Win 7 SP1 64-bit: Verdächtige Prozesse und deaktiviertes Windows Update

renet · 18.06.2015, 19:35

Guten Tag zusammen,

der DELL Laptop (Windows 7 SP1) meiner Freundin ist leider offenbar von Viren befallen. Ich habe einen Beitrag hier im Forum gefunden, der sehr ähnliche Symptome beschrieb: http://www.trojaner-board.de/165630-...ktivitaet.html

Auch bei ihr sind die cmd.exe, conhost.exe und msiexec.exe verdächtig häufig und mit auffallend hohem Speicherverbrauch am Werk. Aufgefallen war ihr das selbst heute im Laufe des Tages. Im Taskmanager lassen sich die Prozesse nicht beenden.

Auch lassen sich keine Windows Updates mehr installieren. Klicke ich in den Windows Updates auf "Nach Updates suchen", bekomme ich die Fehlermeldung: "Windows Update kann nicht nach Updates suchen, da der Dienst nicht ausgeführt wird." Die Dienste "bits" und "wuauserv", die auf der Hilfeseite von Microsoft aufgeführt werden, sind auch nicht (mehr) installiert und auch das FixIt hat keine Probleme feststellen (und damit auch nicht beseitigen) können. Auch lies sich der Windows Update Service nicht erneut installieren.

Ich habe HijackThis installiert (weil ich das schon kannte) und einen Scan durchlaufen lassen. Es wurden aber keine verdächtigen Prozesse gefunden. Verdächtig finde ich aber, dass die besagten Prozesse (conhost.exe, etc.) nicht im Log von HijackThis zu finden sind.

GMER hat den Rechner beim 1. Scan zum Absturz/Neustart gebracht. Beim zweiten Versuch hat's aber geklappt.

Vielen Dank schon einmal für Eure Hilfe!

LG
René

HijackThis:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 20:12:57, on 17.06.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17801)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Users\Sophie\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe
C:\Program Files\360\360 Internet Security\safemon\360tray.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files (x86)\Nero\SyncUP\SyncUP.exe
C:\Users\Sophie\Desktop\HijackThis.exe
C:\Program Files (x86)\Nero\SyncUP\Nero.AndroidServer.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O3 - Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
O4 - HKLM\..\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
O4 - HKLM\..\Run: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
O4 - HKLM\..\Run: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [EPSON Stylus D92 Series (Kopie 1)] C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBZE.EXE /FU "C:\Windows\TEMP\E_S14C9.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Sophie\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs:     
O23 - Service: 360 Internet Security Real-time Protection Loading Service (360rp) - Qihu 360 Software Co., Ltd. - C:\Program Files\360\360 Internet Security\360rps.exe
O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EpsonCustomerParticipation - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MotoConnect Service - Unknown owner - C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RoxMediaDB12OEM - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Proactive Defence (ZhuDongFangYu) - Qihu 360 Software Co., Ltd. - C:\Program Files\360\360 Internet Security\deepscan\QHActiveDefense.exe

--
End of file - 15151 bytes

FRST:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by Sophie (administrator) on SOPHIE-PC on 17-06-2015 23:38:39
Running from C:\Users\Sophie\Desktop
Loaded Profiles: Sophie (Available Profiles: Sophie)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Qihu 360 Software Co., Ltd.) C:\Program Files\360\360 Internet Security\360rps.exe
(Qihu 360 Software Co., Ltd.) C:\Program Files\360\360 Internet Security\deepscan\QHActiveDefense.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Atheros Communications) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Qihu 360 Software Co., Ltd.) C:\Program Files\360\360 Internet Security\360sd.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Qihu 360 Software Co., Ltd.) C:\Program Files\360\360 Internet Security\360rp.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Qihu 360 Software Co., Ltd.) C:\Program Files\360\360 Internet Security\safemon\360Tray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\PresentationHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Opera Software) C:\Program Files (x86)\Opera\opera.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6629480 2011-04-15] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-13] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [627360 2011-05-20] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe [379552 2011-05-20] (Atheros Commnucations)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [4500640 2011-03-11] (Dell Inc.)
HKLM\...\Run: [Stage Remote] => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe [2022976 2011-06-28] ()
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()
HKLM\...\Run: [360sd] => C:\Program Files\360\360 Internet Security\360sdrun.exe [287560 2014-04-16] (Qihu 360 Software Co., Ltd.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-01-20] (Apple Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3075084587-570557683-2351437684-1000\...\MountPoints2: {21bdc23b-0a41-11e2-a245-08edb945fa66} - E:\setup.exe -a
HKU\S-1-5-21-3075084587-570557683-2351437684-1000\...\MountPoints2: {c00cfa1e-9173-11e1-9153-806e6f6e6963} - D:\curse.exe
HKU\S-1-5-21-3075084587-570557683-2351437684-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3075084587-570557683-2351437684-1000\...0c966feabec1\InprocServer32: [Default-shell32] C:\Users\Sophie\AppData\Local\{07520515-0e79-69ef-f5fa-e9a7dd55b95b}\n. ATTENTION! ====> ZeroAccess/Alureon?

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3075084587-570557683-2351437684-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-3075084587-570557683-2351437684-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
URLSearchHook: HKU\S-1-5-21-3075084587-570557683-2351437684-1000 - (No Name) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - No File
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=394&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=6508781412674028&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {91DF08E6-BA8D-4989-926E-191C59F06182} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=394&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=6508781412674028&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=394&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=6508781412674028&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {91DF08E6-BA8D-4989-926E-191C59F06182} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=394&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=6508781412674028&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3075084587-570557683-2351437684-1000 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=394&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=6508781412674028&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3075084587-570557683-2351437684-1000 -> {4108A944-B095-421A-ADBE-CBD71A773B08} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3075084587-570557683-2351437684-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=394&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=6508781412674028&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3075084587-570557683-2351437684-1000 -> {FE6EED70-6491-4692-B0FE-F1E818AB580C} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files\360\360 Internet Security\safemon\safemon64.dll [2014-04-23] (Qihu 360 Software Co., Ltd.)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2011-05-20] (Atheros Commnucations)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
Toolbar: HKLM-x32 - No Name - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} -  No File
Toolbar: HKU\S-1-5-21-3075084587-570557683-2351437684-1000 -> No Name - {40C3CC16-7269-4B32-9531-17F2950FB06F} -  No File
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Winsock: Catalog5 01 mswsock.dll File not found ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File not found ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not ' & $found1 & ' ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not ' & $found1 & ' ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\232biimb.default
FF NewTab: yafd:tabs
FF DefaultSearchEngine: Search Results
FF SearchEngineOrder.1: Search Results
FF SelectedSearchEngine: Search Results
FF Homepage: hxxp://www.yandex.ru/?clid=1923017
FF Keyword.URL: hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=394&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=6508781412674028&o=APN10645&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-10] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-10] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll [2012-03-29] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\232biimb.default\searchplugins\Search_Results.xml [2013-02-17]
FF SearchPlugin: C:\Users\Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\232biimb.default\searchplugins\yqs-barff-yandex.xml [2012-11-18]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml [2013-02-17]
FF Extension: Visual Bookmarks - C:\Users\Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\232biimb.default\Extensions\vb@yandex.ru [2013-02-17]
FF Extension: &Yandex Elements& - C:\Users\Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\232biimb.default\Extensions\yasearch@yandex.ru [2013-02-17]
FF Extension: Search-Results Toolbar - C:\Users\Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\232biimb.default\Extensions\{377e5d4d-77e5-476a-8716-7e70a9272da0} [2013-02-17]
FF Extension: No Name - C:\Program Files (x86)\Search Results Toolbar\Datamngr\FirefoxExtension [not found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]

Chrome: 
=======
CHR Profile: C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-22]
CHR Extension: (Google Drive) - C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-22]
CHR Extension: (YouTube) - C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-22]
CHR Extension: (Google Search) - C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-22]
CHR Extension: (Google Drive Client Native Proxy) - C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nknebiagdodnminbdpflhpkgfpeijdbf [2014-08-09]
CHR Extension: (Google Wallet) - C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-22]
CHR Extension: (Gmail) - C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-22]
CHR HKU\S-1-5-21-3075084587-570557683-2351437684-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Sophie\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-12-24]
CHR HKU\S-1-5-21-3075084587-570557683-2351437684-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nknebiagdodnminbdpflhpkgfpeijdbf] - C:\Users\Sophie\AppData\Local\Google\Drive\nknebiagdodnminbdpflhpkgfpeijdbf_live.crx [2014-08-07]
CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - No Path Or update_url value
CHR HKLM-x32\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - No Path Or update_url value

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 360rp; C:\Program Files\360\360 Internet Security\360rps.exe [310352 2014-04-16] (Qihu 360 Software Co., Ltd.)
S4 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S4 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-03-05] (Adobe Systems) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-05-20] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [80032 2011-05-20] (Atheros Commnucations) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S4 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE [102400 2006-04-18] (SEIKO EPSON CORPORATION)
S4 MotoConnect Service; C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [91392 2010-01-27] ()
S3 scan; C:\Program Files\360\360 Internet Security\scan.dll [423144 2013-02-20] (S.C. BitDefender S.R.L)
R2 ZhuDongFangYu; C:\Program Files\360\360 Internet Security\deepscan\QHActiveDefense.exe [236360 2014-04-23] (Qihu 360 Software Co., Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [97872 2014-04-21] (Qihu 360 Software Co., Ltd.)
R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [67664 2014-04-23] (Qihu 360 Software Co., Ltd.)
R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [305744 2014-04-29] (Qihu 360 Software Co., Ltd.)
R1 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [41552 2014-04-29] (Qihu 360 Software Co., Ltd.)
R1 360fsflt; C:\Windows\System32\DRIVERS\360FsFlt.sys [304208 2014-05-07] (Qihu 360 Software Co., Ltd.)
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [180816 2014-04-18] (Qihu 360 Software Co., Ltd.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2012-07-22] (Duplex Secure Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-17 23:38 - 2015-06-17 23:39 - 00020363 _____ C:\Users\Sophie\Desktop\FRST.txt
2015-06-17 23:38 - 2015-06-17 23:38 - 00000000 ____D C:\FRST
2015-06-17 23:33 - 2015-06-17 23:33 - 00000000 ___RD C:\Users\Sophie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-06-17 23:30 - 2015-06-17 23:30 - 00000584 _____ C:\Users\Sophie\Desktop\defogger_disable.log
2015-06-17 23:30 - 2015-06-17 23:30 - 00000020 _____ C:\Users\Sophie\defogger_reenable
2015-06-17 23:28 - 2015-06-17 23:28 - 00380416 _____ C:\Users\Sophie\Desktop\pybic4e9.exe
2015-06-17 23:27 - 2015-06-17 23:27 - 02109952 _____ (Farbar) C:\Users\Sophie\Desktop\FRST64.exe
2015-06-17 23:26 - 2015-06-17 23:26 - 00050477 _____ C:\Users\Sophie\Desktop\Defogger.exe
2015-06-17 23:20 - 2015-06-17 23:20 - 00001519 _____ C:\Users\Sophie\Desktop\forum_beitrag.txt
2015-06-17 23:16 - 2015-06-17 23:16 - 00010333 _____ C:\Users\Sophie\Desktop\hijackthis_abgesichert.log
2015-06-17 21:29 - 2015-06-17 21:29 - 09723600 _____ (Microsoft Corporation) C:\Users\Sophie\Desktop\WindowsUpdateAgent-7.6-x86.exe
2015-06-17 21:18 - 2015-06-17 21:18 - 00000000 __SHD C:\Users\Sophie\AppData\Local\EmieUserList
2015-06-17 21:18 - 2015-06-17 21:18 - 00000000 __SHD C:\Users\Sophie\AppData\Local\EmieSiteList
2015-06-17 21:18 - 2015-06-17 21:18 - 00000000 __SHD C:\Users\Sophie\AppData\Local\EmieBrowserModeList
2015-06-17 21:03 - 2015-06-17 21:03 - 00003416 ____N C:\bootsqm.dat
2015-06-17 20:59 - 2015-06-17 20:59 - 00000000 __SHD C:\found.000
2015-06-17 20:41 - 2015-06-17 20:41 - 00000000 ____D C:\Windows\pss
2015-06-17 19:57 - 2015-06-17 20:12 - 00015153 _____ C:\Users\Sophie\Desktop\hijackthis_normal.log
2015-06-17 19:54 - 2015-06-17 19:54 - 00388608 _____ (Trend Micro Inc.) C:\Users\Sophie\Desktop\HijackThis.exe
2015-06-16 19:28 - 2015-06-16 19:29 - 00000000 ___HD C:\ProgramData\{D612DEA7-41A3-483A-9F90-A49A62502B1B}
2015-05-18 12:27 - 2015-05-18 12:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG4200 series
2015-05-18 11:51 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2015-05-18 11:28 - 2015-05-18 11:28 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-18 11:28 - 2015-05-18 11:28 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-18 11:27 - 2015-05-18 11:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-18 11:27 - 2015-05-18 11:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-18 11:27 - 2015-05-18 11:27 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-18 11:27 - 2015-05-18 11:27 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-18 11:27 - 2015-05-18 11:27 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2015-05-18 11:27 - 2015-05-18 11:27 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2015-05-18 11:27 - 2015-05-18 11:27 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-18 11:27 - 2015-05-18 11:27 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-18 11:27 - 2015-05-18 11:27 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2015-05-18 11:27 - 2015-05-18 11:27 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2015-05-18 11:27 - 2015-05-18 11:27 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-18 11:27 - 2015-05-18 11:27 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2015-05-18 11:27 - 2015-05-18 11:27 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2015-05-18 11:27 - 2015-05-18 11:27 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-18 11:27 - 2015-05-18 11:27 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-18 11:27 - 2015-05-18 11:27 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2015-05-18 11:27 - 2015-05-18 11:27 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-05-18 11:27 - 2015-05-18 11:27 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-05-18 11:27 - 2015-05-18 11:27 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2015-05-18 11:27 - 2015-05-18 11:27 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2015-05-18 11:27 - 2015-05-18 11:27 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2015-05-18 11:27 - 2015-05-18 11:27 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2015-05-18 11:27 - 2015-05-18 11:27 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-05-18 11:27 - 2015-05-18 11:27 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-05-18 11:27 - 2015-05-18 11:27 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-05-18 11:27 - 2015-05-18 11:27 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-05-18 11:27 - 2015-05-18 11:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-18 11:25 - 2015-05-18 11:25 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-18 11:25 - 2015-05-18 11:25 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-18 11:25 - 2015-05-18 11:25 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-18 11:25 - 2015-05-18 11:25 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-18 11:25 - 2015-05-18 11:25 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-18 11:25 - 2015-05-18 11:25 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-18 11:25 - 2015-05-18 11:25 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-18 11:25 - 2015-05-18 11:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-18 11:24 - 2015-05-18 11:24 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-05-18 11:24 - 2015-05-18 11:24 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-05-18 11:24 - 2015-05-18 11:24 - 00376688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2015-05-18 11:24 - 2015-05-18 11:24 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2015-05-18 11:24 - 2015-05-18 11:24 - 00288088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-05-18 11:24 - 2015-05-18 11:24 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2015-05-18 11:24 - 2015-05-18 11:24 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2015-05-18 11:21 - 2015-05-18 11:21 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-05-18 11:21 - 2015-05-18 11:21 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-05-18 11:21 - 2015-05-18 11:21 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2015-05-18 11:21 - 2015-05-18 11:21 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-05-18 11:21 - 2015-05-18 11:21 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2015-05-18 11:21 - 2015-05-18 11:21 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-05-18 11:21 - 2015-05-18 11:21 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2015-05-18 11:21 - 2015-05-18 11:21 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-18 11:21 - 2015-05-18 11:21 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-05-18 11:21 - 2015-05-18 11:21 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-18 11:21 - 2015-05-18 11:21 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-05-18 11:21 - 2015-05-18 11:21 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-05-18 11:21 - 2015-05-18 11:21 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-18 11:21 - 2015-05-18 11:21 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2015-05-18 11:21 - 2015-05-18 11:21 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2015-05-18 11:21 - 2015-05-18 11:21 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-05-18 11:21 - 2015-05-18 11:21 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2015-05-18 11:21 - 2015-05-18 11:21 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2015-05-18 11:21 - 2015-05-18 11:21 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-05-18 11:21 - 2015-05-18 11:21 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-05-18 11:21 - 2015-05-18 11:21 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2015-05-18 11:21 - 2015-05-18 11:21 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2015-05-18 11:21 - 2015-05-18 11:21 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-05-18 11:21 - 2015-05-18 11:21 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-05-18 11:21 - 2015-05-18 11:21 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2015-05-18 11:21 - 2015-05-18 11:21 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2015-05-18 11:21 - 2015-05-18 11:21 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2015-05-18 11:21 - 2015-05-18 11:21 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2015-05-18 11:21 - 2015-05-18 11:21 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2015-05-18 11:21 - 2015-05-18 11:21 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2015-05-18 11:21 - 2015-05-18 11:21 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-05-18 11:21 - 2015-05-18 11:21 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2015-05-18 11:21 - 2015-05-18 11:21 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2015-05-18 11:21 - 2015-05-18 11:21 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-05-18 11:21 - 2015-05-18 11:21 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-05-18 11:21 - 2015-05-18 11:21 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-05-18 11:21 - 2015-05-18 11:21 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-05-18 11:21 - 2015-05-18 11:21 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-05-18 11:21 - 2015-05-18 11:21 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-05-18 11:21 - 2015-05-18 11:21 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-05-18 11:21 - 2015-05-18 11:21 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-05-18 11:21 - 2015-05-18 11:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2015-05-18 11:21 - 2015-05-18 11:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2015-05-18 11:21 - 2015-05-18 11:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-05-18 11:21 - 2015-05-18 11:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-05-18 11:21 - 2015-05-18 11:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2015-05-18 11:21 - 2015-05-18 11:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-05-18 11:21 - 2015-05-18 11:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2015-05-18 11:21 - 2015-05-18 11:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-05-18 11:21 - 2015-05-18 11:21 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-05-18 11:21 - 2015-05-18 11:21 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-05-18 11:18 - 2015-05-18 11:18 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2015-05-18 11:18 - 2015-05-18 11:18 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2015-05-18 11:15 - 2015-05-18 11:51 - 00014177 _____ C:\Windows\IE11_main.log

