbar.ToolbarsList2", "CT2319825");
[1bmm9w0j.default] - Zeile Gefunden : user_pref("CommunityToolbar.ToolbarsList4", "CT2319825");
[1bmm9w0j.default] - Zeile Gefunden : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sat Sep 10 2011 23:27:02 GMT+0200");
[1bmm9w0j.default] - Zeile Gefunden : user_pref("CommunityToolbar.globalUserId", "b05c4eb1-3196-4815-aa1e-a08f621f6450");
[1bmm9w0j.default] - Zeile Gefunden : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
[1bmm9w0j.default] - Zeile Gefunden : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
[1bmm9w0j.default] - Zeile Gefunden : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2319825");
[1bmm9w0j.default] - Zeile Gefunden : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sat Sep 10 2011 23:27:03 GMT+0200");
[1bmm9w0j.default] - Zeile Gefunden : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
[1bmm9w0j.default] - Zeile Gefunden : user_pref("CommunityToolbar.notifications.locale", "en");
[1bmm9w0j.default] - Zeile Gefunden : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
[1bmm9w0j.default] - Zeile Gefunden : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sat Sep 10 2011 23:27:02 GMT+0200");
[1bmm9w0j.default] - Zeile Gefunden : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
[1bmm9w0j.default] - Zeile Gefunden : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
[1bmm9w0j.default] - Zeile Gefunden : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
[1bmm9w0j.default] - Zeile Gefunden : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
[1bmm9w0j.default] - Zeile Gefunden : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
[1bmm9w0j.default] - Zeile Gefunden : user_pref("CommunityToolbar.notifications.userId", "2ad7e376-7b9c-4d64-a0ad-7ab72cb4c446");
[1bmm9w0j.default] - Zeile Gefunden : user_pref("browser.search.defaultthis.engineName", "Winload Customized Web Search");
[1bmm9w0j.default] - Zeile Gefunden : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}");
-\\ Google Chrome v
[C:\Users\Ghafar Rahim\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://de.ask.com/web?q={searchTerms}
[C:\Users\Ghafar Rahim\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
*************************
AdwCleaner[R0].txt - [11657 Bytes] - [03/07/2015 13:55:59]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [11717 Bytes] ##########
Code:
ATTFilter # AdwCleaner v4.207 - Bericht erstellt 03/07/2015 um 13:59:33
# Aktualisiert 21/06/2015 von Xplode
# Datenbank : 2015-07-02.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Ghafar Rahim - GHAFARRAHIM-PC
# Gestarted von : C:\Users\Ghafar Rahim\Downloads\AdwCleaner_4.207.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Program Files (x86)\GreenTree Applications
Ordner Gelöscht : C:\Program Files (x86)\Common Files\Tobit
Ordner Gelöscht : C:\Users\Ghafar Rahim\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Ghafar Rahim\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Ghafar Rahim\AppData\Roaming\Tobit
Datei Gelöscht : C:\Users\Ghafar Rahim\AppData\Roaming\Mozilla\Firefox\Profiles\1bmm9w0j.default\user.js
***** [ Geplante Tasks ] *****
Task Gelöscht : LaunchSignup
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - 192.168.0.56:8080
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local;<local>
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17840
-\\ Mozilla Firefox v39.0 (x86 de)
[1bmm9w0j.default\prefs.js] - Zeile Gelöscht : user_pref("CT2319825..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
[1bmm9w0j.default\prefs.js] - Zeile Gelöscht : user_pref("CT2319825..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
[1bmm9w0j.default\prefs.js] - Zeile Gelöscht : user_pref("CT2319825.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
[1bmm9w0j.default\prefs.js] - Zeile Gelöscht : user_pref("CT2319825.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
[1bmm9w0j.default\prefs.js] - Zeile Gelöscht : user_pref("CT2319825.InstallationType", "ConduitIntegration");
[1bmm9w0j.default\prefs.js] - Zeile Gelöscht : user_pref("CT2319825.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
[1bmm9w0j.default\prefs.js] - Zeile Gelöscht : user_pref("CT2319825.SearchEngineBeforeUnload", "Winload Customized Web Search");
[1bmm9w0j.default\prefs.js] - Zeile Gelöscht : user_pref("CT2319825.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q=");
[1bmm9w0j.default\prefs.js] - Zeile Gelöscht : user_pref("CT2319825.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
[1bmm9w0j.default\prefs.js] - Zeile Gelöscht : user_pref("CT2319825.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
[1bmm9w0j.default\prefs.js] - Zeile Gelöscht : user_pref("CT2319825.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2319825");
[1bmm9w0j.default\prefs.js] - Zeile Gelöscht : user_pref("CT2319825.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
[1bmm9w0j.default\prefs.js] - Zeile Gelöscht : user_pref("CT2319825.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
[1bmm9w0j.default\prefs.js] - Zeile Gelöscht : user_pref("CT2319825.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
[1bmm9w0j.default\prefs.js] - Zeile Gelöscht : user_pref("CT2319825.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