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-17 23:37 - 2010-11-21 08:50 - 22216378 _____ C:\Windows\system32\perfh007.dat
2015-06-17 23:37 - 2010-11-21 08:50 - 07156834 _____ C:\Windows\system32\perfc007.dat
2015-06-17 23:37 - 2009-07-14 07:13 - 00006078 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-17 23:33 - 2012-04-29 07:01 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2015-06-17 23:33 - 2012-04-29 07:01 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2015-06-17 23:33 - 2012-04-29 06:55 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2015-06-17 23:32 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-17 23:32 - 2009-07-14 06:51 - 00092131 _____ C:\Windows\setupact.log
2015-06-17 23:31 - 2010-11-21 05:47 - 00554978 _____ C:\Windows\PFRO.log
2015-06-17 23:30 - 2012-05-04 19:41 - 00000000 ____D C:\Users\Sophie
2015-06-17 23:30 - 2009-07-14 06:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-17 23:30 - 2009-07-14 06:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-17 23:28 - 2014-08-09 17:55 - 00000000 ____D C:\Users\Sophie\AppData\Roaming\360safe
2015-06-17 23:10 - 2012-04-28 22:53 - 01369886 _____ C:\Windows\WindowsUpdate.log
2015-06-17 22:26 - 2012-05-05 16:10 - 00000000 ____D C:\Users\Sophie\AppData\Local\CrashDumps
2015-06-17 21:23 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2015-06-17 21:18 - 2012-05-04 19:50 - 00000000 ____D C:\Users\Sophie\Documents\Bluetooth Folder
2015-06-17 20:44 - 2012-04-29 06:05 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-17 20:10 - 2012-05-07 18:08 - 00000000 ____D C:\Users\Sophie\AppData\Local\Nero
2015-06-17 19:52 - 2015-05-06 21:41 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-17 19:50 - 2013-04-30 04:07 - 00000000 ___RD C:\Users\Sophie\Google Drive
2015-06-17 19:50 - 2012-05-23 17:17 - 00000000 ____D C:\Users\Sophie\AppData\Roaming\Skype
2015-06-17 11:56 - 2012-05-04 19:49 - 00001371 _____ C:\Users\Sophie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-17 11:17 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-17 11:16 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2015-06-17 11:16 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2015-06-17 11:16 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\zh-HK
2015-06-17 11:16 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\tr-TR
2015-06-17 10:42 - 2014-04-28 19:49 - 00000000 ____D C:\Users\Sophie\AppData\Roaming\Spotify
2015-06-17 09:45 - 2014-04-28 19:51 - 00000000 ____D C:\Users\Sophie\AppData\Local\Spotify
2015-06-16 20:47 - 2015-04-01 13:54 - 00003484 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-06-16 19:28 - 2014-11-07 19:56 - 00000000 __SHD C:\360Rec
2015-06-15 12:50 - 2014-09-20 15:23 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-06-14 11:44 - 2013-04-30 04:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-06-12 11:08 - 2012-07-29 13:30 - 00012702 _____ C:\Users\Sophie\Documents\NewDatabase_Keypass.kdbx
2015-06-10 11:44 - 2012-04-29 06:05 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-10 11:44 - 2012-04-29 06:05 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-10 11:44 - 2012-04-29 06:05 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-05-26 21:22 - 2015-05-06 11:18 - 00000000 ____D C:\Users\Sophie\Documents\Bafög
2015-05-19 09:49 - 2015-05-06 08:38 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-18 21:45 - 2013-04-30 04:04 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-18 21:45 - 2013-04-30 04:04 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-18 21:45 - 2013-04-30 04:04 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-18 21:45 - 2013-04-30 04:04 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

==================== Files in the root of some directories =======

2012-08-20 15:06 - 2012-08-21 18:22 - 0000000 ____H () C:\Users\Sophie\AppData\Roaming\windrvconfig.txt
2013-05-13 22:49 - 2013-05-13 22:49 - 0000084 _____ () C:\Users\Sophie\AppData\Local\DVDPATH.TXT
2012-05-13 07:53 - 2012-05-13 07:53 - 0000000 _____ () C:\Users\Sophie\AppData\Local\rx_image32.Cache

ZeroAccess:
C:\Windows\Installer\{07520515-0e79-69ef-f5fa-e9a7dd55b95b}
C:\Windows\Installer\{07520515-0e79-69ef-f5fa-e9a7dd55b95b}\L\00000004.@

ZeroAccess:
C:\Users\Sophie\AppData\Local\{07520515-0e79-69ef-f5fa-e9a7dd55b95b}

Files to move or delete:
====================
C:\Users\Sophie\ChromeSetup.exe
C:\Users\Sophie\FirefoxSetup.exe
C:\Users\Sophie\Opera_1202_int_Setup.exe
C:\Users\Sophie\SkypeSetup.exe


Some files in TEMP:
====================
C:\Users\Sophie\AppData\Local\Temp\AutoRun.exe
C:\Users\Sophie\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Sophie\AppData\Local\Temp\BundleSweetIMSetup.exe
C:\Users\Sophie\AppData\Local\Temp\conduitinstaller.exe
C:\Users\Sophie\AppData\Local\Temp\eauninstall.exe
C:\Users\Sophie\AppData\Local\Temp\First15.exe
C:\Users\Sophie\AppData\Local\Temp\FreemakeVideoDownloader_3.5.0.3.exe
C:\Users\Sophie\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Sophie\AppData\Local\Temp\installhelper.dll
C:\Users\Sophie\AppData\Local\Temp\MybabylonTB.exe
C:\Users\Sophie\AppData\Local\Temp\propsys.dll
C:\Users\Sophie\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Sophie\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\Sophie\AppData\Local\Temp\tbWinl.dll
C:\Users\Sophie\AppData\Local\Temp\The Sims 2_uninst.exe
C:\Users\Sophie\AppData\Local\Temp\VP6Install.exe
C:\Users\Sophie\AppData\Local\Temp\VP6VFW.dll
C:\Users\Sophie\AppData\Local\Temp\wzvbpyr6.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-05 20:13

==================== End of log ============================

Addition.txt:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by Sophie at 2015-06-17 23:40:33
Running from C:\Users\Sophie\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3075084587-570557683-2351437684-500 - Administrator - Disabled)
Gast (S-1-5-21-3075084587-570557683-2351437684-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3075084587-570557683-2351437684-1002 - Limited - Enabled)
Sophie (S-1-5-21-3075084587-570557683-2351437684-1000 - Administrator - Enabled) => C:\Users\Sophie

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: 360 Internet Security (Enabled - Up to date) {2B66EE1E-E5C8-C2F7-648F-4E55AC68D37D}
AS: 360 Internet Security (Enabled - Up to date) {90070FFA-C3F2-CD79-5E3F-7527D7EF99C0}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

360 Internet Security (HKLM-x32\...\360 Internet Security) (Version: 4.9.0.4900 - Qihu 360 Software Co., Ltd.)
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Apple Application Support (32-Bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.83 - Atheros Communications)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - ‪Canon Inc.‬)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
Canon MG4200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4200_series) (Version: 1.02 - Canon Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{3E90B7F4-1817-4405-B4A5-E4EA5EC0E2B3}) (Version: 1.6.225.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.130 - ArcSoft)
Dell Stage (HKLM-x32\...\{E2F57269-065E-4B19-8CDA-AB6C401FAF1A}) (Version: 1.7.209.0 - Fingertapps)
Dell Stage Remote (HKLM-x32\...\{AF4D3C63-009B-4A17-B02E-D395065DD3F0}) (Version: 2.0.0.43 - ArcSoft)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.81 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1209.101.204 - ALPS ELECTRIC CO., LTD.)
Dell VideoStage  (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.3.0.2513 - CyberLink Corp.)
Dell VideoStage  (x32 Version: 1.3.0.2513 - CyberLink Corp.) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Dell Inc.)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.20.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON-Drucker-Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
FotoWorks XL 2013 (HKLM-x32\...\FotoWorks XL 2013_is1) (Version: Aktuelle Version - IN MEDIA KG)
Google Drive (HKLM-x32\...\{CBC9F5FD-5CFA-4A33-81CD-369EAB77E3A6}) (Version: 1.22.9403.0223 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
High-Definition Video Playback (x32 Version: 11.1.11500.4.273 - Nero AG) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2455 - Intel Corporation)
iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MD Adressbuch 2012 (HKLM-x32\...\MD Adressbuch 2012_is1) (Version:  - Stefan Göppert Softwareentwicklung)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10329.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-3075084587-570557683-2351437684-1000\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Monkey Island 2: Special Edition (HKLM-x32\...\Steam App 32460) (Version:  - LucasArts)
MotoConnect (HKLM-x32\...\{77A1AE2C-C17A-405C-91C0-8FB90144D7C3}) (Version: 1.1.21 - Motorola)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.0.15 - Dell Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6353 - Realtek Semiconductor Corp.)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Spotify (HKU\S-1-5-21-3075084587-570557683-2351437684-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SyncUP (HKLM-x32\...\{D92C9CCE-E5F0-4125-977A-0590F3225B74}) (Version: 10.2.16100 - Nero AG)
SyncUP (x32 Version: 1.12.11200.10.102 - Nero AG) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3075084587-570557683-2351437684-1000_Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 -> C:\Users\Sophie\AppData\Local\{07520515-0e79-69ef-f5fa-e9a7dd55b95b}\n. No File
CustomCLSID: HKU\S-1-5-21-3075084587-570557683-2351437684-1000_Classes\CLSID\{6C952F8F-E5A0-497C-8C33-1200CA9D4F08}\InprocServer32 -> C:\ProgramData\{D612DEA7-41A3-483A-9F90-A49A62502B1B}\mmsys.dll ()
CustomCLSID: HKU\S-1-5-21-3075084587-570557683-2351437684-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Sophie\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3075084587-570557683-2351437684-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Sophie\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3075084587-570557683-2351437684-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Sophie\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3075084587-570557683-2351437684-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Sophie\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

10-01-2015 16:58:50 Geplanter Prüfpunkt
10-05-2015 22:11:30 DirectX wurde installiert
18-05-2015 11:17:07 Windows Modules Installer

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {024CBB05-9A9D-4D6F-9401-0EE4EC155101} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-03-20] (PC-Doctor, Inc.)
Task: {24E93578-2183-4EA5-ADEF-961E26129646} - System32\Tasks\{EC32F93E-1D0D-45D3-AE73-859528A77F24} => D:\INSTALL\SETUP.EXE [1997-03-04] (InstallShield Corporation, Inc.)
Task: {3783029C-95B7-4D9A-ADCC-A4E7CE5631F7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-30] (Google Inc.)
Task: {7B5C19D6-893B-4904-85BE-FE2442FC3E60} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8161D845-CB53-4B26-98C4-896962172FBA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-10] (Adobe Systems Incorporated)
Task: {8C3B1EE2-EB1E-4400-A51C-F7F11EB17B66} - System32\Tasks\{C816FFCC-04B6-4452-9AB2-D96D3AC7EBA4} => D:\INSTALL\SETUP.EXE [1997-03-04] (InstallShield Corporation, Inc.)
Task: {ABCB468A-D1EA-4D7F-8971-E5E8516936CA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {BF11911A-0C0F-4ABC-802E-EA3AAA808F75} - System32\Tasks\{F6987D77-82FF-41CB-BC99-0766D4208D8E} => pcalua.exe -a "C:\Users\Sophie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A8DU5T0Y\epson325182eu (1).exe" -d C:\Users\Sophie\Desktop
Task: {C3044A16-7D69-449A-832D-14AE084BC8D7} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {C8D78C96-1D39-47FF-865E-E4219339A55D} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-03-20] (PC-Doctor, Inc.)
Task: {FA73952A-0ECB-4A1E-9B62-E1741E86980D} - System32\Tasks\{0FD8DE56-6D91-4BEB-81C4-6ED19E3313E6} => D:\INSTALL\SETUP.EXE [1997-03-04] (InstallShield Corporation, Inc.)
Task: {FAE20E52-E3EA-4396-B39F-2823883D6BD1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-30] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-04-29 06:55 - 2012-01-27 04:49 - 02751808 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2012-04-29 07:15 - 2011-07-20 15:04 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-06-28 02:26 - 2011-06-28 02:26 - 02022976 _____ () C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
2011-06-29 15:52 - 2011-06-29 15:52 - 00474176 _____ () C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
2010-03-17 03:28 - 2010-03-17 03:28 - 01926144 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll
2010-03-22 22:52 - 2010-03-22 22:52 - 06776832 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll
2010-03-17 03:28 - 2010-03-17 03:28 - 00635904 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll
2010-03-17 03:28 - 2010-03-17 03:28 - 00326144 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll
2011-06-25 06:20 - 2011-06-25 06:20 - 00565968 _____ () C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll
2011-06-28 02:25 - 2011-06-28 02:25 - 00058944 _____ () C:\Program Files (x86)\Dell\Stage Remote\DataService.dll
2011-06-25 06:32 - 2011-06-25 06:32 - 00323136 _____ () C:\Program Files (x86)\Dell\Stage Remote\de-DE\UI\ManagerUI.dll
2010-03-12 02:52 - 2010-03-12 02:52 - 00028160 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll
2010-03-05 22:07 - 2010-03-05 22:07 - 00031744 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll
2010-03-05 22:07 - 2010-03-05 22:07 - 00125952 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll
2010-03-12 02:52 - 2010-03-12 02:52 - 00225280 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3075084587-570557683-2351437684-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Sophie\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: ABBYY.Licensing.FineReader.Sprint.9.0 => 2
MSCONFIG\Services: Adobe LM Service => 3
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: EpsonCustomerParticipation => 2
MSCONFIG\Services: EPSON_PM_RPCV4_01 => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MotoConnect Service => 2
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: RoxMediaDB12OEM => 3
MSCONFIG\Services: RoxWatch12 => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: stllssvr => 3
MSCONFIG\Services: wlidsvc => 2
MSCONFIG\startupfolder: C:^Users^Sophie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk => C:\Windows\pss\Adobe Gamma.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Sophie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupreg: AccuWeatherWidget => "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: EPSON Stylus D92 Series (Kopie 1) => C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBZE.EXE /FU "C:\Windows\TEMP\E_S14C9.tmp" /EF "HKCU"
MSCONFIG\startupreg: FUFAXRCV => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
MSCONFIG\startupreg: FUFAXSTM => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: NeroLauncher => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Sophie\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/17/2015 11:37:09 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (06/17/2015 11:37:09 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (06/17/2015 11:37:08 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (06/17/2015 11:33:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/17/2015 11:27:01 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (06/17/2015 11:27:01 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (06/17/2015 11:27:01 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (06/17/2015 11:23:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/17/2015 10:24:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ctfmon.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc599
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000025359
ID des fehlerhaften Prozesses: 0xc98
Startzeit der fehlerhaften Anwendung: 0xctfmon.exe0
Pfad der fehlerhaften Anwendung: ctfmon.exe1
Pfad des fehlerhaften Moduls: ctfmon.exe2
Berichtskennung: ctfmon.exe3

Error: (06/17/2015 09:33:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (06/17/2015 11:34:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%-2147024891

Error: (06/17/2015 11:34:25 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: 
%%-2147024891

Error: (06/17/2015 11:32:11 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: 
%%-2147024891

Error: (06/17/2015 11:32:07 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Windows-Firewall" wurde mit folgendem dienstspezifischem Fehler beendet: %%5.

Error: (06/17/2015 11:31:12 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT-AUTORITÄT)
Description: 0x8000002a45\??\C:\System Volume Information\Syscache.hve

Error: (06/17/2015 11:23:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%-2147024891

Error: (06/17/2015 11:23:34 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: 
%%-2147024891

Error: (06/17/2015 11:22:28 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: 
%%-2147024891

Error: (06/17/2015 11:22:27 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Windows-Firewall" wurde mit folgendem dienstspezifischem Fehler beendet: %%5.

Error: (06/17/2015 11:22:19 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.


Microsoft Office:
=========================
Error: (06/17/2015 11:37:09 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (06/17/2015 11:37:09 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (06/17/2015 11:37:08 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (06/17/2015 11:33:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/17/2015 11:27:01 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (06/17/2015 11:27:01 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (06/17/2015 11:27:01 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (06/17/2015 11:23:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/17/2015 10:24:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ctfmon.exe6.1.7600.163854a5bc599ntdll.dll6.1.7601.18247521eaf24c00000050000000000025359c9801d0a93a531b6d28C:\Windows\system32\ctfmon.exeC:\Windows\SYSTEM32\ntdll.dlle4c42dc9-152e-11e5-9468-848f69d1bfc1

Error: (06/17/2015 09:33:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz
Percentage of memory in use: 41%
Total physical RAM: 3990.17 MB
Available physical RAM: 2327.15 MB
Total Pagefile: 7978.52 MB
Available Pagefile: 6058.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:446.13 GB) (Free:348.03 GB) NTFS
Drive d: (MONKEY3_1) (CDROM) (Total:0.66 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 07F2837E)
Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)
Partition 2: (Active) - (Size=19.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=446.1 GB) - (Type=07 NTFS)

==================== End of log ============================

GMER:

Code:

ATTFilter

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-06-18 09:15:36
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.D005 465,76GB
Running: pybic4e9.exe; Driver: C:\Users\Sophie\AppData\Local\Temp\pwdiqpow.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                    fffff800033f6000 45 bytes [00, 00, 15, 02, 46, 69, 6C, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575                                    fffff800033f602f 18 bytes [00, 00, 00, 00, 00, 00, 00, ...]