[1bmm9w0j.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2319825&SearchSource=13");
[1bmm9w0j.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.ConduitSearchList", "Winload Customized Web Search");
[1bmm9w0j.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2319825", "\"1282729563\"");
[1bmm9w0j.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2319825", "\"1282729563\"");
[1bmm9w0j.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=de", "oIwsta2spzadhjRgiY1Nhw==");
[1bmm9w0j.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=de", "WiZSpHJzJ/uTUKvfHHyj/w==");
[1bmm9w0j.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=de", "9H/gICSaMqbmx+Gd+8W4Sg==");
[1bmm9w0j.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=de", "eJfMrdrGnhGHiiPiYjgAww==");
[1bmm9w0j.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"07879643d3acc1:0\"");
[1bmm9w0j.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.0.10", "\"80ee9485875dcc1:0\"");
[1bmm9w0j.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2319825", "\"634501322816130000\"");
[1bmm9w0j.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2319825&octid=CT2319825", "\"1313478201\"");
[1bmm9w0j.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=ct2319825&octid=CT2319825", "\"1313478201\"");
[1bmm9w0j.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer_dead.gif", "\"0a8c48d3330c81:0\"");
[1bmm9w0j.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/maxi.gif", "\"091b5fe2e30c81:0\"");
[1bmm9w0j.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.gif", "\"0e2106f3030c81:0\"");
[1bmm9w0j.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/pause.gif", "\"0d4e6ab4430c81:0\"");
[1bmm9w0j.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif", "\"0f475394430c81:0\"");
[1bmm9w0j.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play_mini.gif", "\"02fce414430c81:0\"");
[1bmm9w0j.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif", "\"08d9ef44430c81:0\"");
[1bmm9w0j.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif", "\"066e8863030c81:0\"");
[1bmm9w0j.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"634510680517330000\"");
[1bmm9w0j.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Ghafar Rahim\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\1bmm9w0j.default\\conduitCommon\\modules\\3.6.0.10");
[1bmm9w0j.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.6.0.10");
[1bmm9w0j.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
[1bmm9w0j.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2319825");
[1bmm9w0j.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2319825");
[1bmm9w0j.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.ToolbarsList4", "CT2319825");
[1bmm9w0j.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sat Sep 10 2011 23:27:02 GMT+0200");
[1bmm9w0j.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.globalUserId", "b05c4eb1-3196-4815-aa1e-a08f621f6450");
[1bmm9w0j.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
[1bmm9w0j.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
[1bmm9w0j.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2319825");
[1bmm9w0j.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sat Sep 10 2011 23:27:03 GMT+0200");
[1bmm9w0j.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
[1bmm9w0j.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.notifications.locale", "en");
[1bmm9w0j.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
[1bmm9w0j.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sat Sep 10 2011 23:27:02 GMT+0200");
[1bmm9w0j.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
[1bmm9w0j.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
[1bmm9w0j.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
[1bmm9w0j.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
[1bmm9w0j.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
[1bmm9w0j.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.notifications.userId", "2ad7e376-7b9c-4d64-a0ad-7ab72cb4c446");
[1bmm9w0j.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.defaultthis.engineName", "Winload Customized Web Search");
[1bmm9w0j.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}");
-\\ Google Chrome v
[C:\Users\Ghafar Rahim\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://de.ask.com/web?q={searchTerms}
[C:\Users\Ghafar Rahim\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
*************************
AdwCleaner[R0].txt - [11809 Bytes] - [03/07/2015 13:55:59]
AdwCleaner[S0].txt - [11916 Bytes] - [03/07/2015 13:59:33]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11976 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.2.7 (07.02.2015:2)
OS: Windows 7 Home Premium x64
Ran by Ghafar Rahim on 03.07.2015 at 14:07:41,10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] C:\Users\Ghafar Rahim\appdata\local\crashrpt
~~~ FireFox
~~~ Chrome
[C:\Users\Ghafar Rahim\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
[C:\Users\Ghafar Rahim\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
[C:\Users\Ghafar Rahim\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
[C:\Users\Ghafar Rahim\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03.07.2015 at 14:13:05,77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01