---- Threads - GMER 2.1 ----

Thread    C:\Windows\System32\svchost.exe [120:4476]                                                            000007fef83544e0
Thread    C:\Windows\System32\svchost.exe [120:5096]                                                            000007fef836d710
Thread    C:\Windows\system32\svchost.exe [544:1568]                                                            000007fefa581e00
Thread    C:\Windows\system32\svchost.exe [544:1572]                                                            000007fefa4d1a50
Thread    C:\Windows\system32\svchost.exe [544:1700]                                                            000007fefd3f1a70
Thread    C:\Windows\system32\svchost.exe [544:2156]                                                            000007fefd3f1a70
Thread    C:\Windows\system32\svchost.exe [544:3952]                                                            000007fef3c8506c
Thread    C:\Windows\system32\svchost.exe [544:3956]                                                            000007fef7981c20
Thread    C:\Windows\system32\svchost.exe [544:3968]                                                            000007fef7981c20
Thread    C:\Windows\system32\svchost.exe [544:4564]                                                            000007fefb574164
Thread    C:\Windows\system32\svchost.exe [544:348]                                                             000007fef7c71ab0
Thread    C:\Windows\SysWOW64\ntdll.dll [1224:1228]                                                             00000000004145ec
Thread    C:\Windows\SysWOW64\ntdll.dll [1224:1348]                                                             00000000004103c1
Thread    C:\Windows\SysWOW64\ntdll.dll [1224:1352]                                                             0000000000411dda
Thread    C:\Windows\SysWOW64\ntdll.dll [1224:1420]                                                             00000000011b0510
Thread    C:\Windows\SysWOW64\ntdll.dll [1224:1428]                                                             0000000073b4bd7f
Thread    C:\Windows\SysWOW64\ntdll.dll [1224:1432]                                                             0000000073b4267f
Thread    C:\Windows\SysWOW64\ntdll.dll [1224:1436]                                                             0000000073b45be1
Thread    C:\Windows\System32\spoolsv.exe [1600:1784]                                                           000007fefa0410c8
Thread    C:\Windows\System32\spoolsv.exe [1600:1792]                                                           000007fefa006144
Thread    C:\Windows\System32\spoolsv.exe [1600:1816]                                                           000007fef9df5fd0
Thread    C:\Windows\System32\spoolsv.exe [1600:1820]                                                           000007fef9de3438
Thread    C:\Windows\System32\spoolsv.exe [1600:1824]                                                           000007fef9df63ec
Thread    C:\Windows\System32\spoolsv.exe [1600:1832]                                                           000007fefa135e5c
Thread    C:\Windows\System32\spoolsv.exe [1600:1072]                                                           0000000001b0c200
Thread     [1900:1920]                                                                                          00000000738e1dbc
Thread     [1900:1924]                                                                                          00000000738e1dbc
Thread     [1900:1928]                                                                                          00000000738e1dbc
Thread     [1900:888]                                                                                           000007fef9868330
Thread     [1900:2372]                                                                                          0000000077c3aef0
Thread     [1900:3368]                                                                                          000007fef9868330
Thread     [1900:1496]                                                                                          000007fef9868330
Thread     [1900:4644]                                                                                          000007fef9868330
Thread     [1900:4996]                                                                                          0000000077c3fbf0
Thread    C:\Windows\SysWOW64\ntdll.dll [1932:1936]                                                             0000000000410ba5
Thread    C:\Windows\SysWOW64\ntdll.dll [1932:1956]                                                             0000000000403740
Thread    C:\Windows\SysWOW64\ntdll.dll [1932:1960]                                                             0000000000403a10
Thread    C:\Windows\SysWOW64\ntdll.dll [1932:1976]                                                             00000000725a52c9
Thread    C:\Windows\SysWOW64\ntdll.dll [1916:1992]                                                             00000000001d47ae
Thread    C:\Windows\Explorer.EXE [2504:2640]                                                                   000000000283e5a0
Thread    C:\Windows\Explorer.EXE [2504:2620]                                                                   000000000283e5a0
Thread    C:\Windows\Explorer.EXE [2504:2644]                                                                   000000000283e5a0
Thread    C:\Windows\Explorer.EXE [2504:2656]                                                                   000000000283e5a0
Thread    C:\Windows\Explorer.EXE [2504:2624]                                                                   000000000283e5a0
Thread    C:\Windows\Explorer.EXE [2504:4668]                                                                   000000000283e5a0
Thread    C:\Windows\Explorer.EXE [2504:4672]                                                                   000000000283e5a0
Thread    C:\Windows\Explorer.EXE [2504:4656]                                                                   000000000283e5a0
Thread    C:\Windows\Explorer.EXE [2504:4652]                                                                   000000000283e5a0
Thread    C:\Windows\SysWOW64\ntdll.dll [2704:2708]                                                             0000000000f1e7fe
Thread    C:\Windows\SysWOW64\ntdll.dll [2704:2164]                                                             00000000717332fb
Thread    C:\Windows\SysWOW64\ntdll.dll [2704:2632]                                                             000000006d16b684
Thread    C:\Windows\SysWOW64\ntdll.dll [2752:2756]                                                             0000000001454486
Thread    C:\Windows\SysWOW64\ntdll.dll [2352:2348]                                                             00000000000d52bb
Thread    C:\Windows\SysWOW64\ntdll.dll [3164:3168]                                                             0000000000e78596
Thread    C:\Windows\SysWOW64\ntdll.dll [3164:3204]                                                             0000000000e739c0
Thread    C:\Windows\SysWOW64\ntdll.dll [3164:3208]                                                             0000000000e74070
Thread    C:\Windows\SysWOW64\ntdll.dll [3164:3212]                                                             0000000000e740b0
Thread    C:\Windows\SysWOW64\ntdll.dll [3164:3216]                                                             0000000000e740d0
Thread    C:\Windows\SysWOW64\ntdll.dll [3164:3220]                                                             0000000000e713a0
Thread    C:\Windows\SysWOW64\ntdll.dll [3164:3372]                                                             0000000000e71cc0
Thread    C:\Windows\SysWOW64\ntdll.dll [3164:3376]                                                             0000000000e713a0
Thread    C:\Windows\SysWOW64\ntdll.dll [3464:3468]                                                             0000000000411d60
Thread    C:\Windows\SysWOW64\ntdll.dll [3464:3640]                                                             0000000000411858
Thread    C:\Windows\SysWOW64\ntdll.dll [1384:1296]                                                             000000000042e998
Thread    C:\Windows\SysWOW64\ntdll.dll [516:4916]                                                              00000000005b3fd8
Thread    C:\Windows\SysWOW64\ntdll.dll [516:3612]                                                              00000000005b56ad
Thread    C:\Windows\SysWOW64\ntdll.dll [516:3604]                                                              00000000005b56ad
Thread    C:\Windows\SysWOW64\ntdll.dll [516:3500]                                                              00000000005b56ad
Thread    C:\Windows\SysWOW64\ntdll.dll [516:2308]                                                              00000000005b56ad
Thread    C:\Windows\SysWOW64\ntdll.dll [516:4756]                                                              00000000005b56ad
Thread    C:\Windows\SysWOW64\ntdll.dll [516:4160]                                                              00000000005b56ad
Thread    C:\Windows\SysWOW64\ntdll.dll [516:4020]                                                              00000000005b56ad
Thread    C:\Windows\SysWOW64\ntdll.dll [516:4140]                                                              00000000005b56ad
Thread    C:\Windows\SysWOW64\ntdll.dll [516:4008]                                                              00000000005b56ad
Thread    C:\Windows\SysWOW64\ntdll.dll [516:4016]                                                              00000000005b56ad

---- Registry - GMER 2.1 ----

Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\08edb945fa66                           
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                      
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\08edb945fa66 (not active ControlSet)       
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)  

---- EOF - GMER 2.1 ----

schrauber · 18.06.2015, 19:44

Hi,

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

renet · 27.06.2015, 20:36

Hallo, sorry für die späte Antwort. Wir waren im Urlaub und danach krank. Ich habe mbar.exe 2x ausgeführt. Beim ersten Mal mit Funden, die ich bereinigen ließ. Beim zweiten Mal wurde nichts weiter gefunden.

Anschließend führte ich TDSSKiller.exe aus, welches jedoch keine Funde hervorbrachte.

Hier die Log-Dateien.

mbar.exe mit Funden:

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.06.18.05
  rootkit: v2015.06.15.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17801
Sophie :: SOPHIE-PC [administrator]

18.06.2015 22:47:38
mbar-log-2015-06-18 (22-47-38).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 408146
Time elapsed: 1 hour(s), 24 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 6
HKLM\SOFTWARE\CLASSES\CLSID\{6C952F8F-E5A0-497C-8C33-1200CA9D4F08} (Trojan.UKLED.ED) -> Delete on reboot. [aa83caf2b4d653e3c079d999e81aad53]
HKU\S-1-5-21-3075084587-570557683-2351437684-1000_Classes\CLSID\{6C952F8F-E5A0-497C-8C33-1200CA9D4F08} (Trojan.UKLED.ED) -> Delete on reboot. [aa83caf2b4d653e3c079d999e81aad53]
HKU\S-1-5-21-3075084587-570557683-2351437684-1000_Classes\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Delete on reboot. [b578ae0e602ab18579c0928c09fc3fc1]
HKU\S-1-5-21-3075084587-570557683-2351437684-1000_Classes\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1} (Trojan.Zaccess) -> Delete on reboot. [b578ae0e602ab18579c0928c09fc3fc1]
HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1} (Trojan.Zaccess) -> Delete on reboot. [b578ae0e602ab18579c0928c09fc3fc1]
HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1} (Trojan.Zaccess) -> Delete on reboot. [b578ae0e602ab18579c0928c09fc3fc1]

Registry Values Detected: 1
HKU\S-1-5-21-3075084587-570557683-2351437684-1000_Classes\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32| (Trojan.Zaccess) -> Data: C:\Users\Sophie\AppData\Local\{07520515-0e79-69ef-f5fa-e9a7dd55b95b}\n. -> Delete on reboot. [b578ae0e602ab18579c0928c09fc3fc1]

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\ProgramData\{D612DEA7-41A3-483A-9F90-A49A62502B1B}\mmsys.dll (Trojan.UKLED.ED) -> Delete on reboot. [aa83caf2b4d653e3c079d999e81aad53]
C:\Users\Sophie\AppData\Local\Temp\Low\rad3091E.tmp.exe (Trojan.Dorkbot.ED) -> Delete on reboot. [8ba2229a1872d066a2a4b8bde71a5da3]
C:\Users\Sophie\AppData\Local\Temp\Low\radD1A28.tmp.exe (Trojan.VBKrypt) -> Delete on reboot. [2a0303b97317e94d552e5fcc5ba540c0]
C:\Windows\Installer\{07520515-0e79-69ef-f5fa-e9a7dd55b95b}\L\00000004.@ (Backdoor.0Access) -> Delete on reboot. [59d47547424875c17a0fc937867a05fb]

Physical Sectors Detected: 0
(No malicious items detected)

(end)

mbar.exe ohne Funde:

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.06.27.03
  rootkit: v2015.06.26.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17801
Sophie :: SOPHIE-PC [administrator]

27.06.2015 19:51:14
mbar-log-2015-06-27 (19-51-14).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 408739
Time elapsed: 1 hour(s), 10 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

TDSSKiller.exe:

Code:

ATTFilter

21:26:56.0707 0x1478  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
21:27:03.0698 0x1478  ============================================================
21:27:03.0714 0x1478  Current date / time: 2015/06/27 21:27:03.0698
21:27:03.0714 0x1478  SystemInfo:
21:27:03.0714 0x1478  
21:27:03.0714 0x1478  OS Version: 6.1.7601 ServicePack: 1.0
21:27:03.0714 0x1478  Product type: Workstation
21:27:03.0714 0x1478  ComputerName: SOPHIE-PC
21:27:03.0714 0x1478  UserName: Sophie
21:27:03.0714 0x1478  Windows directory: C:\Windows
21:27:03.0714 0x1478  System windows directory: C:\Windows
21:27:03.0714 0x1478  Running under WOW64
21:27:03.0714 0x1478  Processor architecture: Intel x64
21:27:03.0714 0x1478  Number of processors: 4
21:27:03.0714 0x1478  Page size: 0x1000
21:27:03.0714 0x1478  Boot type: Normal boot
21:27:03.0714 0x1478  ============================================================
21:27:04.0522 0x1478  KLMD registered as C:\Windows\system32\drivers\03708703.sys
21:27:04.0797 0x1478  System UUID: {9D9D69F7-0A61-6218-F5DF-286535E4E92E}
21:27:05.0751 0x1478  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:27:05.0759 0x1478  ============================================================
21:27:05.0759 0x1478  \Device\Harddisk0\DR0:
21:27:05.0759 0x1478  MBR partitions:
21:27:05.0759 0x1478  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x34000, BlocksNum 0x2710000
21:27:05.0759 0x1478  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2744000, BlocksNum 0x37C41830
21:27:05.0759 0x1478  ============================================================
21:27:05.0790 0x1478  C: <-> \Device\Harddisk0\DR0\Partition2
21:27:05.0790 0x1478  ============================================================
21:27:05.0790 0x1478  Initialize success
21:27:05.0790 0x1478  ============================================================
21:28:22.0992 0x1630  ============================================================
21:28:22.0992 0x1630  Scan started
21:28:22.0992 0x1630  Mode: Manual; SigCheck; TDLFS; 
21:28:22.0992 0x1630  ============================================================
21:28:22.0992 0x1630  KSN ping started
21:28:32.0138 0x1630  KSN ping finished: true
21:28:33.0194 0x1630  ================ Scan system memory ========================
21:28:33.0194 0x1630  System memory - ok
21:28:33.0209 0x1630  ================ Scan services =============================
21:28:33.0402 0x1630  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
21:28:33.0632 0x1630  1394ohci - ok
21:28:33.0732 0x1630  [ 4B939E9D89712A8053AD609B36C20EF4, 04C8E3A994F3D6E99FD1BD2461E8F85C843E97613075A17883D78DBDFD89294D ] 360AntiHacker   C:\Windows\system32\Drivers\360AntiHacker64.sys
21:28:33.0784 0x1630  360AntiHacker - ok
21:28:33.0849 0x1630  [ 1E851ECB2FAFE6677B9188E899DA424C, FD992BEC4F90C03CDDD719BA65B012474B8829F24F8D2CD7146B26262C773F13 ] 360AvFlt        C:\Windows\system32\DRIVERS\360AvFlt.sys
21:28:33.0877 0x1630  360AvFlt - ok
21:28:33.0928 0x1630  [ 47F0F30B0499E3665C801773A9FA5A03, 500787D3276ABC686CF9F8B969A0B1054F1F2F6155F9911F28AC7A89050E9421 ] 360Box64        C:\Windows\system32\DRIVERS\360Box64.sys
21:28:34.0001 0x1630  360Box64 - ok
21:28:34.0032 0x1630  [ BE5852CE60598FDE3B4D60A25E297277, E08ACDB5D7A750E1CD120B72575DD6BC657F40C6B0D7E825F9739D00B3FECEC2 ] 360Camera       C:\Windows\system32\Drivers\360Camera64.sys
21:28:34.0060 0x1630  360Camera - ok
21:28:34.0143 0x1630  [ 5760CF20D7B6CBC6D6A03AF2D9B4D766, E24180193EB67C663CEFB789BD0A445E40FF1F4F4EBD28F2CBA019398B2FA6AA ] 360fsflt        C:\Windows\system32\DRIVERS\360FsFlt.sys
21:28:34.0194 0x1630  360fsflt - ok
21:28:34.0321 0x1630  [ 673F147D5ECECF33D381F8321BCDD36E, 55F8380AC98287188B046F4523F91C1D5C2ACE77D4B747E3EAA2B196EDE42F56 ] 360rp           C:\Program Files\360\360 Internet Security\360rps.exe
21:28:34.0380 0x1630  360rp - ok
21:28:34.0531 0x1630  [ B33CF4DE909A5B30F526D82053A63C8E, ABF5BB962C038E545C18B96E686E072D780C907096C7BB341297AF31D3703ABD ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
21:28:34.0667 0x1630  ABBYY.Licensing.FineReader.Sprint.9.0 - ok
21:28:34.0726 0x1630  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
21:28:34.0798 0x1630  ACPI - ok
21:28:34.0816 0x1630  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
21:28:34.0919 0x1630  AcpiPmi - ok
21:28:34.0991 0x1630  [ 8B46D5A1D3EF08232C04D0EAFB871FB2, 5306F8452EF675851CB0015F9E5C5EB750137D6D65C9CB7E47F8EF5B10A44D10 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
21:28:35.0028 0x1630  Adobe LM Service - detected UnsignedFile.Multi.Generic ( 1 )
21:28:37.0529 0x1630  Detect skipped due to KSN trusted
21:28:37.0529 0x1630  Adobe LM Service - ok
21:28:37.0630 0x1630  [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:28:37.0677 0x1630  AdobeARMservice - ok
21:28:37.0798 0x1630  [ 00CC35F515079F5F94FABC3AC5C7D363, 7CE8B1715009602059DEDD6CBCA9C18EF079EDA344E7809813D6C0A395622B82 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:28:37.0849 0x1630  AdobeFlashPlayerUpdateSvc - ok
21:28:37.0934 0x1630  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
21:28:38.0009 0x1630  adp94xx - ok
21:28:38.0068 0x1630  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
21:28:38.0133 0x1630  adpahci - ok
21:28:38.0167 0x1630  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
21:28:38.0216 0x1630  adpu320 - ok
21:28:38.0252 0x1630  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:28:38.0462 0x1630  AeLookupSvc - ok
21:28:38.0514 0x1630  [ D1E343BC00136CE03C4D403194D06A80, 94F2543164A2CEA179EDE53E1294EE24391A59CAEFF83BA5CE9385E8E686E89C ] AERTFilters     C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
21:28:38.0547 0x1630  AERTFilters - ok
21:28:38.0640 0x1630  [ 314C17917AC8523EC77A710215012A65, 725CF2D5F63C06F7704C24FE0CFA696215DADC6C0EC445D9671E82F8E23E56AD ] AFD             C:\Windows\system32\drivers\afd.sys
21:28:38.0740 0x1630  AFD - ok
21:28:38.0784 0x1630  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
21:28:38.0815 0x1630  agp440 - ok
21:28:38.0851 0x1630  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
21:28:38.0913 0x1630  ALG - ok
21:28:38.0944 0x1630  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
21:28:38.0980 0x1630  aliide - ok
21:28:38.0996 0x1630  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
21:28:39.0027 0x1630  amdide - ok
21:28:39.0058 0x1630  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
21:28:39.0097 0x1630  AmdK8 - ok
21:28:39.0128 0x1630  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
21:28:39.0183 0x1630  AmdPPM - ok
21:28:39.0198 0x1630  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
21:28:39.0244 0x1630  amdsata - ok
21:28:39.0276 0x1630  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
21:28:39.0322 0x1630  amdsbs - ok
21:28:39.0343 0x1630  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
21:28:39.0377 0x1630  amdxata - ok
21:28:39.0434 0x1630  [ 24ED0EB2B2558970176ECEE680F8F806, 262473534CBFB6DBA5258A981025BA4AB86BB06D9031A7379F1DFE48F69D789D ] ApfiltrService  C:\Windows\system32\DRIVERS\Apfiltr.sys
21:28:39.0485 0x1630  ApfiltrService - ok
21:28:39.0537 0x1630  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
21:28:39.0751 0x1630  AppID - ok
21:28:39.0785 0x1630  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
21:28:39.0899 0x1630  AppIDSvc - ok
21:28:39.0922 0x1630  [ 3977D4A871CA0D4F2ED1E7DB46829731, 2AF1C3225994769C3FD25CD7E9603964B035576F25B0B6D91545566E0722FFAA ] Appinfo         C:\Windows\System32\appinfo.dll
21:28:40.0041 0x1630  Appinfo - ok
21:28:40.0146 0x1630  [ 612CB66D93ED0F2F21BB109840C7D813, 75484123DA27B8942B13148FCF061C75A08A50386A095143736B593E9C772173 ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:28:40.0178 0x1630  Apple Mobile Device Service - ok
21:28:40.0208 0x1630  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
21:28:40.0239 0x1630  arc - ok
21:28:40.0288 0x1630  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
21:28:40.0319 0x1630  arcsas - ok
21:28:40.0441 0x1630  [ 9217D874131AE6FF8F642F124F00A555, BE2923D5AA7748FDAAED73AF567D015517B36F1C739C6E5637DD15112EFDF495 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:28:40.0472 0x1630  aspnet_state - ok
21:28:40.0500 0x1630  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:28:40.0604 0x1630  AsyncMac - ok
21:28:40.0640 0x1630  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
21:28:40.0676 0x1630  atapi - ok
21:28:40.0728 0x1630  [ CBE61B4494165F458BD87E37181EE934, E95654DCC0F977A3604B6BE435BEE109AC8F9F7494FD3A132F5FB477BBF7B105 ] AthBTPort       C:\Windows\system32\DRIVERS\btath_flt.sys
21:28:40.0785 0x1630  AthBTPort - ok
21:28:40.0867 0x1630  [ 650F111D5CDA64C10AE4B9D1BA9D4FFF, 99AD83993D724538687F084318404DBF314C2249AB593AF9DD3783B0AB6B3B25 ] Atheros Bt&Wlan Coex Agent C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
21:28:40.0919 0x1630  Atheros Bt&Wlan Coex Agent - detected UnsignedFile.Multi.Generic ( 1 )
21:28:43.0395 0x1630  Detect skipped due to KSN trusted
21:28:43.0395 0x1630  Atheros Bt&Wlan Coex Agent - ok
21:28:43.0446 0x1630  [ 44FB485B94A8332D877F659366CEDBC8, 4CCA7D7FB3E7DEB8977B070C6BBC8315F2DB9FE66ADCB8A6A355A0C138EC6463 ] AtherosSvc      C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
21:28:43.0480 0x1630  AtherosSvc - detected UnsignedFile.Multi.Generic ( 1 )
21:28:45.0959 0x1630  Detect skipped due to KSN trusted
21:28:45.0959 0x1630  AtherosSvc - ok
21:28:46.0185 0x1630  [ 5493ED5D300AFC7A9A0A87FCA08E5381, 654869EB4D295317921BC3855D4FE5D3FE6031DC7655EA1805347DA8E5177FFA ] athr            C:\Windows\system32\DRIVERS\athrx.sys
21:28:46.0510 0x1630  athr - ok
21:28:46.0603 0x1630  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:28:46.0785 0x1630  AudioEndpointBuilder - ok
21:28:46.0868 0x1630  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
21:28:47.0026 0x1630  AudioSrv - ok
21:28:47.0098 0x1630  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
21:28:47.0204 0x1630  AxInstSV - ok
21:28:47.0260 0x1630  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
21:28:47.0373 0x1630  b06bdrv - ok
21:28:47.0420 0x1630  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
21:28:47.0531 0x1630  b57nd60a - ok
21:28:47.0576 0x1630  [ D33811D3113C05B8485BF497B6CB50A9, 9D06F31A3DE38D6FEEF92A32A0B8F0B017A01A585D9A9065AB6E69381EAB5A94 ] BAPIDRV         C:\Windows\system32\DRIVERS\BAPIDRV64.sys
21:28:47.0623 0x1630  BAPIDRV - ok
21:28:47.0674 0x1630  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
21:28:47.0741 0x1630  BDESVC - ok
21:28:47.0756 0x1630  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:28:47.0862 0x1630  Beep - ok
21:28:47.0962 0x1630  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
21:28:48.0140 0x1630  BFE - ok
21:28:48.0235 0x1630  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
21:28:48.0437 0x1630  BITS - ok
21:28:48.0473 0x1630  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
21:28:48.0530 0x1630  blbdrive - ok
21:28:48.0608 0x1630  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:28:48.0654 0x1630  Bonjour Service - ok
21:28:48.0719 0x1630  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:28:48.0777 0x1630  bowser - ok
21:28:48.0829 0x1630  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
21:28:48.0893 0x1630  BrFiltLo - ok
21:28:48.0901 0x1630  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
21:28:48.0948 0x1630  BrFiltUp - ok
21:28:49.0015 0x1630  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
21:28:49.0103 0x1630  Browser - ok
21:28:49.0154 0x1630  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
21:28:49.0252 0x1630  Brserid - ok
21:28:49.0268 0x1630  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
21:28:49.0335 0x1630  BrSerWdm - ok
21:28:49.0351 0x1630  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
21:28:49.0400 0x1630  BrUsbMdm - ok
21:28:49.0420 0x1630  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
21:28:49.0459 0x1630  BrUsbSer - ok
21:28:49.0511 0x1630  [ FE70889A85C57A9268101B2DB0474509, 9E957390A52BE4E5642724FEC06A201682F93DD1C6F2C00A5F57351460CF5AE0 ] BTATH_A2DP      C:\Windows\system32\drivers\btath_a2dp.sys
21:28:49.0588 0x1630  BTATH_A2DP - ok
21:28:49.0635 0x1630  [ A9DF22429E8D69ED849B0BBBE16BD327, 853A2F34EDBE62889769B6B75B50A6E57971279EAF3936E03EF46D311B5483C5 ] BTATH_BUS       C:\Windows\system32\DRIVERS\btath_bus.sys
21:28:49.0686 0x1630  BTATH_BUS - ok
21:28:49.0740 0x1630  [ C864FF85EE16D61C2BDD5EF76824625F, 6D2FE57688D9E8B4277BF6DA9C219DEB367274364FBE17EFC353CEDB2D7EA35D ] BTATH_HCRP      C:\Windows\system32\DRIVERS\btath_hcrp.sys
21:28:49.0823 0x1630  BTATH_HCRP - ok
21:28:49.0859 0x1630  [ 0DEA505EFB5D771826D177EF8B8A208F, FD8027DA791F04077490749AC5A08F73CCBA1731462579AA9008CD8DD82FBBBC ] BTATH_LWFLT     C:\Windows\system32\DRIVERS\btath_lwflt.sys
21:28:49.0929 0x1630  BTATH_LWFLT - ok
21:28:49.0965 0x1630  [ 724C8088C96EFE7A3E63FEC21D4681C0, 4F9B258BE0FEA634A0D93B3892F2F039A7CAD184C9A81DFC2B67B0D4B39C5035 ] BTATH_RCP       C:\Windows\system32\DRIVERS\btath_rcp.sys
21:28:50.0053 0x1630  BTATH_RCP - ok
21:28:50.0126 0x1630  [ FF59EE1DDAC776246F43BF434194650F, 1033E459007BBC85623236AC538BBC8B7D5A718F40E501996FE5508B1116B103 ] BtFilter        C:\Windows\system32\DRIVERS\btfilter.sys
21:28:50.0257 0x1630  BtFilter - ok
21:28:50.0304 0x1630  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
21:28:50.0358 0x1630  BthEnum - ok
21:28:50.0390 0x1630  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
21:28:50.0451 0x1630  BTHMODEM - ok
21:28:50.0488 0x1630  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
21:28:50.0576 0x1630  BthPan - ok
21:28:50.0687 0x1630  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
21:28:50.0820 0x1630  BTHPORT - ok
21:28:50.0851 0x1630  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
21:28:50.0971 0x1630  bthserv - ok
21:28:51.0014 0x1630  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
21:28:51.0066 0x1630  BTHUSB - ok
21:28:51.0272 0x1630  [ FECA9F830A5C6BAB9978E6781A26AE2B, CA1681A2F4FA849815B8E823805E078DB9C050CEE86E9E394B2A37B57CC474A6 ] c2cautoupdatesvc C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
21:28:51.0421 0x1630  c2cautoupdatesvc - ok
21:28:51.0574 0x1630  [ 5B33709F7FE59BB625F113EED86AFC5C, 8D29FE242D55526FDEB2CB4009B5DE19C93972E872BE6328AD3305E360A3D44B ] c2cpnrsvc       C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
21:28:51.0732 0x1630  c2cpnrsvc - ok
21:28:51.0752 0x1630  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:28:51.0865 0x1630  cdfs - ok
21:28:51.0937 0x1630  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
21:28:52.0001 0x1630  cdrom - ok
21:28:52.0056 0x1630  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
21:28:52.0179 0x1630  CertPropSvc - ok
21:28:52.0210 0x1630  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
21:28:52.0264 0x1630  circlass - ok
21:28:52.0311 0x1630  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
21:28:52.0383 0x1630  CLFS - ok
21:28:52.0435 0x1630  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:28:52.0466 0x1630  clr_optimization_v2.0.50727_32 - ok
21:28:52.0518 0x1630  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:28:52.0558 0x1630  clr_optimization_v2.0.50727_64 - ok
21:28:52.0651 0x1630  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:28:52.0697 0x1630  clr_optimization_v4.0.30319_32 - ok
21:28:52.0718 0x1630  [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:28:52.0770 0x1630  clr_optimization_v4.0.30319_64 - ok
21:28:52.0821 0x1630  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
21:28:52.0862 0x1630  CmBatt - ok
21:28:52.0890 0x1630  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
21:28:52.0918 0x1630  cmdide - ok
21:28:53.0023 0x1630  [ 9AC4F97C2D3E93367E2148EA940CD2CD, 530E089E5CF868AECDB2B5548EBE76E0CA98FC74A72897292AB2485734402E3B ] CNG             C:\Windows\system32\Drivers\cng.sys
21:28:53.0119 0x1630  CNG - ok
21:28:53.0160 0x1630  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
21:28:53.0207 0x1630  Compbatt - ok
21:28:53.0238 0x1630  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
21:28:53.0290 0x1630  CompositeBus - ok
21:28:53.0311 0x1630  COMSysApp - ok
21:28:53.0342 0x1630  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
21:28:53.0365 0x1630  crcdisk - ok
21:28:53.0430 0x1630  [ 4F5414602E2544A4554D95517948B705, 50121AD32ACF73F541DF3B655020F7B610B3E7B5E8C7B39D37D5958F28CB376E ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:28:53.0495 0x1630  CryptSvc - ok
21:28:53.0565 0x1630  [ BC3D4F90978CD7C8EABD1BAF3BF7873A, 5978139650FC51BE0CAB12061702C7BC7BEDF6E7C3A047FF0A6328AA674E4226 ] CtClsFlt        C:\Windows\system32\DRIVERS\CtClsFlt.sys
21:28:53.0650 0x1630  CtClsFlt - ok
21:28:53.0736 0x1630  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:28:53.0906 0x1630  DcomLaunch - ok
21:28:53.0952 0x1630  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