Ran by Ghafar Rahim (administrator) on GHAFARRAHIM-PC on 03-07-2015 14:16:10
Running from C:\Users\Ghafar Rahim\Downloads
Loaded Profiles: Ghafar Rahim (Available Profiles: Ghafar Rahim & Gast)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-29] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-08-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [186408 2013-12-06] (Geek Software GmbH)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
HKLM-x32\...\Winlogon: [Shell] C:\PROGRA~3\Ip8n1qW.bat [ ] () <=== ATTENTION
HKU\S-1-5-21-326697408-1932606760-2851138926-1001\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-326697408-1932606760-2851138926-1001\...\Run: [Spotify Web Helper] => C:\Users\Ghafar Rahim\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-17] (Spotify Ltd)
HKU\S-1-5-21-326697408-1932606760-2851138926-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-326697408-1932606760-2851138926-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\Ghafar Rahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mioplanet Battery Meter.lnk [2011-04-08]
ShortcutTarget: Mioplanet Battery Meter.lnk -> C:\Program Files (x86)\Mioplanet Battery Meter\Mioplanet Battery Meter.exe ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ghafar Rahim\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ghafar Rahim\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ghafar Rahim\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ghafar Rahim\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ghafar Rahim\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ghafar Rahim\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ghafar Rahim\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-326697408-1932606760-2851138926-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-326697408-1932606760-2851138926-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll [2014-01-24] (CANON INC.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-05-28] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-05-12] (Microsoft Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-02-08] (DivX, LLC)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-01-24] (CANON INC.)
BHO-x32: DivX HiQ -> {593DDEC6-7468-4cdd-90E1-42DADAA222E9} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-02-08] (DivX, LLC)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-05-28] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll [2014-01-24] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-01-24] (CANON INC.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-03-23] (Microsoft Corporation)
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424 2013-10-09] (Microsoft Corporation) ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 C:\Windows\System32\mswsock.dll [327168 2013-10-09] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{5EDFF64D-2E34-4CCD-80FF-DC90C3AE2B30}: [DhcpNameServer] 139.7.30.126 139.7.30.125
Tcpip\..\Interfaces\{C7FC0871-BD1F-485C-A6F5-C000A9BD2C39}: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Ghafar Rahim\AppData\Roaming\Mozilla\Firefox\Profiles\1bmm9w0j.default
FF Homepage: google.de
FF NetworkProxy: "backup.ftp", "192.168.0.1"
FF NetworkProxy: "backup.ftp_port", 8080
FF NetworkProxy: "backup.gopher", "192.168.0.1"
FF NetworkProxy: "backup.gopher_port", 8080
FF NetworkProxy: "backup.socks", "192.168.0.1"
FF NetworkProxy: "backup.socks_port", 8080
FF NetworkProxy: "backup.ssl", "192.168.0.1"
FF NetworkProxy: "backup.ssl_port", 8080
FF NetworkProxy: "ftp", "192.168.0.1"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "gopher", "192.168.0.1"
FF NetworkProxy: "gopher_port", 8080
FF NetworkProxy: "http", "192.168.0.1"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "192.168.0.1"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "socks_version", 4
FF NetworkProxy: "ssl", "192.168.0.1"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-07-01] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-07-01] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-02-08] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-01-24] (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-03-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-326697408-1932606760-2851138926-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Ghafar Rahim\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-326697408-1932606760-2851138926-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Ghafar Rahim\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-326697408-1932606760-2851138926-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Ghafar Rahim\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-326697408-1932606760-2851138926-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ghafar Rahim\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-10-08] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2011-03-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2011-03-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2011-03-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2011-03-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2011-03-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2011-03-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2011-03-08] (Apple Inc.)
FF Extension: YouTube mp3 - C:\Users\Ghafar Rahim\AppData\Roaming\Mozilla\Firefox\Profiles\1bmm9w0j.default\Extensions\info@youtube-mp3.org.xpi [2012-07-20]
FF Extension: Youtube To MP3 PRO converter - C:\Users\Ghafar Rahim\AppData\Roaming\Mozilla\Firefox\Profiles\1bmm9w0j.default\Extensions\jid0-irAmugmQgdURBSCIFZAcjR8ZQMg@jetpack.xpi [2012-08-13]
FF Extension: YouTube to MP3 - C:\Users\Ghafar Rahim\AppData\Roaming\Mozilla\Firefox\Profiles\1bmm9w0j.default\Extensions\youtube2mp3@mondayx.de.xpi [2012-07-20]
FF Extension: Adblock Plus - C:\Users\Ghafar Rahim\AppData\Roaming\Mozilla\Firefox\Profiles\1bmm9w0j.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-07]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011-02-24]
FF HKLM-x32\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011-02-24]
Chrome:
=======
CHR Profile: C:\Users\Ghafar Rahim\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (DivX HiQ) - C:\Users\Ghafar Rahim\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae [2012-09-10]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Ghafar Rahim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2012-09-10]
CHR HKLM-x32\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [2011-02-08]
CHR HKLM-x32\...\Chrome\Extension: [ngnjhfpfhadncgafgbneeljaginimmmk] - C:\Users\GHAFAR~1\AppData\Local\Temp\tbch.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [2011-02-08]
StartMenuInternet: Google Chrome.WAKFTUGJO4SASLO4I5UDNVQHUQ - C:\Users\Ghafar Rahim\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2739888 2015-05-19] (Microsoft Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 WTGService; C:\Program Files (x86)\XSManager\WTGService.exe [329848 2013-05-06] ()
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [126080 2013-12-12] (QUALCOMM Incorporated)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [132608 2009-06-29] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-03 14:15 - 2015-07-03 14:15 - 00000000 ____D C:\Users\Ghafar Rahim\Downloads\FRST-OlderVersion
2015-07-03 14:13 - 2015-07-03 14:13 - 00001194 _____ C:\Users\Ghafar Rahim\Desktop\JRT.txt
2015-07-03 14:09 - 2015-07-03 14:09 - 00000207 _____ C:\Windows\tweaking.com-regbackup-GHAFARRAHIM-PC-Windows-7-Home-Premium-(64-bit).dat
2015-07-03 14:07 - 2015-07-03 14:07 - 00000000 ____D C:\RegBackup
2015-07-03 14:06 - 2015-07-03 14:07 - 02951023 _____ (Malwarebytes Corporation) C:\Users\Ghafar Rahim\Downloads\JRT.exe
2015-07-03 14:02 - 2015-07-03 14:02 - 00012057 _____ C:\Users\Ghafar Rahim\Desktop\AdwCleaner[S0].txt
2015-07-03 13:59 - 2015-07-03 13:59 - 00011809 _____ C:\Users\Ghafar Rahim\Desktop\AdwCleaner[R0].txt
2015-07-03 13:55 - 2015-07-03 14:02 - 00000000 ____D C:\AdwCleaner
2015-07-03 13:53 - 2015-07-03 13:54 - 02244096 _____ C:\Users\Ghafar Rahim\Downloads\AdwCleaner_4.207.exe
2015-07-03 13:52 - 2015-07-03 13:52 - 00002118 _____ C:\Users\Ghafar Rahim\Desktop\mbam.txt
2015-07-03 12:46 - 2015-07-03 12:46 - 00000093 _____ C:\Windows\wininit.ini
2015-07-03 12:38 - 2015-07-03 12:38 - 00006170 _____ C:\Users\Ghafar Rahim\Desktop\Praktikumsbestätigung.odt
2015-07-03 12:38 - 2015-07-03 12:38 - 00000162 ____H C:\Users\Ghafar Rahim\Desktop\~$aktikumsbestätigung.odt
2015-07-03 12:38 - 2015-07-03 12:38 - 00000000 ____H C:\Users\Ghafar Rahim\Desktop\~WRL1787.tmp
2015-07-03 12:25 - 2015-07-03 12:28 - 00001106 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-07-03 12:24 - 2015-07-03 12:25 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Ghafar Rahim\Downloads\mbam-setup-2.1.6.1022.exe
2015-07-03 00:09 - 2015-07-03 13:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-02 11:06 - 2015-07-02 11:06 - 00000000 _____ C:\Windows\system32\떀È
2015-07-02 11:04 - 2015-07-02 11:04 - 00025285 _____ C:\ComboFix.txt
2015-07-02 10:27 - 2015-07-02 11:04 - 00000000 ____D C:\ComboFix
2015-07-02 10:24 - 2015-07-02 10:25 - 05631262 ____R (Swearware) C:\Users\Ghafar Rahim\Desktop\ComboFix.exe
2015-07-01 21:10 - 2015-07-01 21:10 - 00150872 _____ C:\Users\Ghafar Rahim\Downloads\WhatsApp Chat with Valeria Berger.txt
2015-07-01 20:53 - 2015-07-01 20:54 - 00453704 _____ C:\Users\Ghafar Rahim\Downloads\WhatsApp Chat Valeria Berger.txt
2015-07-01 15:34 - 2015-07-01 15:35 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Ghafar Rahim\Downloads\tdsskiller.exe
2015-07-01 13:29 - 2015-07-01 15:34 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-07-01 13:28 - 2015-07-01 16:26 - 00000000 ____D C:\Users\Ghafar Rahim\Desktop\mbar
2015-07-01 13:27 - 2015-07-01 13:27 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Ghafar Rahim\Downloads\mbar-1.09.1.1004.exe
2015-06-26 00:28 - 2015-06-26 00:28 - 00000000 ____D C:\Users\Ghafar Rahim\AppData\Local\Skype