21:28:54.0112 0x1630  defragsvc - ok
21:28:54.0144 0x1630  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:28:54.0262 0x1630  DfsC - ok
21:28:54.0321 0x1630  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
21:28:54.0455 0x1630  Dhcp - ok
21:28:54.0504 0x1630  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
21:28:54.0614 0x1630  discache - ok
21:28:54.0629 0x1630  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
21:28:54.0668 0x1630  Disk - ok
21:28:54.0733 0x1630  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:28:54.0805 0x1630  Dnscache - ok
21:28:54.0860 0x1630  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
21:28:55.0008 0x1630  dot3svc - ok
21:28:55.0059 0x1630  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
21:28:55.0199 0x1630  DPS - ok
21:28:55.0235 0x1630  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
21:28:55.0300 0x1630  drmkaud - ok
21:28:55.0391 0x1630  [ F5BEE30450E18E6B83A5012C100616FD, 44D0577D159FC2BDF4EAD1DC2C7FD14925D075225EF97608CAC52DEE405B08FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:28:55.0502 0x1630  DXGKrnl - ok
21:28:55.0571 0x1630  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
21:28:55.0703 0x1630  EapHost - ok
21:28:55.0968 0x1630  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
21:28:56.0343 0x1630  ebdrv - ok
21:28:56.0398 0x1630  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] EFS             C:\Windows\System32\lsass.exe
21:28:56.0451 0x1630  EFS - ok
21:28:56.0550 0x1630  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
21:28:56.0689 0x1630  ehRecvr - ok
21:28:56.0728 0x1630  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
21:28:56.0775 0x1630  ehSched - ok
21:28:56.0863 0x1630  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
21:28:56.0949 0x1630  elxstor - ok
21:28:57.0087 0x1630  [ 757305C7AD34222F4A46D86FE0BEE241, 94540DC1EA19821EACC796EF4FE247005B02E417B30E91383D1260E9D9A8B747 ] EpsonCustomerParticipation C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
21:28:57.0180 0x1630  EpsonCustomerParticipation - ok
21:28:57.0261 0x1630  [ CDCA791AFA0483F44BBA576DBFAFD04D, 5EFA64C06B5C6933B460B8A9E832E484DA4EB01CA557630065796B98EFE9323F ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
21:28:57.0302 0x1630  EPSON_PM_RPCV4_01 - ok
21:28:57.0320 0x1630  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
21:28:57.0371 0x1630  ErrDev - ok
21:28:57.0449 0x1630  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
21:28:57.0625 0x1630  EventSystem - ok
21:28:57.0671 0x1630  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
21:28:57.0792 0x1630  exfat - ok
21:28:57.0831 0x1630  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:28:57.0970 0x1630  fastfat - ok
21:28:58.0050 0x1630  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
21:28:58.0202 0x1630  Fax - ok
21:28:58.0233 0x1630  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
21:28:58.0278 0x1630  fdc - ok
21:28:58.0309 0x1630  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
21:28:58.0423 0x1630  fdPHost - ok
21:28:58.0446 0x1630  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
21:28:58.0550 0x1630  FDResPub - ok
21:28:58.0566 0x1630  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:28:58.0602 0x1630  FileInfo - ok
21:28:58.0617 0x1630  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:28:58.0733 0x1630  Filetrace - ok
21:28:58.0765 0x1630  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
21:28:58.0798 0x1630  flpydisk - ok
21:28:58.0847 0x1630  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:28:58.0930 0x1630  FltMgr - ok
21:28:59.0048 0x1630  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
21:28:59.0225 0x1630  FontCache - ok
21:28:59.0261 0x1630  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:28:59.0295 0x1630  FontCache3.0.0.0 - ok
21:28:59.0318 0x1630  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
21:28:59.0349 0x1630  FsDepends - ok
21:28:59.0416 0x1630  [ B3EB502D2C3F47C47415F85387DFAEF1, 5240D4281BB9FBFBFEB98522D12F0C006BE063C084C2E6E23DACB6606CDC25AE ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
21:28:59.0450 0x1630  fssfltr - ok
21:28:59.0645 0x1630  [ B6AB40819ECEC4BA07266EC0EBBC85A7, 71D385043720B622305FD64BD1187C6FFD7191C30794F95629CF6BFDC0A25BA2 ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
21:28:59.0838 0x1630  fsssvc - ok
21:28:59.0876 0x1630  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:28:59.0900 0x1630  Fs_Rec - ok
21:28:59.0951 0x1630  [ 1F7B25B858FA27015169FE95E54108ED, 72DD12E924AA7273B3E4BDD2A2C581DECE304C8EF3D44EA79ABB032F3F95DCE5 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
21:29:00.0021 0x1630  fvevol - ok
21:29:00.0037 0x1630  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
21:29:00.0076 0x1630  gagp30kx - ok
21:29:00.0132 0x1630  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:29:00.0152 0x1630  GEARAspiWDM - ok
21:29:00.0240 0x1630  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
21:29:00.0431 0x1630  gpsvc - ok
21:29:00.0514 0x1630  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:29:00.0539 0x1630  gupdate - ok
21:29:00.0571 0x1630  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:29:00.0612 0x1630  gupdatem - ok
21:29:00.0637 0x1630  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
21:29:00.0705 0x1630  hcw85cir - ok
21:29:00.0740 0x1630  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
21:29:00.0823 0x1630  HDAudBus - ok
21:29:00.0841 0x1630  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
21:29:00.0891 0x1630  HidBatt - ok
21:29:00.0926 0x1630  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
21:29:00.0988 0x1630  HidBth - ok
21:29:01.0003 0x1630  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
21:29:01.0062 0x1630  HidIr - ok
21:29:01.0080 0x1630  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
21:29:01.0198 0x1630  hidserv - ok
21:29:01.0273 0x1630  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
21:29:01.0330 0x1630  HidUsb - ok
21:29:01.0350 0x1630  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:29:01.0461 0x1630  hkmsvc - ok
21:29:01.0505 0x1630  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:29:01.0604 0x1630  HomeGroupListener - ok
21:29:01.0652 0x1630  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:29:01.0709 0x1630  HomeGroupProvider - ok
21:29:01.0732 0x1630  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
21:29:01.0773 0x1630  HpSAMD - ok
21:29:01.0851 0x1630  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:29:02.0041 0x1630  HTTP - ok
21:29:02.0082 0x1630  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
21:29:02.0102 0x1630  hwpolicy - ok
21:29:02.0134 0x1630  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
21:29:02.0182 0x1630  i8042prt - ok
21:29:02.0267 0x1630  [ D469B77687E12FE43E344806740B624D, DFDD486FD040813BF4E5DDB504CF9E0BFBF6D4E540DDDA4829F9B675ACF63E89 ] iaStor          C:\Windows\system32\drivers\iaStor.sys
21:29:02.0324 0x1630  iaStor - ok
21:29:02.0432 0x1630  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
21:29:02.0516 0x1630  iaStorV - ok
21:29:02.0619 0x1630  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:29:02.0727 0x1630  idsvc - ok
21:29:02.0740 0x1630  IEEtwCollectorService - ok
21:29:03.0651 0x1630  [ 0BD58366C86EF9DDC4F61AFED0CADA99, 2C4ADD577872DF0E9DE7664FA4293B8E335E18055E346B5BF644544840E420EF ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
21:29:04.0917 0x1630  igfx - ok
21:29:04.0980 0x1630  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
21:29:04.0998 0x1630  iirsp - ok
21:29:05.0098 0x1630  [ FCD84C381E0140AF901E58D48882D26B, 76955FFC230C801E8ED890E32076075F04CD6E5EC79E594FDE6D23797A36B406 ] IKEEXT          C:\Windows\System32\ikeext.dll
21:29:05.0291 0x1630  IKEEXT - ok
21:29:05.0326 0x1630  [ DD587A55390ED2295BCE6D36AD567DA9, AEB7DCB8EF89BEE8D9649A05FC482B1E4E3F44243D57A2577C862EB69166C48E ] Impcd           C:\Windows\system32\drivers\Impcd.sys
21:29:05.0414 0x1630  Impcd - ok
21:29:05.0654 0x1630  [ 1B491F385EE96F9D9EE4CB430C8CD29E, 06CA97FC494F3B3FE422F1242856B643EE210959DCB6E8298254306145B688AF ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:29:05.0934 0x1630  IntcAzAudAddService - ok
21:29:06.0001 0x1630  [ FC727061C0F47C8059E88E05D5C8E381, C7A3782F5D86C7FDE57AA1F2EE81638C5FC3072ACC6E572BA2EC7B3CFF389800 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
21:29:06.0099 0x1630  IntcDAud - ok
21:29:06.0114 0x1630  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
21:29:06.0148 0x1630  intelide - ok
21:29:06.0197 0x1630  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
21:29:06.0259 0x1630  intelppm - ok
21:29:06.0330 0x1630  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
21:29:06.0454 0x1630  IPBusEnum - ok
21:29:06.0469 0x1630  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:29:06.0594 0x1630  IpFilterDriver - ok
21:29:06.0673 0x1630  [ A34A587FFFD45FA649FBA6D03784D257, C9A2BCD4E2A5EB6E320092A3AFD5737ECDCDA0B83EE42314A23C4978F2974767 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
21:29:06.0834 0x1630  iphlpsvc - ok
21:29:06.0849 0x1630  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
21:29:06.0896 0x1630  IPMIDRV - ok
21:29:06.0929 0x1630  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
21:29:07.0061 0x1630  IPNAT - ok
21:29:07.0166 0x1630  [ 87F8EDF63C97BF0BF21359A3D8ABF0C7, BAAAE1DE50EBD1BCE46F33C5F3A7F3C39F61AB21416D78DAA7F8A19F38F67269 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
21:29:07.0236 0x1630  iPod Service - ok
21:29:07.0282 0x1630  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:29:07.0338 0x1630  IRENUM - ok
21:29:07.0369 0x1630  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:29:07.0408 0x1630  isapnp - ok
21:29:07.0439 0x1630  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
21:29:07.0499 0x1630  iScsiPrt - ok
21:29:07.0530 0x1630  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
21:29:07.0569 0x1630  kbdclass - ok
21:29:07.0600 0x1630  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
21:29:07.0646 0x1630  kbdhid - ok
21:29:07.0662 0x1630  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] KeyIso          C:\Windows\system32\lsass.exe
21:29:07.0698 0x1630  KeyIso - ok
21:29:07.0736 0x1630  [ 97A7070AEA4C058B6418519E869A63B4, 15345C2D6CA159BD498002974A0BD21CAB611124D85E3320248B47652AEF23C8 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:29:07.0759 0x1630  KSecDD - ok
21:29:07.0790 0x1630  [ 26C43A7C2862447EC59DEDA188D1DA07, 5363BF87E650FE2010ACA9417D6920FF4ED752256FF47732882E9B2BA1ED154B ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
21:29:07.0834 0x1630  KSecPkg - ok
21:29:07.0869 0x1630  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
21:29:07.0977 0x1630  ksthunk - ok
21:29:08.0044 0x1630  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
21:29:08.0173 0x1630  KtmRm - ok
21:29:08.0235 0x1630  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
21:29:08.0381 0x1630  LanmanServer - ok
21:29:08.0420 0x1630  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:29:08.0549 0x1630  LanmanWorkstation - ok
21:29:08.0617 0x1630  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:29:08.0723 0x1630  lltdio - ok
21:29:08.0789 0x1630  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
21:29:08.0940 0x1630  lltdsvc - ok
21:29:08.0961 0x1630  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
21:29:09.0059 0x1630  lmhosts - ok
21:29:09.0161 0x1630  [ 7F32D4C47A50E7223491E8FB9359907D, 6D3F59A8D006BED3234697933D09C8EE8F7A9F4A4196CFA878F8E8A929B24CE5 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
21:29:09.0215 0x1630  LMS - ok
21:29:09.0254 0x1630  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
21:29:09.0290 0x1630  LSI_FC - ok
21:29:09.0324 0x1630  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
21:29:09.0376 0x1630  LSI_SAS - ok
21:29:09.0399 0x1630  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
21:29:09.0430 0x1630  LSI_SAS2 - ok
21:29:09.0456 0x1630  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
21:29:09.0487 0x1630  LSI_SCSI - ok
21:29:09.0530 0x1630  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
21:29:09.0651 0x1630  luafv - ok
21:29:09.0698 0x1630  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
21:29:09.0750 0x1630  Mcx2Svc - ok
21:29:09.0786 0x1630  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
21:29:09.0827 0x1630  megasas - ok
21:29:09.0863 0x1630  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
21:29:09.0935 0x1630  MegaSR - ok
21:29:09.0997 0x1630  [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
21:29:10.0013 0x1630  MEIx64 - ok
21:29:10.0044 0x1630  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
21:29:10.0175 0x1630  MMCSS - ok
21:29:10.0209 0x1630  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
21:29:10.0317 0x1630  Modem - ok
21:29:10.0342 0x1630  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
21:29:10.0393 0x1630  monitor - ok
21:29:10.0445 0x1630  [ BB9DE58AC6513DA62C005D92E2DB4981, D7149E2ECEA13E6E54CEE586DC4A587660B6AA8038BB82A8A685E496043B34A2 ] MotoConnect Service C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
21:29:10.0479 0x1630  MotoConnect Service - ok
21:29:10.0515 0x1630  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
21:29:10.0551 0x1630  mouclass - ok
21:29:10.0587 0x1630  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
21:29:10.0619 0x1630  mouhid - ok
21:29:10.0652 0x1630  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
21:29:10.0688 0x1630  mountmgr - ok
21:29:10.0719 0x1630  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
21:29:10.0755 0x1630  mpio - ok
21:29:10.0794 0x1630  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:29:10.0910 0x1630  mpsdrv - ok
21:29:11.0027 0x1630  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:29:11.0231 0x1630  MpsSvc - ok
21:29:11.0270 0x1630  [ DC722758B8261E1ABAFD31A3C0A66380, 88BBE073E2CCD1DAB4656DDC53D5161E8A91D035ADAC1465D0CEBA86F1BB6D9A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:29:11.0368 0x1630  MRxDAV - ok
21:29:11.0404 0x1630  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:29:11.0472 0x1630  mrxsmb - ok
21:29:11.0517 0x1630  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:29:11.0614 0x1630  mrxsmb10 - ok
21:29:11.0634 0x1630  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:29:11.0681 0x1630  mrxsmb20 - ok
21:29:11.0699 0x1630  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
21:29:11.0735 0x1630  msahci - ok
21:29:11.0766 0x1630  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
21:29:11.0820 0x1630  msdsm - ok
21:29:11.0841 0x1630  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
21:29:11.0895 0x1630  MSDTC - ok
21:29:11.0942 0x1630  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:29:12.0057 0x1630  Msfs - ok
21:29:12.0073 0x1630  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
21:29:12.0177 0x1630  mshidkmdf - ok
21:29:12.0210 0x1630  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:29:12.0248 0x1630  msisadrv - ok
21:29:12.0285 0x1630  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:29:12.0436 0x1630  MSiSCSI - ok
21:29:12.0444 0x1630  msiserver - ok
21:29:12.0469 0x1630  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
21:29:12.0578 0x1630  MSKSSRV - ok
21:29:12.0625 0x1630  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:29:12.0740 0x1630  MSPCLOCK - ok
21:29:12.0755 0x1630  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
21:29:12.0885 0x1630  MSPQM - ok
21:29:12.0929 0x1630  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:29:12.0987 0x1630  MsRPC - ok
21:29:13.0018 0x1630  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
21:29:13.0054 0x1630  mssmbios - ok
21:29:13.0075 0x1630  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
21:29:13.0205 0x1630  MSTEE - ok
21:29:13.0225 0x1630  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
21:29:13.0268 0x1630  MTConfig - ok
21:29:13.0289 0x1630  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
21:29:13.0317 0x1630  Mup - ok
21:29:13.0374 0x1630  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
21:29:13.0544 0x1630  napagent - ok
21:29:13.0622 0x1630  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:29:13.0723 0x1630  NativeWifiP - ok
21:29:13.0903 0x1630  [ 934BB0D23A25C8C136570800A5A149B6, 15D99CE4E970FECE257F6D69810F8104720B26D8DC3787BC38CC8692ACEABD37 ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
21:29:13.0982 0x1630  NAUpdate - ok
21:29:14.0104 0x1630  [ C38B8AE57F78915905064A9A24DC1586, 5A24A490AC5DB4FCC745182BDBAEA8836E8FBEC635609AE4CF51DAC3A30A8221 ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:29:14.0230 0x1630  NDIS - ok
21:29:14.0269 0x1630  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
21:29:14.0390 0x1630  NdisCap - ok
21:29:14.0413 0x1630  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:29:14.0514 0x1630  NdisTapi - ok
21:29:14.0545 0x1630  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
21:29:14.0638 0x1630  Ndisuio - ok
21:29:14.0669 0x1630  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
21:29:14.0798 0x1630  NdisWan - ok
21:29:14.0832 0x1630  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
21:29:14.0928 0x1630  NDProxy - ok
21:29:14.0959 0x1630  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
21:29:15.0067 0x1630  NetBIOS - ok
21:29:15.0105 0x1630  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
21:29:15.0236 0x1630  NetBT - ok
21:29:15.0252 0x1630  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] Netlogon        C:\Windows\system32\lsass.exe
21:29:15.0298 0x1630  Netlogon - ok
21:29:15.0352 0x1630  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
21:29:15.0513 0x1630  Netman - ok
21:29:15.0538 0x1630  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:29:15.0597 0x1630  NetMsmqActivator - ok
21:29:15.0629 0x1630  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:29:15.0659 0x1630  NetPipeActivator - ok
21:29:15.0715 0x1630  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
21:29:15.0870 0x1630  netprofm - ok
21:29:15.0900 0x1630  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:29:15.0931 0x1630  NetTcpActivator - ok
21:29:15.0947 0x1630  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:29:15.0978 0x1630  NetTcpPortSharing - ok
21:29:16.0009 0x1630  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
21:29:16.0052 0x1630  nfrd960 - ok
21:29:16.0086 0x1630  [ 1EE99A89CC788ADA662441D1E9830529, 6B4FDD74BB81E12BD4B25A3E8AECB0FA77FA0075D454DD1D6DC1790ADF1F2AA8 ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:29:16.0235 0x1630  NlaSvc - ok
21:29:16.0251 0x1630  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:29:16.0355 0x1630  Npfs - ok
21:29:16.0378 0x1630  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
21:29:16.0499 0x1630  nsi - ok
21:29:16.0538 0x1630  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:29:16.0636 0x1630  nsiproxy - ok
21:29:16.0793 0x1630  [ A2F74975097F52A00745F9637451FDD8, C681DDBD3382C477C2A030E828B5CFB529CB57C7847BD9AFF25E2A5E58B2DAF3 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:29:16.0992 0x1630  Ntfs - ok
21:29:17.0013 0x1630  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
21:29:17.0121 0x1630  Null - ok
21:29:17.0157 0x1630  [ D584ABB6A308933A5F72B46C9E5A783F, 31922A27B3A9A64A9F71B7591FCAC6E0ACD15E36B9BFC4B4D75DE473E0F5CF6B ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
21:29:17.0232 0x1630  nusb3hub - ok
21:29:17.0265 0x1630  [ 345B9C04E2036DA4346E3249A5BDFD06, 2FCA4661757EC8E33F6D1E8066165C0E0A0D32649318412A79A915B83496236A ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
21:29:17.0342 0x1630  nusb3xhc - ok
21:29:17.0368 0x1630  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:29:17.0430 0x1630  nvraid - ok
21:29:17.0466 0x1630  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:29:17.0515 0x1630  nvstor - ok
21:29:17.0551 0x1630  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:29:17.0587 0x1630  nv_agp - ok
21:29:17.0634 0x1630  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
21:29:17.0704 0x1630  ohci1394 - ok
21:29:17.0750 0x1630  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:29:17.0781 0x1630  ose - ok
21:29:18.0194 0x1630  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:29:18.0639 0x1630  osppsvc - ok
21:29:18.0711 0x1630  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
21:29:18.0817 0x1630  p2pimsvc - ok
21:29:18.0870 0x1630  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
21:29:18.0947 0x1630  p2psvc - ok
21:29:18.0999 0x1630  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
21:29:19.0035 0x1630  Parport - ok
21:29:19.0092 0x1630  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
21:29:19.0141 0x1630  partmgr - ok
21:29:19.0187 0x1630  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:29:19.0282 0x1630  PcaSvc - ok
21:29:19.0323 0x1630  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
21:29:19.0375 0x1630  pci - ok
21:29:19.0393 0x1630  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
21:29:19.0423 0x1630  pciide - ok
21:29:19.0465 0x1630  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
21:29:19.0516 0x1630  pcmcia - ok
21:29:19.0537 0x1630  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
21:29:19.0576 0x1630  pcw - ok
21:29:19.0635 0x1630  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:29:19.0794 0x1630  PEAUTH - ok
21:29:19.0887 0x1630  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
21:29:19.0936 0x1630  PerfHost - ok
21:29:20.0072 0x1630  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
21:29:20.0332 0x1630  pla - ok
21:29:20.0398 0x1630  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:29:20.0509 0x1630  PlugPlay - ok
21:29:20.0532 0x1630  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
21:29:20.0584 0x1630  PNRPAutoReg - ok
21:29:20.0631 0x1630  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
21:29:20.0695 0x1630  PNRPsvc - ok
21:29:20.0777 0x1630  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:29:20.0929 0x1630  PolicyAgent - ok
21:29:20.0997 0x1630  [ A2CCA4FB273E6050F17A0A416CFF2FCD, C42BA18DF0C8E3F7358669A784E51E4DC7A4112096345EA699EDC95F561E0255 ] Power           C:\Windows\system32\umpo.dll
21:29:21.0069 0x1630  Power - ok
21:29:21.0146 0x1630  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:29:21.0262 0x1630  PptpMiniport - ok
21:29:21.0282 0x1630  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
21:29:21.0334 0x1630  Processor - ok
21:29:21.0388 0x1630  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
21:29:21.0474 0x1630  ProfSvc - ok
21:29:21.0497 0x1630  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] ProtectedStorage C:\Windows\system32\lsass.exe
21:29:21.0528 0x1630  ProtectedStorage - ok
21:29:21.0574 0x1630  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
21:29:21.0683 0x1630  Psched - ok
21:29:21.0714 0x1630  [ 87B04878A6D59D6C79251DC960C674C1, 3EB8DB0624E646F0A65D0381408D35CF9FDC5ABFC30DF6431F4070A8EB68447C ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
21:29:21.0740 0x1630  PxHlpa64 - ok
21:29:21.0882 0x1630  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
21:29:22.0047 0x1630  ql2300 - ok
21:29:22.0078 0x1630  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
21:29:22.0117 0x1630  ql40xx - ok
21:29:22.0166 0x1630  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
21:29:22.0257 0x1630  QWAVE - ok
21:29:22.0273 0x1630  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:29:22.0342 0x1630  QWAVEdrv - ok
21:29:22.0358 0x1630  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:29:22.0453 0x1630  RasAcd - ok
21:29:22.0484 0x1630  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
21:29:22.0580 0x1630  RasAgileVpn - ok
21:29:22.0603 0x1630  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
21:29:22.0711 0x1630  RasAuto - ok
21:29:22.0753 0x1630  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
21:29:22.0862 0x1630  Rasl2tp - ok
21:29:22.0909 0x1630  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
21:29:23.0053 0x1630  RasMan - ok
21:29:23.0069 0x1630  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:29:23.0176 0x1630  RasPppoe - ok
21:29:23.0213 0x1630  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
21:29:23.0334 0x1630  RasSstp - ok
21:29:23.0381 0x1630  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:29:23.0515 0x1630  rdbss - ok
21:29:23.0532 0x1630  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
21:29:23.0587 0x1630  rdpbus - ok
21:29:23.0605 0x1630  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
21:29:23.0693 0x1630  RDPCDD - ok
21:29:23.0725 0x1630  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
21:29:23.0830 0x1630  RDPENCDD - ok
21:29:23.0861 0x1630  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
21:29:23.0962 0x1630  RDPREFMP - ok
21:29:24.0039 0x1630  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
21:29:24.0116 0x1630  RDPWD - ok
21:29:24.0165 0x1630  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
21:29:24.0222 0x1630  rdyboost - ok
21:29:24.0269 0x1630  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:29:24.0370 0x1630  RemoteAccess - ok
21:29:24.0417 0x1630  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:29:24.0545 0x1630  RemoteRegistry - ok
21:29:24.0585 0x1630  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
21:29:24.0664 0x1630  RFCOMM - ok
21:29:24.0842 0x1630  [ 3C957189B31C34D3AD21967B12B6AED7, 878FE6EA03F60592D6D557B905A5119E2CC836C2A6A86ED2867C3C9B0F0FDBA2 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
21:29:24.0972 0x1630  RoxMediaDB12OEM - ok
21:29:25.0010 0x1630  [ 2B73088CC2CA757A172B425C9398E5BC, 3D296B4D6F66F7729CC48FE54456E6E6D8207DBA7E31D66653566C128E53163B ] RoxWatch12      C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
21:29:25.0067 0x1630  RoxWatch12 - ok
21:29:25.0113 0x1630  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
21:29:25.0227 0x1630  RpcEptMapper - ok
21:29:25.0273 0x1630  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
21:29:25.0327 0x1630  RpcLocator - ok
21:29:25.0397 0x1630  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
21:29:25.0535 0x1630  RpcSs - ok
21:29:25.0576 0x1630  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:29:25.0687 0x1630  rspndr - ok
21:29:25.0744 0x1630  [ 135A64530D7699AD48F29D73A658DD11, 35838AE8ACFD9047C68DD0C8910557A82998E5CD778D5B98D4767AFA4BCE85BB ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
21:29:25.0775 0x1630  RSUSBSTOR - ok
21:29:25.0860 0x1630  [ 9140DB0911DE035FED0A9A77A2D156EA, 07C9D7E2978062ABD84B58B390360D4C0F72C6A5A2310444579DC095943BD008 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
21:29:25.0925 0x1630  RTL8167 - ok
21:29:25.0956 0x1630  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] SamSs           C:\Windows\system32\lsass.exe
21:29:25.0986 0x1630  SamSs - ok
21:29:26.0001 0x1630  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:29:26.0048 0x1630  sbp2port - ok
21:29:26.0149 0x1630  [ 0E4C418AE2D253BD99C1322A891C7FC6, EF5ABB3DA917CFAFFD1E3C2FDF845933EE3CDFBE2FD5BF022DA84FB152AFFF79 ] scan            C:\Program Files\360\360 Internet Security\scan.dll
21:29:26.0210 0x1630  scan - ok
21:29:26.0283 0x1630  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:29:26.0410 0x1630  SCardSvr - ok
21:29:26.0441 0x1630  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
21:29:26.0534 0x1630  scfilter - ok
21:29:26.0645 0x1630  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
21:29:26.0860 0x1630  Schedule - ok
21:29:26.0911 0x1630  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
21:29:27.0009 0x1630  SCPolicySvc - ok
21:29:27.0056 0x1630  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
21:29:27.0133 0x1630  SDRSVC - ok
21:29:27.0164 0x1630  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:29:27.0272 0x1630  secdrv - ok
21:29:27.0282 0x1630  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
21:29:27.0385 0x1630  seclogon - ok
21:29:27.0401 0x1630  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
21:29:27.0517 0x1630  SENS - ok
21:29:27.0551 0x1630  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
21:29:27.0597 0x1630  SensrSvc - ok
21:29:27.0644 0x1630  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
21:29:27.0685 0x1630  Serenum - ok
21:29:27.0723 0x1630  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
21:29:27.0778 0x1630  Serial - ok
21:29:27.0801 0x1630  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
21:29:27.0853 0x1630  sermouse - ok
21:29:27.0943 0x1630  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
21:29:28.0072 0x1630  SessionEnv - ok
21:29:28.0093 0x1630  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
21:29:28.0126 0x1630  sffdisk - ok
21:29:28.0147 0x1630  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
21:29:28.0195 0x1630  sffp_mmc - ok
21:29:28.0213 0x1630  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
21:29:28.0244 0x1630  sffp_sd - ok
21:29:28.0260 0x1630  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
21:29:28.0311 0x1630  sfloppy - ok
21:29:28.0476 0x1630  [ 4215C271D6E6898C3F4DABAB4F387DC9, 10D845466AC239E18A381FA3BCF1DA1CDCF7CC4363D3A6B4695D6562B3EF7541 ] SftService      C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
21:29:28.0639 0x1630  SftService - ok
21:29:28.0703 0x1630  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
21:29:28.0860 0x1630  SharedAccess - ok
21:29:28.0926 0x1630  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:29:29.0102 0x1630  ShellHWDetection - ok
21:29:29.0151 0x1630  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
21:29:29.0187 0x1630  SiSRaid2 - ok
21:29:29.0202 0x1630  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
21:29:29.0230 0x1630  SiSRaid4 - ok
21:29:29.0341 0x1630  [ F6EF225A23D336CA30001E5007644C24, B0A4B1256C1074F1B4F73E3BBA16FD4683D6EEA583DEEF8E11EFD29BA7541F2A ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
21:29:29.0414 0x1630  SkypeUpdate - ok
21:29:29.0445 0x1630  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
21:29:29.0573 0x1630  Smb - ok
21:29:29.0604 0x1630  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:29:29.0654 0x1630  SNMPTRAP - ok
21:29:29.0674 0x1630  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
21:29:29.0699 0x1630  spldr - ok
21:29:29.0782 0x1630  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
21:29:29.0898 0x1630  Spooler - ok
21:29:30.0153 0x1630  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
21:29:30.0603 0x1630  sppsvc - ok
21:29:30.0649 0x1630  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
21:29:30.0749 0x1630  sppuinotify - ok
21:29:30.0863 0x1630  [ 4C33F139236FD9BD14A920F60C1CB072, 806650B2AE7DC299DEC49C519E2452427B819213F863BFCC4188EDF075EAAD2D ] sptd            C:\Windows\System32\Drivers\sptd.sys
21:29:30.0971 0x1630  sptd - ok
21:29:31.0051 0x1630  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
21:29:31.0157 0x1630  srv - ok
21:29:31.0205 0x1630  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:29:31.0306 0x1630  srv2 - ok
21:29:31.0337 0x1630  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:29:31.0391 0x1630  srvnet - ok
21:29:31.0461 0x1630  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
21:29:31.0576 0x1630  SSDPSRV - ok
21:29:31.0602 0x1630  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
21:29:31.0702 0x1630  SstpSvc - ok
21:29:31.0816 0x1630  [ EBAA82F7C9B97C0E450449178E007340, D470927CC216C4E3EA23236E6C6464187CD3A49C3A4A456F488FEC8E713EA31B ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
21:29:31.0921 0x1630  Steam Client Service - ok
21:29:31.0955 0x1630  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
21:29:31.0989 0x1630  stexstor - ok
21:29:32.0064 0x1630  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
21:29:32.0193 0x1630  stisvc - ok
21:29:32.0237 0x1630  [ 7731F46EC0D687A931CBA063E8F90EF0, 5CF996A209756B901316C4406C7D3E52ECC9C15A1BDB0D4D9C77846AB29FD040 ] stllssvr        C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
21:29:32.0268 0x1630  stllssvr - ok
21:29:32.0301 0x1630  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
21:29:32.0333 0x1630  swenum - ok
21:29:32.0397 0x1630  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
21:29:32.0554 0x1630  swprv - ok
21:29:32.0709 0x1630  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
21:29:32.0962 0x1630  SysMain - ok
21:29:32.0978 0x1630  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:29:33.0058 0x1630  TabletInputService - ok
21:29:33.0097 0x1630  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
21:29:33.0233 0x1630  TapiSrv - ok
21:29:33.0253 0x1630  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
21:29:33.0357 0x1630  TBS - ok
21:29:33.0547 0x1630  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
21:29:33.0743 0x1630  Tcpip - ok
21:29:33.0911 0x1630  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
21:29:34.0089 0x1630  TCPIP6 - ok
21:29:34.0130 0x1630  [ DF687E3D8836BFB04FCC0615BF15A519, 7C5B1E72673B4299DFC21E869F0FBB28198CA54DF4F4AF7080005F2D82467784 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:29:34.0245 0x1630  tcpipreg - ok
21:29:34.0261 0x1630  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
21:29:34.0331 0x1630  TDPIPE - ok
21:29:34.0354 0x1630  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
21:29:34.0401 0x1630  TDTCP - ok
21:29:34.0463 0x1630  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
21:29:34.0566 0x1630  tdx - ok
21:29:34.0584 0x1630  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
21:29:34.0605 0x1630  TermDD - ok