2015-06-24 14:38 - 2015-06-24 14:38 - 00052138 _____ C:\Users\Ghafar Rahim\Downloads\Addition.txt
2015-06-24 14:36 - 2015-07-03 14:16 - 00020348 _____ C:\Users\Ghafar Rahim\Downloads\FRST.txt
2015-06-24 14:36 - 2015-07-03 14:16 - 00000000 ____D C:\FRST
2015-06-24 14:36 - 2015-07-03 14:15 - 02112512 _____ (Farbar) C:\Users\Ghafar Rahim\Downloads\FRST64.exe
2015-06-24 11:27 - 2015-06-24 11:27 - 18174128 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-06-18 13:34 - 2015-06-01 21:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-18 13:34 - 2015-06-01 20:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-18 13:34 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-18 13:34 - 2015-05-23 05:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-18 13:34 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-18 13:34 - 2015-05-23 05:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-18 13:34 - 2015-05-23 05:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-06-18 13:34 - 2015-05-23 05:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-18 13:34 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-18 13:34 - 2015-05-23 05:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-18 13:34 - 2015-05-23 05:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-18 13:34 - 2015-05-23 05:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-18 13:34 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-18 13:34 - 2015-05-23 05:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-18 13:34 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-18 13:34 - 2015-05-23 04:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-18 13:34 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-18 13:34 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-18 13:34 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-18 13:34 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-18 13:34 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-18 13:34 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-18 13:34 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-18 13:34 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-18 13:34 - 2015-05-22 21:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-18 13:34 - 2015-05-22 21:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-18 13:34 - 2015-05-22 21:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-18 13:34 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-18 13:34 - 2015-05-22 21:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-18 13:34 - 2015-05-22 20:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-18 13:34 - 2015-05-22 20:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-18 13:34 - 2015-05-22 20:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-18 13:34 - 2015-05-22 20:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-18 13:34 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-18 13:34 - 2015-05-22 20:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-18 13:34 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-18 13:34 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-18 13:34 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-18 13:34 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-18 13:33 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-18 13:33 - 2015-05-25 20:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-18 13:33 - 2015-05-25 19:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-18 13:33 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-18 13:33 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-18 13:33 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-18 13:33 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-06-18 13:33 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-18 13:33 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-18 13:33 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-18 13:33 - 2015-05-22 20:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-18 13:33 - 2015-05-22 20:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-18 13:33 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-18 13:33 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-18 13:33 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-18 13:33 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-18 13:33 - 2015-05-22 20:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-18 13:33 - 2015-05-22 20:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-18 13:33 - 2015-05-22 20:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-18 13:33 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-18 13:33 - 2015-05-22 20:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-18 13:33 - 2015-05-22 20:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-18 13:33 - 2015-05-22 20:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-18 13:33 - 2015-05-22 20:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-18 13:33 - 2015-05-22 20:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-18 13:33 - 2015-05-22 20:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-18 13:33 - 2015-05-22 20:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-18 13:33 - 2015-05-22 20:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-18 13:33 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-18 13:33 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-18 13:33 - 2015-05-21 15:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-18 13:33 - 2015-04-29 20:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-18 13:33 - 2015-04-29 20:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-18 13:33 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-18 13:33 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-18 13:33 - 2015-04-29 20:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-18 13:33 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-18 13:33 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-18 13:33 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-18 13:33 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-18 13:33 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-18 13:33 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-18 13:33 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-18 13:32 - 2015-05-25 20:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-18 13:32 - 2015-05-25 20:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-18 13:32 - 2015-05-25 20:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-18 13:32 - 2015-05-25 20:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-18 13:32 - 2015-05-25 20:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-18 13:32 - 2015-05-25 20:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-18 13:32 - 2015-05-25 20:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-18 13:32 - 2015-05-25 20:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-18 13:32 - 2015-05-25 20:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-18 13:32 - 2015-05-25 20:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-18 13:32 - 2015-05-25 20:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-18 13:32 - 2015-05-25 20:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-18 13:32 - 2015-05-25 20:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-18 13:32 - 2015-05-25 20:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-18 13:32 - 2015-05-25 20:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-18 13:32 - 2015-05-25 20:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-18 13:32 - 2015-05-25 20:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-18 13:32 - 2015-05-25 20:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-18 13:32 - 2015-05-25 20:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-18 13:32 - 2015-05-25 20:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-18 13:32 - 2015-05-25 20:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-18 13:32 - 2015-05-25 20:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-18 13:32 - 2015-05-25 20:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-18 13:32 - 2015-05-25 20:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-18 13:32 - 2015-05-25 20:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-18 13:32 - 2015-05-25 20:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-18 13:32 - 2015-05-25 20:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-18 13:32 - 2015-05-25 20:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-18 13:32 - 2015-05-25 20:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-18 13:32 - 2015-05-25 20:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-18 13:32 - 2015-05-25 20:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-18 13:32 - 2015-05-25 20:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-18 13:32 - 2015-05-25 20:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-18 13:32 - 2015-05-25 20:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-18 13:32 - 2015-05-25 20:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-18 13:32 - 2015-05-25 20:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-18 13:32 - 2015-05-25 20:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-18 13:32 - 2015-05-25 20:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-18 13:32 - 2015-05-25 20:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-18 13:32 - 2015-05-25 20:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-18 13:32 - 2015-05-25 20:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-18 13:32 - 2015-05-25 20:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-18 13:32 - 2015-05-25 20:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 20:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 20:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-06-18 13:32 - 2015-05-25 20:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-06-18 13:32 - 2015-05-25 20:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-18 13:32 - 2015-05-25 20:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-06-18 13:32 - 2015-05-25 20:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-06-18 13:32 - 2015-05-25 20:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-18 13:32 - 2015-05-25 20:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-06-18 13:32 - 2015-05-25 20:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-18 13:32 - 2015-05-25 20:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-06-18 13:32 - 2015-05-25 20:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-06-18 13:32 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-06-18 13:32 - 2015-05-25 20:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-06-18 13:32 - 2015-05-25 20:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-06-18 13:32 - 2015-05-25 20:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-18 13:32 - 2015-05-25 20:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-06-18 13:32 - 2015-05-25 20:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-18 13:32 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-06-18 13:32 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-06-18 13:32 - 2015-05-25 20:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-06-18 13:32 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-06-18 13:32 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-06-18 13:32 - 2015-05-25 20:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-18 13:32 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-06-18 13:32 - 2015-05-25 19:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-18 13:32 - 2015-05-25 19:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-18 13:32 - 2015-05-25 19:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-06-18 13:32 - 2015-05-25 19:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-18 13:32 - 2015-05-25 19:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-18 13:32 - 2015-05-25 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-06-18 13:32 - 2015-05-25 19:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-18 13:32 - 2015-05-25 19:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-06-18 13:32 - 2015-05-25 19:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 19:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-18 13:32 - 2015-05-25 18:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-18 13:32 - 2015-05-25 18:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-18 13:32 - 2015-05-25 18:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 18:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-18 13:32 - 2015-05-25 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-18 13:32 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-04 03:49 - 2015-07-03 14:00 - 00047832 _____ C:\Windows\PFRO.log
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-03 14:09 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-03 14:09 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-03 14:01 - 2015-05-21 08:14 - 00010740 _____ C:\Windows\setupact.log
2015-07-03 14:01 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-03 14:00 - 2013-05-06 12:45 - 01107653 _____ C:\Windows\WindowsUpdate.log
2015-07-03 13:57 - 2012-09-09 23:59 - 00001148 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-326697408-1932606760-2851138926-1001UA.job
2015-07-03 13:51 - 2014-11-11 15:18 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-03 13:48 - 2012-06-07 23:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-03 13:27 - 2012-08-28 19:00 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-03 13:24 - 2012-05-26 00:39 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-03 13:00 - 2012-09-09 23:59 - 00001096 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-326697408-1932606760-2851138926-1001Core.job
2015-07-03 12:28 - 2014-11-11 15:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-07-03 12:28 - 2014-11-11 15:17 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-07-03 12:22 - 2011-10-03 22:24 - 00001166 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-326697408-1932606760-2851138926-1001UA.job
2015-07-02 23:36 - 2011-10-03 22:24 - 00001144 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-326697408-1932606760-2851138926-1001Core.job