21:29:34.0692 0x1630  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
21:29:34.0874 0x1630  TermService - ok
21:29:34.0890 0x1630  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
21:29:34.0954 0x1630  Themes - ok
21:29:34.0993 0x1630  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
21:29:35.0087 0x1630  THREADORDER - ok
21:29:35.0125 0x1630  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
21:29:35.0260 0x1630  TrkWks - ok
21:29:35.0323 0x1630  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:29:35.0443 0x1630  TrustedInstaller - ok
21:29:35.0459 0x1630  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30, CA302C2ED6A6BF4670BAAA4F5C14C0238CF0C80316856AA0DB053F4D593033AC ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
21:29:35.0567 0x1630  tssecsrv - ok
21:29:35.0599 0x1630  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
21:29:35.0660 0x1630  TsUsbFlt - ok
21:29:35.0699 0x1630  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
21:29:35.0730 0x1630  TsUsbGD - ok
21:29:35.0785 0x1630  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:29:35.0893 0x1630  tunnel - ok
21:29:35.0918 0x1630  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
21:29:35.0939 0x1630  uagp35 - ok
21:29:35.0982 0x1630  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:29:36.0127 0x1630  udfs - ok
21:29:36.0166 0x1630  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
21:29:36.0228 0x1630  UI0Detect - ok
21:29:36.0278 0x1630  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:29:36.0309 0x1630  uliagpkx - ok
21:29:36.0345 0x1630  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
21:29:36.0399 0x1630  umbus - ok
21:29:36.0415 0x1630  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
21:29:36.0462 0x1630  UmPass - ok
21:29:36.0734 0x1630  [ 2C16648A12999AE69A9EBF41974B0BA2, 06008F61B6EC36CD34CB8C4BA983371DB7A9F4BEE15E5329F5E90FEEE300D258 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
21:29:36.0972 0x1630  UNS - ok
21:29:37.0063 0x1630  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
21:29:37.0213 0x1630  upnphost - ok
21:29:37.0291 0x1630  [ 5C3BE22E485B9BF11FCEFDC676C728D0, F55061066ECF6920D56518A677BB538C18B7F1BB150ED6DB3591408F44E8D53A ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
21:29:37.0363 0x1630  USBAAPL64 - ok
21:29:37.0412 0x1630  [ 19AD7990C0B67E48DAC5B26F99628223, 2225A887A4723D2FF306ED9FF1249DA7177699EBE84A89FF040A35D3DB6382E4 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
21:29:37.0480 0x1630  usbccgp - ok
21:29:37.0511 0x1630  [ AF0892A803FDDA7492F595368E3B68E7, F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
21:29:37.0572 0x1630  usbcir - ok
21:29:37.0593 0x1630  [ C025055FE7B87701EB042095DF1A2D7B, D7B34B6C2C5BD3C8141895AC21BB637EA5E3C4F7A85EEF4C4C36E6BB2045A3D9 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
21:29:37.0639 0x1630  usbehci - ok
21:29:37.0714 0x1630  [ 287C6C9410B111B68B52CA298F7B8C24, 98900C08FE662A00DF8B37837B2BEBF9ACB7989C387AF36B2109B05A4F462D4E ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
21:29:37.0789 0x1630  usbhub - ok
21:29:37.0827 0x1630  [ 9840FC418B4CBD632D3D0A667A725C31, 776D86A032DCA2842EF7AADB35473193CA80547223EFAA7F110F296C377077B0 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
21:29:37.0874 0x1630  usbohci - ok
21:29:37.0905 0x1630  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
21:29:37.0967 0x1630  usbprint - ok
21:29:38.0029 0x1630  [ AAA2513C8AED8B54B189FD0C6B1634C0, 02FEE0B756AA559C29477A19861AC16D5A3152DC3C897C7D466423438B6A5E42 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
21:29:38.0081 0x1630  usbscan - ok
21:29:38.0122 0x1630  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:29:38.0196 0x1630  USBSTOR - ok
21:29:38.0222 0x1630  [ 62069A34518BCF9C1FD9E74B3F6DB7CD, C58E21424718729324B285BEE1C96551540FCC3FD650B2D10895EBA48D981E25 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
21:29:38.0276 0x1630  usbuhci - ok
21:29:38.0335 0x1630  [ 454800C2BC7F3927CE030141EE4F4C50, 10901E62DAA70657C499AD590DECCCA6E46FDDF4A193B2F19279E1B8ED7B1E44 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
21:29:38.0410 0x1630  usbvideo - ok
21:29:38.0446 0x1630  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
21:29:38.0559 0x1630  UxSms - ok
21:29:38.0577 0x1630  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] VaultSvc        C:\Windows\system32\lsass.exe
21:29:38.0608 0x1630  VaultSvc - ok
21:29:38.0658 0x1630  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
21:29:38.0678 0x1630  vdrvroot - ok
21:29:38.0750 0x1630  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
21:29:38.0926 0x1630  vds - ok
21:29:38.0942 0x1630  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
21:29:38.0988 0x1630  vga - ok
21:29:39.0009 0x1630  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
21:29:39.0117 0x1630  VgaSave - ok
21:29:39.0153 0x1630  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
21:29:39.0210 0x1630  vhdmp - ok
21:29:39.0233 0x1630  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
21:29:39.0274 0x1630  viaide - ok
21:29:39.0295 0x1630  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:29:39.0329 0x1630  volmgr - ok
21:29:39.0365 0x1630  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
21:29:39.0435 0x1630  volmgrx - ok
21:29:39.0481 0x1630  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
21:29:39.0538 0x1630  volsnap - ok
21:29:39.0572 0x1630  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
21:29:39.0615 0x1630  vsmraid - ok
21:29:39.0778 0x1630  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
21:29:40.0058 0x1630  VSS - ok
21:29:40.0076 0x1630  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
21:29:40.0138 0x1630  vwifibus - ok
21:29:40.0161 0x1630  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
21:29:40.0229 0x1630  vwififlt - ok
21:29:40.0280 0x1630  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
21:29:40.0428 0x1630  W32Time - ok
21:29:40.0461 0x1630  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
21:29:40.0508 0x1630  WacomPen - ok
21:29:40.0549 0x1630  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
21:29:40.0659 0x1630  WANARP - ok
21:29:40.0659 0x1630  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:29:40.0765 0x1630  Wanarpv6 - ok
21:29:40.0903 0x1630  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
21:29:41.0108 0x1630  wbengine - ok
21:29:41.0139 0x1630  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
21:29:41.0232 0x1630  WbioSrvc - ok
21:29:41.0273 0x1630  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
21:29:41.0371 0x1630  wcncsvc - ok
21:29:41.0386 0x1630  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:29:41.0472 0x1630  WcsPlugInService - ok
21:29:41.0500 0x1630  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
21:29:41.0518 0x1630  Wd - ok
21:29:41.0597 0x1630  [ 441BD2D7B4F98134C3A4F9FA570FD250, FF20815273014C5A27C2B75E2C70FE674809293627056199F502DFDF4CECFCA1 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:29:41.0680 0x1630  Wdf01000 - ok
21:29:41.0722 0x1630  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:29:41.0876 0x1630  WdiServiceHost - ok
21:29:41.0876 0x1630  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
21:29:41.0937 0x1630  WdiSystemHost - ok
21:29:41.0991 0x1630  [ 3DB6D04E1C64272F8B14EB8BC4616280, 9138642B1C19F895D4ECFD930160C80FBF15813CE63BBF4C899842C300FD3026 ] WebClient       C:\Windows\System32\webclnt.dll
21:29:42.0079 0x1630  WebClient - ok
21:29:42.0115 0x1630  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:29:42.0266 0x1630  Wecsvc - ok
21:29:42.0287 0x1630  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
21:29:42.0403 0x1630  wercplsupport - ok
21:29:42.0434 0x1630  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
21:29:42.0543 0x1630  WerSvc - ok
21:29:42.0558 0x1630  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
21:29:42.0662 0x1630  WfpLwf - ok
21:29:42.0721 0x1630  [ B14EF15BD757FA488F9C970EEE9C0D35, F27DF2D47E7076786AE7C396583D7A1C56B93E766711066C900964FC7313E794 ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
21:29:42.0767 0x1630  WimFltr - ok
21:29:42.0783 0x1630  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
21:29:42.0814 0x1630  WIMMount - ok
21:29:42.0845 0x1630  WinDefend - ok
21:29:42.0860 0x1630  WinHttpAutoProxySvc - ok
21:29:42.0933 0x1630  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:29:43.0076 0x1630  Winmgmt - ok
21:29:43.0244 0x1630  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
21:29:43.0544 0x1630  WinRM - ok
21:29:43.0608 0x1630  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
21:29:43.0660 0x1630  WinUsb - ok
21:29:43.0753 0x1630  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
21:29:43.0928 0x1630  Wlansvc - ok
21:29:44.0191 0x1630  [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:29:44.0408 0x1630  wlidsvc - ok
21:29:44.0442 0x1630  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
21:29:44.0488 0x1630  WmiAcpi - ok
21:29:44.0532 0x1630  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:29:44.0615 0x1630  wmiApSrv - ok
21:29:44.0667 0x1630  WMPNetworkSvc - ok
21:29:44.0685 0x1630  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:29:44.0739 0x1630  WPCSvc - ok
21:29:44.0757 0x1630  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:29:44.0840 0x1630  WPDBusEnum - ok
21:29:44.0855 0x1630  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:29:44.0956 0x1630  ws2ifsl - ok
21:29:45.0003 0x1630  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
21:29:45.0077 0x1630  wscsvc - ok
21:29:45.0077 0x1630  WSearch - ok
21:29:45.0308 0x1630  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\Windows\system32\wuaueng.dll
21:29:45.0566 0x1630  wuauserv - ok
21:29:45.0594 0x1630  [ D3381DC54C34D79B22CEE0D65BA91B7C, 70DC4ADCA4C0C28BB133287511E329D1B6B9B97F96CDE5B1D2F1F59FE1A965D9 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
21:29:45.0718 0x1630  WudfPf - ok
21:29:45.0767 0x1630  [ CF8D590BE3373029D57AF80914190682, FB9641777E90A58C063FBE95F081DC6D2F4770827DE19108A9DC3E3D6B17B4BF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
21:29:45.0894 0x1630  WUDFRd - ok
21:29:45.0921 0x1630  [ 7A95C95B6C4CF292D689106BCAE49543, 9029F489E1E817CE12839B8C6656E46190497D445DC3F43C20CF96E5E6BD0691 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
21:29:46.0025 0x1630  wudfsvc - ok
21:29:46.0063 0x1630  [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc         C:\Windows\System32\wwansvc.dll
21:29:46.0163 0x1630  WwanSvc - ok
21:29:46.0267 0x1630  [ DEDA5F37B33FBCDC70CBBF7D02FC50BA, 1FB4737BD3A29FDBF609AE6EC1E488279D9B25F363921C991AF80652F2A7CBB8 ] ZhuDongFangYu   C:\Program Files\360\360 Internet Security\deepscan\QHActiveDefense.exe
21:29:46.0308 0x1630  ZhuDongFangYu - ok
21:29:46.0308 0x1630  ================ Scan global ===============================
21:29:46.0346 0x1630  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
21:29:46.0387 0x1630  [ 0C27239FEA4DB8A2AAC9E502186B7264, 102AA14D7A3CCCE913D9887AF4CCE87EA649A21BEF5196DFFCAD7E8F0B6A7293 ] C:\Windows\system32\winsrv.dll
21:29:46.0441 0x1630  [ 0C27239FEA4DB8A2AAC9E502186B7264, 102AA14D7A3CCCE913D9887AF4CCE87EA649A21BEF5196DFFCAD7E8F0B6A7293 ] C:\Windows\system32\winsrv.dll
21:29:46.0479 0x1630  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
21:29:46.0541 0x1630  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
21:29:46.0580 0x1630  [ Global ] - ok
21:29:46.0580 0x1630  ================ Scan MBR ==================================
21:29:46.0596 0x1630  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
21:29:46.0985 0x1630  \Device\Harddisk0\DR0 - ok
21:29:46.0985 0x1630  ================ Scan VBR ==================================
21:29:46.0990 0x1630  [ 787B7613554488ECF41C8C4FF7EDA76B ] \Device\Harddisk0\DR0\Partition1
21:29:46.0990 0x1630  \Device\Harddisk0\DR0\Partition1 - ok
21:29:47.0029 0x1630  [ 6502CB0174D0271219E2F36D201FAA1C ] \Device\Harddisk0\DR0\Partition2
21:29:47.0060 0x1630  \Device\Harddisk0\DR0\Partition2 - ok
21:29:47.0060 0x1630  ================ Scan generic autorun ======================
21:29:47.0589 0x1630  [ F61770056D5428F92058743CB3D5C611, AA5868633F4F548794F99906D1527CCCD1FC2AF00EE95980E29BFCAB35A7A06F ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
21:29:48.0084 0x1630  RTHDVCPL - ok
21:29:48.0149 0x1630  [ E8AE4ACB2CD8820148E1D9C07E48E652, 90BD819C1BEFDDE862919727296506BC9492169B2BE2A4DDC0A6CD037559DA9E ] C:\Windows\system32\igfxtray.exe
21:29:48.0185 0x1630  IgfxTray - ok
21:29:48.0255 0x1630  [ 07834FE829F58263C68606F885932DE8, 868707C181EFBC21B57D415583158425383F7D8CC9D0EA9EE322EADD293AF69B ] C:\Windows\system32\hkcmd.exe
21:29:48.0298 0x1630  HotKeysCmds - ok
21:29:48.0355 0x1630  [ 3858ECC97EAC5C3EBB7104E3A08E6C2C, CE8A897748DFDBA043D4244B18A6767D9834684ECDE425C0686659293DD59F06 ] C:\Windows\system32\igfxpers.exe
21:29:48.0419 0x1630  Persistence - ok
21:29:48.0496 0x1630  [ 3F1C67C99FF157349E04DCE25E1EDDA7, 3DB2AFDC3695AFE4703CAE7D73AB02790BC11401C2107CEFDBB76ED2B181FD31 ] C:\Program Files\DellTPad\Apoint.exe
21:29:48.0561 0x1630  Apoint - ok
21:29:48.0664 0x1630  [ 445962F0584117EAC182FE6895AACB4D, 0CF43354CEA056E662506992A641A09753E36A5A36FF4D3B1AB4F37397190AC7 ] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
21:29:48.0750 0x1630  AtherosBtStack - detected UnsignedFile.Multi.Generic ( 1 )
21:29:51.0261 0x1630  Detect skipped due to KSN trusted
21:29:51.0261 0x1630  AtherosBtStack - ok
21:29:51.0307 0x1630  [ E716CA5D6992132D28D99970696B8E13, 765994D4DC64A938B2230EA23F232E175DD153E3D1BE31269C61106E2B4CE335 ] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
21:29:51.0359 0x1630  AthBtTray - detected UnsignedFile.Multi.Generic ( 1 )
21:29:53.0846 0x1630  Detect skipped due to KSN trusted
21:29:53.0846 0x1630  AthBtTray - ok
21:29:54.0208 0x1630  [ B86F92571034A5FD4869830AEBBECC14, D136A61F63F785FF655AF7CCCE055ACA8D84FEFCF923A6EE09C9004C833615A8 ] c:\Program Files\Dell\QuickSet\QuickSet.exe
21:29:54.0679 0x1630  QuickSet - detected UnsignedFile.Multi.Generic ( 1 )
21:29:57.0183 0x1630  Detect skipped due to KSN trusted
21:29:57.0183 0x1630  QuickSet - ok
21:29:57.0430 0x1630  [ 1136B11FB4B6A598051BD9648A798F7C, 9019F8479325959F8DC7415E5607AE7B90B6755F435D4E3D0E90D44CD25C2BCD ] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
21:29:57.0587 0x1630  Stage Remote - ok
21:29:57.0774 0x1630  [ 812DD9FBA5EF2136AEF738CAA499D47C, 239BF6A71916512FD3979DB334491C4FF399F5E95BE02F25A1DF81C171D17C42 ] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
21:29:57.0999 0x1630  DellStage - ok
21:29:58.0048 0x1630  [ 551E35BB15CF5BE0392B21361421EDC9, CD3AB4FD0B01474E76D0B5815D77D2A54B98E4F5887865CF8AB3EA8732DC2DCB ] C:\Program Files\360\360 Internet Security\360sdrun.exe
21:29:58.0116 0x1630  360sd - ok
21:29:58.0177 0x1630  [ FF0FAB199882C00D6DC54CA035865C49, BF4D65D96F8DC0057042C2A4B70106D156B0D13C75839935BC9051089363C495 ] C:\Program Files\iTunes\iTunesHelper.exe
21:29:58.0208 0x1630  iTunesHelper - ok
21:29:58.0295 0x1630  [ 2EF0B3C51971F51ED700C01CFBC5B82A, 5EF6CEFA0D7F38EDBE8A3BB518E49B82CDCDD8BC76E6019FD142A28A08D01223 ] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
21:29:58.0375 0x1630  Dell Webcam Central - detected UnsignedFile.Multi.Generic ( 1 )
21:30:00.0852 0x1630  Detect skipped due to KSN trusted
21:30:00.0852 0x1630  Dell Webcam Central - ok
21:30:01.0058 0x1630  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
21:30:01.0218 0x1630  Sidebar - ok
21:30:01.0266 0x1630  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
21:30:01.0334 0x1630  mctadmin - ok
21:30:01.0429 0x1630  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
21:30:01.0573 0x1630  Sidebar - ok
21:30:01.0573 0x1630  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
21:30:01.0641 0x1630  mctadmin - ok
21:30:01.0801 0x1630  [ 5F51CC2A6061597BB53A408E98CE2318, 48D4BDAFC289E640779A78AF8E5DB686D712A5CB23492713A2A5B29A762123B5 ] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_188_Plugin.exe
21:30:01.0879 0x1630  FlashPlayerUpdate - ok
21:30:01.0879 0x1630  Waiting for KSN requests completion. In queue: 9
21:30:02.0890 0x1630  Waiting for KSN requests completion. In queue: 9
21:30:03.0903 0x1630  Waiting for KSN requests completion. In queue: 9
21:30:04.0936 0x1630  AV detected via SS2: 360 Internet Security, C:\Program Files\360\360 Internet Security\WscControl.exe ( 4.9.0.4900 ), 0x51010 ( enabled : outofdate )
21:30:05.0121 0x1630  Win FW state via NFP2: enabled
21:30:09.0816 0x1630  ============================================================
21:30:09.0816 0x1630  Scan finished
21:30:09.0816 0x1630  ============================================================
21:30:09.0836 0x0d34  Detected object count: 0
21:30:09.0836 0x0d34  Actual detected object count: 0
21:30:31.0012 0x151c  Deinitialize success