2015-07-02 11:04 - 2013-05-06 12:38 - 00000000 ____D C:\Qoobox
2015-07-02 10:55 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-07-01 21:30 - 2012-08-28 19:00 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-01 21:30 - 2012-08-28 19:00 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-01 21:30 - 2011-11-06 11:20 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-01 21:29 - 2011-02-21 21:49 - 00000000 ____D C:\Users\Ghafar Rahim\AppData\Local\Adobe
2015-07-01 13:08 - 2014-10-12 14:05 - 00000000 ____D C:\Users\Ghafar Rahim\Desktop\Mama geburtstag
2015-07-01 13:08 - 2014-08-17 15:51 - 00000000 ____D C:\Users\Ghafar Rahim\Desktop\papa
2015-07-01 12:00 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-06-30 12:07 - 2014-06-26 12:42 - 00000000 ____D C:\Users\Ghafar Rahim\Desktop\Muke FFm
2015-06-26 00:39 - 2011-05-24 18:17 - 00000000 ____D C:\Users\Ghafar Rahim\AppData\Roaming\Skype
2015-06-24 10:10 - 2011-03-07 12:05 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-24 10:06 - 2015-03-23 03:22 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-06-20 17:12 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-06-20 12:15 - 2010-11-17 20:35 - 00710768 _____ C:\Windows\system32\perfh007.dat
2015-06-20 12:15 - 2010-11-17 20:35 - 00155066 _____ C:\Windows\system32\perfc007.dat
2015-06-20 12:15 - 2009-07-14 07:13 - 01651648 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-19 17:51 - 2009-07-14 06:45 - 00465824 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-19 17:49 - 2014-12-12 13:23 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-19 17:49 - 2014-05-06 11:27 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-19 17:48 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-19 17:07 - 2013-08-14 14:11 - 00000000 ____D C:\Windows\system32\MRT
2015-06-19 17:00 - 2013-07-05 13:38 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-19 16:58 - 2009-07-14 04:34 - 00000478 _____ C:\Windows\win.ini
2015-06-18 08:41 - 2014-11-11 15:17 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-18 08:41 - 2014-11-11 15:17 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-18 08:41 - 2013-01-31 23:10 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
==================== Files in the root of some directories =======
2013-07-14 17:39 - 2013-07-14 17:39 - 0000004 _____ () C:\Users\Ghafar Rahim\AppData\Roaming\cache.ini
2013-06-26 01:02 - 2013-06-26 01:02 - 0000101 _____ () C:\Users\Ghafar Rahim\AppData\Roaming\mbam.context.scan
2013-05-06 11:34 - 2013-05-06 11:36 - 0007168 ___SH () C:\Users\Ghafar Rahim\AppData\Roaming\Thumbs.db
2011-10-12 21:53 - 2011-10-12 21:53 - 0030236 _____ () C:\Users\Ghafar Rahim\AppData\Roaming\UserTile.png
2006-12-11 20:13 - 2006-12-11 20:13 - 0097336 _____ (Un4seen Developments) C:\Users\Ghafar Rahim\AppData\Local\bass.dll
2006-12-11 20:13 - 2006-12-11 20:13 - 0013872 _____ (Un4seen Developments) C:\Users\Ghafar Rahim\AppData\Local\basscd.dll
2007-08-13 18:46 - 2007-08-13 18:46 - 0102912 _____ (Albert L Faber) C:\Users\Ghafar Rahim\AppData\Local\CDRip.dll
2013-05-13 00:09 - 2013-05-13 00:09 - 0000100 _____ () C:\Users\Ghafar Rahim\AppData\Local\fusioncache.dat
2007-01-18 22:09 - 2007-01-18 22:09 - 0623616 _____ (Ivan Bischof ©2003 - 2005) C:\Users\Ghafar Rahim\AppData\Local\No23 Recorder.exe
2011-12-11 23:31 - 2012-07-24 17:46 - 0001474 _____ () C:\Users\Ghafar Rahim\AppData\Local\RecConfig.xml
2013-01-25 01:42 - 2013-01-25 01:42 - 0003269 _____ () C:\ProgramData\Ip8n1qW.js
2013-01-25 01:42 - 2013-01-25 01:42 - 0000153 _____ () C:\ProgramData\Ip8n1qW.reg
2013-01-28 19:43 - 2013-01-28 19:43 - 0000082 _____ () C:\ProgramData\RgrcJvf.bat
2013-01-28 19:43 - 2013-01-28 19:43 - 0003270 _____ () C:\ProgramData\RgrcJvf.js
2013-01-28 19:43 - 2013-01-28 19:43 - 0000153 _____ () C:\ProgramData\RgrcJvf.reg
Files to move or delete:
====================
C:\ProgramData\Ip8n1qW.js
C:\ProgramData\Ip8n1qW.reg
C:\ProgramData\RgrcJvf.bat
C:\ProgramData\RgrcJvf.js
C:\ProgramData\RgrcJvf.reg
C:\Users\Ghafar Rahim\AppData\Roaming\cache.ini
Some files in TEMP:
====================
C:\Users\Ghafar Rahim\AppData\Local\Temp\Quarantine.exe
C:\Users\Ghafar Rahim\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-07-03 00:35
==================== End of log ============================
|
|
04.07.2015, 14:51
| #10 |
| /// the machine /// TB-Ausbilder | Unbekanntes Problem mit meinem Acer LaptopESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Unbekanntes Problem mit meinem Acer Laptop |
| acer, acer laptop, ahnung, beseitigen, bestimmte, dauert, einiger, hilfe, icons, keine ahnung, langsamer, laptop, leute, merke, problem, sekunden, unbekanntes, würde, öffnen |
Linear-Darstellung