schrauber · 28.06.2015, 12:23

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

renet · 28.06.2015, 18:30

Bei der Installation von ComboFix gab es eine Fehlermeldung:

Der Scan lief trotzdem ohne Probleme durch:

Code:

ATTFilter

ComboFix 15-06-27.01 - Sophie 28.06.2015  14:05:07.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3990.2401 [GMT 2:00]
ausgeführt von:: c:\users\Sophie\Desktop\ComboFix.exe
AV: 360 Internet Security *Disabled/Outdated* {2B66EE1E-E5C8-C2F7-648F-4E55AC68D37D}
SP: 360 Internet Security *Disabled/Outdated* {90070FFA-C3F2-CD79-5E3F-7527D7EF99C0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\360Rec
c:\360rec\20141107\185556F.vir
c:\360rec\20141209\132D7AE.vir
c:\360rec\20150127\202B112.vir
c:\360rec\20150616\192D174.vir
c:\programdata\PCDr\6584\AddOnDownloaded\909c2f24-5974-42a7-a041-bbc7c1411046.dll
c:\users\Sophie\AppData\Roaming\loadtbs
c:\users\Sophie\AppData\Roaming\loadtbs\config.txt
c:\users\Sophie\AppData\Roaming\loadtbs\domHash.txt
c:\users\Sophie\AppData\Roaming\loadtbs\evHash.txt
c:\users\Sophie\AppData\Roaming\loadtbs\keyHash.txt
c:\users\Sophie\AppData\Roaming\loadtbs\uninstall.exe
c:\users\Sophie\AppData\Roaming\loadtbs\updateHash.txt
c:\users\Sophie\AppData\Roaming\loadtbs\ytdl.exe
c:\users\Sophie\ChromeSetup.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\wpcap.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-05-28 bis 2015-06-28  ))))))))))))))))))))))))))))))
.
.
2015-06-28 12:20 . 2015-06-28 12:20	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-06-18 20:47 . 2015-06-18 20:47	--------	d-----w-	c:\programdata\Malwarebytes
2015-06-18 20:45 . 2015-06-27 19:23	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-06-18 20:45 . 2015-06-27 17:50	136408	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-06-18 20:42 . 2015-06-27 17:49	107736	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-06-17 21:38 . 2015-06-17 21:41	--------	d-----w-	C:\FRST
2015-06-17 19:18 . 2015-06-17 19:18	--------	d-sh--w-	c:\users\Sophie\AppData\Local\EmieUserList
2015-06-17 19:18 . 2015-06-17 19:18	--------	d-sh--w-	c:\users\Sophie\AppData\Local\EmieSiteList
2015-06-17 19:18 . 2015-06-17 19:18	--------	d-sh--w-	c:\users\Sophie\AppData\Local\EmieBrowserModeList
2015-06-17 18:59 . 2015-06-17 18:59	--------	d-----w-	C:\found.000
2015-06-16 17:28 . 2015-06-19 04:16	--------	d--h--w-	c:\programdata\{D612DEA7-41A3-483A-9F90-A49A62502B1B}
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-06-10 09:44 . 2012-04-29 04:05	778416	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-06-10 09:44 . 2012-04-29 04:05	142512	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-05-18 09:28 . 2015-05-18 09:28	940032	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2015-05-18 09:28 . 2015-05-18 09:28	194048	----a-w-	c:\windows\SysWow64\elshyph.dll
2015-05-18 09:27 . 2015-05-18 09:27	71680	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2015-05-18 09:27 . 2015-05-18 09:27	645120	----a-w-	c:\windows\SysWow64\jsIntl.dll
2015-05-18 09:27 . 2015-05-18 09:27	62464	----a-w-	c:\windows\SysWow64\tdc.ocx
2015-05-18 09:27 . 2015-05-18 09:27	60416	----a-w-	c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2015-05-18 09:27 . 2015-05-18 09:27	341504	----a-w-	c:\windows\SysWow64\html.iec
2015-05-18 09:27 . 2015-05-18 09:27	235008	----a-w-	c:\windows\system32\elshyph.dll
2015-05-18 09:27 . 2015-05-18 09:27	2052608	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2015-05-18 09:27 . 2015-05-18 09:27	1882112	----a-w-	c:\windows\SysWow64\wininet.dll
2015-05-18 09:27 . 2015-05-18 09:27	182272	----a-w-	c:\windows\SysWow64\msls31.dll
2015-05-18 09:27 . 2015-05-18 09:27	942592	----a-w-	c:\windows\system32\jsIntl.dll
2015-05-18 09:27 . 2015-05-18 09:27	90112	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2015-05-18 09:27 . 2015-05-18 09:27	86016	----a-w-	c:\windows\SysWow64\iesysprep.dll
2015-05-18 09:27 . 2015-05-18 09:27	86016	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2015-05-18 09:27 . 2015-05-18 09:27	814080	----a-w-	c:\windows\system32\jscript9diag.dll
2015-05-18 09:27 . 2015-05-18 09:27	81408	----a-w-	c:\windows\system32\icardie.dll
2015-05-18 09:27 . 2015-05-18 09:27	800768	----a-w-	c:\windows\system32\ieapfltr.dll
2015-05-18 09:27 . 2015-05-18 09:27	77824	----a-w-	c:\windows\system32\JavaScriptCollectionAgent.dll
2015-05-18 09:27 . 2015-05-18 09:27	77312	----a-w-	c:\windows\system32\tdc.ocx
2015-05-18 09:27 . 2015-05-18 09:27	74240	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2015-05-18 09:27 . 2015-05-18 09:27	64000	----a-w-	c:\windows\SysWow64\MshtmlDac.dll
2015-05-18 09:27 . 2015-05-18 09:27	633856	----a-w-	c:\windows\system32\ieui.dll
2015-05-18 09:27 . 2015-05-18 09:27	62464	----a-w-	c:\windows\SysWow64\iesetup.dll
2015-05-18 09:27 . 2015-05-18 09:27	620032	----a-w-	c:\windows\SysWow64\jscript9diag.dll
2015-05-18 09:27 . 2015-05-18 09:27	616104	----a-w-	c:\windows\system32\ieapfltr.dat
2015-05-18 09:27 . 2015-05-18 09:27	6025728	----a-w-	c:\windows\system32\jscript9.dll
2015-05-18 09:27 . 2015-05-18 09:27	54784	----a-w-	c:\windows\system32\jsproxy.dll
2015-05-18 09:27 . 2015-05-18 09:27	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2015-05-18 09:27 . 2015-05-18 09:27	504320	----a-w-	c:\windows\SysWow64\vbscript.dll
2015-05-18 09:27 . 2015-05-18 09:27	490496	----a-w-	c:\windows\system32\dxtmsft.dll
2015-05-18 09:27 . 2015-05-18 09:27	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2015-05-18 09:27 . 2015-05-18 09:27	48640	----a-w-	c:\windows\system32\mshtmler.dll
2015-05-18 09:27 . 2015-05-18 09:27	47616	----a-w-	c:\windows\SysWow64\ieetwproxystub.dll
2015-05-18 09:27 . 2015-05-18 09:27	4305920	----a-w-	c:\windows\SysWow64\jscript9.dll
2015-05-18 09:27 . 2015-05-18 09:27	417792	----a-w-	c:\windows\system32\html.iec
2015-05-18 09:27 . 2015-05-18 09:27	36352	----a-w-	c:\windows\SysWow64\imgutil.dll
2015-05-18 09:27 . 2015-05-18 09:27	316928	----a-w-	c:\windows\system32\dxtrans.dll
2015-05-18 09:27 . 2015-05-18 09:27	2885120	----a-w-	c:\windows\system32\iertutil.dll
2015-05-18 09:27 . 2015-05-18 09:27	2724864	----a-w-	c:\windows\SysWow64\mshtml.tlb
2015-05-18 09:27 . 2015-05-18 09:27	247808	----a-w-	c:\windows\system32\msls31.dll
2015-05-18 09:27 . 2015-05-18 09:27	24576	----a-w-	c:\windows\SysWow64\licmgr10.dll
2015-05-18 09:27 . 2015-05-18 09:27	2352128	----a-w-	c:\windows\system32\wininet.dll
2015-05-18 09:27 . 2015-05-18 09:27	199680	----a-w-	c:\windows\system32\msrating.dll
2015-05-18 09:27 . 2015-05-18 09:27	1547264	----a-w-	c:\windows\system32\urlmon.dll
2015-05-18 09:27 . 2015-05-18 09:27	151552	----a-w-	c:\windows\SysWow64\iexpress.exe
2015-05-18 09:27 . 2015-05-18 09:27	14401536	----a-w-	c:\windows\system32\ieframe.dll
2015-05-18 09:27 . 2015-05-18 09:27	139264	----a-w-	c:\windows\SysWow64\wextract.exe
2015-05-18 09:27 . 2015-05-18 09:27	13312	----a-w-	c:\windows\SysWow64\mshta.exe
2015-05-18 09:27 . 2015-05-18 09:27	13312	----a-w-	c:\windows\system32\msfeedssync.exe
2015-05-18 09:27 . 2015-05-18 09:27	131072	----a-w-	c:\windows\system32\IEAdvpack.dll
2015-05-18 09:27 . 2015-05-18 09:27	115712	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2015-05-18 09:27 . 2015-05-18 09:27	1155072	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2015-05-18 09:27 . 2015-05-18 09:27	111616	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2015-05-18 09:27 . 2015-05-18 09:27	105984	----a-w-	c:\windows\system32\iesysprep.dll
2015-05-18 09:27 . 2015-05-18 09:27	92160	----a-w-	c:\windows\system32\mshtmled.dll
2015-05-18 09:27 . 2015-05-18 09:27	88064	----a-w-	c:\windows\system32\MshtmlDac.dll
2015-05-18 09:27 . 2015-05-18 09:27	816640	----a-w-	c:\windows\system32\jscript.dll
2015-05-18 09:27 . 2015-05-18 09:27	801280	----a-w-	c:\windows\system32\msfeeds.dll
2015-05-18 09:27 . 2015-05-18 09:27	720384	----a-w-	c:\windows\system32\ie4uinit.exe
2015-05-18 09:27 . 2015-05-18 09:27	66560	----a-w-	c:\windows\system32\iesetup.dll
2015-05-18 09:27 . 2015-05-18 09:27	62464	----a-w-	c:\windows\system32\pngfilt.dll
2015-05-18 09:27 . 2015-05-18 09:27	584192	----a-w-	c:\windows\system32\vbscript.dll
2015-05-18 09:27 . 2015-05-18 09:27	48640	----a-w-	c:\windows\system32\ieetwproxystub.dll
2015-05-18 09:27 . 2015-05-18 09:27	48128	----a-w-	c:\windows\system32\imgutil.dll
2015-05-18 09:27 . 2015-05-18 09:27	4096	----a-w-	c:\windows\system32\ieetwcollectorres.dll
2015-05-18 09:27 . 2015-05-18 09:27	389840	----a-w-	c:\windows\system32\iedkcs32.dll
2015-05-18 09:27 . 2015-05-18 09:27	34304	----a-w-	c:\windows\system32\iernonce.dll
2015-05-18 09:27 . 2015-05-18 09:27	30208	----a-w-	c:\windows\system32\licmgr10.dll
2015-05-18 09:27 . 2015-05-18 09:27	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2015-05-18 09:27 . 2015-05-18 09:27	24971776	----a-w-	c:\windows\system32\mshtml.dll
2015-05-18 09:27 . 2015-05-18 09:27	243200	----a-w-	c:\windows\system32\webcheck.dll
2015-05-18 09:27 . 2015-05-18 09:27	235520	----a-w-	c:\windows\system32\url.dll
2015-05-18 09:27 . 2015-05-18 09:27	2125824	----a-w-	c:\windows\system32\inetcpl.cpl
2015-05-18 09:27 . 2015-05-18 09:27	167424	----a-w-	c:\windows\system32\iexpress.exe
2015-05-18 09:27 . 2015-05-18 09:27	147968	----a-w-	c:\windows\system32\occache.dll
2015-05-18 09:27 . 2015-05-18 09:27	144384	----a-w-	c:\windows\system32\ieUnatt.exe
2015-05-18 09:27 . 2015-05-18 09:27	143872	----a-w-	c:\windows\system32\wextract.exe
2015-05-18 09:27 . 2015-05-18 09:27	13824	----a-w-	c:\windows\system32\mshta.exe
2015-05-18 09:27 . 2015-05-18 09:27	1359360	----a-w-	c:\windows\system32\mshtmlmedia.dll
2015-05-18 09:27 . 2015-05-18 09:27	135680	----a-w-	c:\windows\system32\iepeers.dll
2015-05-18 09:27 . 2015-05-18 09:27	114688	----a-w-	c:\windows\system32\ieetwcollector.exe
2015-05-18 09:27 . 2015-05-18 09:27	101376	----a-w-	c:\windows\system32\inseng.dll
2015-05-18 09:25 . 2015-05-18 09:25	878080	----a-w-	c:\windows\system32\advapi32.dll
2015-05-18 09:25 . 2015-05-18 09:25	859648	----a-w-	c:\windows\system32\tdh.dll
2015-05-18 09:25 . 2015-05-18 09:25	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2015-05-18 09:25 . 2015-05-18 09:25	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
2015-05-18 09:25 . 2015-05-18 09:25	640512	----a-w-	c:\windows\SysWow64\advapi32.dll
2015-05-18 09:25 . 2015-05-18 09:25	619520	----a-w-	c:\windows\SysWow64\tdh.dll
2015-05-18 09:25 . 2015-05-18 09:25	6144	---ha-w-	c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2015-05-18 09:25 . 2015-05-18 09:25	6144	---ha-w-	c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-18 09:25 . 2015-05-18 09:25	5549504	----a-w-	c:\windows\system32\ntoskrnl.exe
2015-05-18 09:25 . 2015-05-18 09:25	5120	---ha-w-	c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2015-05-18 09:25 . 2015-05-18 09:25	5120	---ha-w-	c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-18 09:25 . 2015-05-18 09:25	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2015-05-18 09:25 . 2015-05-18 09:25	4608	---ha-w-	c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-18 09:25 . 2015-05-18 09:25	4608	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-18 09:25 . 2015-05-18 09:25	4608	---ha-w-	c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-10-11 18:14	220632	----a-w-	c:\users\Sophie\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-10-11 18:14	220632	----a-w-	c:\users\Sophie\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-10-11 18:14	220632	----a-w-	c:\users\Sophie\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-01-20 60712]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2012-03-26 449168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
R4 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x]
R4 MotoConnect Service;MotoConnect Service;c:\program files (x86)\Motorola\MotoConnectService\MotoConnectService.exe;c:\program files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [x]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
R4 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R4 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 360AntiHacker;360Safe Anti Hacker Service;c:\windows\system32\Drivers\360AntiHacker64.sys;c:\windows\SYSNATIVE\Drivers\360AntiHacker64.sys [x]
S1 360Box64;360Box mini-filter driver;c:\windows\system32\DRIVERS\360Box64.sys;c:\windows\SYSNATIVE\DRIVERS\360Box64.sys [x]
S1 360Camera;360Safe Camera Filter Service;c:\windows\system32\Drivers\360Camera64.sys;c:\windows\SYSNATIVE\Drivers\360Camera64.sys [x]
S1 360fsflt;360FsFlt mini-filter driver;c:\windows\system32\DRIVERS\360FsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\360FsFlt.sys [x]
S1 BAPIDRV;BAPIDRV;c:\windows\system32\DRIVERS\BAPIDRV64.sys;c:\windows\SYSNATIVE\DRIVERS\BAPIDRV64.sys [x]
S2 360rp;360 Internet Security Real-time Protection Loading Service;c:\program files\360\360 Internet Security\360rps.exe;c:\program files\360\360 Internet Security\360rps.exe [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 ZhuDongFangYu;Proactive Defence;c:\program files\360\360 Internet Security\deepscan\QHActiveDefense.exe;c:\program files\360\360 Internet Security\deepscan\QHActiveDefense.exe [x]
S3 360AvFlt;360AvFlt mini-filter driver;c:\windows\system32\DRIVERS\360AvFlt.sys;c:\windows\SYSNATIVE\DRIVERS\360AvFlt.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - PCDSRVC{3B54B31B-D06B6431-06020200}_0
*Deregistered* - PCDSRVC{3B54B31B-D06B6431-06020200}_0
.
Inhalt des "geplante Tasks" Ordners
.
2015-06-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-29 09:44]
.
2015-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-30 02:04]
.
2015-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-30 02:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-10-11 18:14	244696	----a-w-	c:\users\Sophie\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-10-11 18:14	244696	----a-w-	c:\users\Sophie\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-10-11 18:14	244696	----a-w-	c:\users\Sophie\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-05-19 13:22	774984	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-05-19 13:22	774984	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-05-19 13:22	774984	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2015-05-19 13:22	774984	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-05-19 13:22	774984	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-05-19 13:22	774984	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-04-14 6629480]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-05 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-05 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-05 416024]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-12 609144]
"AtherosBtStack"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [2011-05-20 627360]
"AthBtTray"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe" [2011-05-20 379552]
"Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-28 2022976]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824]
"360sd"="c:\program files\360\360 Internet Security\360sdrun.exe" [2014-04-16 287560]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-01-27 169768]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{40c3cc16-7269-4b32-9531-17f2950fb06f} - (no file)
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
WebBrowser-{40C3CC16-7269-4B32-9531-17F2950FB06F} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3075084587-570557683-2351437684-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3075084587-570557683-2351437684-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_188_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_188_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_188_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_188_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-06-28  14:32:41
ComboFix-quarantined-files.txt  2015-06-28 12:32
.
Vor Suchlauf: 17 Verzeichnis(se), 382.745.067.520 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 390.469.275.648 Bytes frei
.
- - End Of File - - 2B7598CB99861A40A64546748424727B

schrauber · 29.06.2015, 12:02

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

renet · 30.06.2015, 15:55

Here we go. (MBAM siehe Anhang, weil zu lang.)

AdwCleaner:

Code:

ATTFilter

# AdwCleaner v4.207 - Bericht erstellt 29/06/2015 um 22:56:35
# Aktualisiert 21/06/2015 von Xplode
# Datenbank : 2015-06-23.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Sophie - SOPHIE-PC
# Gestarted von : C:\Users\Sophie\Desktop\AdwCleaner_4.207.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Browser Manager
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Users\Sophie\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Sophie\AppData\Local\pokki
Ordner Gelöscht : C:\Users\Sophie\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Sophie\Documents\Updater
[!] Ordner Gelöscht : C:\Users\Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\232biimb.default\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
Ordner Gelöscht : C:\Users\Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\232biimb.default\Extensions\yasearch@yandex.ru
Ordner Gelöscht : C:\Users\Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\232biimb.default\Extensions\vb@yandex.ru
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Search_Results.xml
Datei Gelöscht : C:\Users\Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\232biimb.default\searchplugins\yqs-barff-yandex.xml

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Classes\pokki
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FE6EED70-6491-4692-B0FE-F1E818AB580C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKCU\Software\ilivid
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\iLividSRTB
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\movshare.net
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17801


-\\ Mozilla Firefox v

[232biimb.default\prefs.js] - Zeile Gelöscht : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=394&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=6508781412674028&o=APN10645&q=");

-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [3628 Bytes] - [29/06/2015 20:11:44]
AdwCleaner[S0].txt - [3022 Bytes] - [29/06/2015 22:56:35]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3081  Bytes] ##########

JRT:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.2.3 (06.30.2015:1)
OS: Windows 7 Home Premium x64
Ran by Sophie on 30.06.2015 at 16:29:48,59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Successfully deleted: [Task] C:\Windows\system32\tasks\PCDEventLauncherTask
Successfully deleted: [Task] C:\Windows\system32\tasks\PCDoctorBackgroundMonitorTask



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Sophie\appdata\local\{07520515-0e79-69ef-f5fa-e9a7dd55b95b}
Successfully deleted: [Folder] C:\ProgramData\pcdr
Successfully deleted: [Folder] C:\Users\Sophie\AppData\Roaming\pcdr



~~~ FireFox




~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh

[C:\Users\Sophie\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Sophie\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Sophie\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Sophie\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30.06.2015 at 16:39:42,94
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01
Ran by Sophie (administrator) on SOPHIE-PC on 30-06-2015 16:44:23
Running from C:\Users\Sophie\Desktop
Loaded Profiles: Sophie (Available Profiles: Sophie)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Qihu 360 Software Co., Ltd.) C:\Program Files\360\360 Internet Security\360rps.exe
(Qihu 360 Software Co., Ltd.) C:\Program Files\360\360 Internet Security\deepscan\QHActiveDefense.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Opera Software) C:\Program Files (x86)\Opera\opera.exe
(Qihu 360 Software Co., Ltd.) C:\Program Files\360\360 Internet Security\360sd.exe
(Qihu 360 Software Co., Ltd.) C:\Program Files\360\360 Internet Security\360rp.exe
(Qihu 360 Software Co., Ltd.) C:\Program Files\360\360 Internet Security\safemon\360Tray.exe
(Qihu 360 Software Co., Ltd.) C:\Program Files\360\360 Internet Security\360sdupd.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6629480 2011-04-15] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-13] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [627360 2011-05-20] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe [379552 2011-05-20] (Atheros Commnucations)
HKLM\...\Run: [Stage Remote] => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe [2022976 2011-06-28] ()
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()
HKLM\...\Run: [360sd] => C:\Program Files\360\360 Internet Security\360sdrun.exe [287560 2014-04-16] (Qihu 360 Software Co., Ltd.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-01-20] (Apple Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3075084587-570557683-2351437684-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3075084587-570557683-2351437684-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3075084587-570557683-2351437684-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3075084587-570557683-2351437684-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
SearchScopes: HKLM -> {91DF08E6-BA8D-4989-926E-191C59F06182} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {91DF08E6-BA8D-4989-926E-191C59F06182} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3075084587-570557683-2351437684-1000 -> {4108A944-B095-421A-ADBE-CBD71A773B08} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files\360\360 Internet Security\safemon\safemon64.dll [2014-04-23] (Qihu 360 Software Co., Ltd.)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2011-05-20] (Atheros Commnucations)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424 2015-05-18] (Microsoft Corporation) ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 C:\Windows\System32\mswsock.dll [327168 2015-05-18] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{1F07790A-810A-48E6-92E7-9CB96E372E6D}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{8357BF13-81FF-4290-B65D-70A90D22E771}: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\232biimb.default
FF NewTab: yafd:tabs
FF Homepage: hxxp://www.yandex.ru/?clid=1923017
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-10] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-10] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll [2012-03-29] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\232biimb.default\extensions\vb@yandex.ru [not found]
FF Extension: No Name - C:\Users\Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\232biimb.default\extensions\yasearch@yandex.ru [not found]
FF Extension: No Name - C:\Program Files (x86)\Search Results Toolbar\Datamngr\FirefoxExtension [not found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]

Chrome: 
=======
CHR Profile: C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-22]
CHR Extension: (Google Drive) - C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-22]
CHR Extension: (YouTube) - C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-22]
CHR Extension: (Google Search) - C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-22]
CHR Extension: (Google Drive Client Native Proxy) - C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nknebiagdodnminbdpflhpkgfpeijdbf [2014-08-09]
CHR Extension: (Google Wallet) - C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-22]
CHR Extension: (Gmail) - C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-22]
CHR HKU\S-1-5-21-3075084587-570557683-2351437684-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Sophie\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-12-24]
CHR HKU\S-1-5-21-3075084587-570557683-2351437684-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nknebiagdodnminbdpflhpkgfpeijdbf] - C:\Users\Sophie\AppData\Local\Google\Drive\nknebiagdodnminbdpflhpkgfpeijdbf_live.crx [2014-08-07]
CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - No Path Or update_url value

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 360rp; C:\Program Files\360\360 Internet Security\360rps.exe [310352 2014-04-16] (Qihu 360 Software Co., Ltd.)
S4 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S4 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-03-05] (Adobe Systems) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-05-20] (Atheros) [File not signed]
S2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [80032 2011-05-20] (Atheros Commnucations) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S4 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE [102400 2006-04-18] (SEIKO EPSON CORPORATION)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S4 MotoConnect Service; C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [91392 2010-01-27] ()
S3 scan; C:\Program Files\360\360 Internet Security\scan.dll [423144 2013-02-20] (S.C. BitDefender S.R.L)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 ZhuDongFangYu; C:\Program Files\360\360 Internet Security\deepscan\QHActiveDefense.exe [236360 2014-04-23] (Qihu 360 Software Co., Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [97872 2014-04-21] (Qihu 360 Software Co., Ltd.)
R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [67664 2014-04-23] (Qihu 360 Software Co., Ltd.)
R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [305744 2014-04-29] (Qihu 360 Software Co., Ltd.)
R1 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [41552 2014-04-29] (Qihu 360 Software Co., Ltd.)
R1 360fsflt; C:\Windows\System32\DRIVERS\360FsFlt.sys [304208 2014-05-07] (Qihu 360 Software Co., Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [180816 2014-04-18] (Qihu 360 Software Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-30] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2012-07-22] (Duplex Secure Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-30 16:44 - 2015-06-30 16:44 - 00016284 _____ C:\Users\Sophie\Desktop\FRST.txt
2015-06-30 16:44 - 2015-06-30 16:44 - 00000000 ____D C:\Users\Sophie\Desktop\FRST-OlderVersion
2015-06-30 16:39 - 2015-06-30 16:39 - 00001604 _____ C:\Users\Sophie\Desktop\JRT.txt
2015-06-30 16:29 - 2015-06-30 16:29 - 00000207 _____ C:\Windows\tweaking.com-regbackup-SOPHIE-PC-Windows-7-Home-Premium-(64-bit).dat
2015-06-30 16:29 - 2015-06-30 16:29 - 00000000 ____D C:\RegBackup
2015-06-30 16:28 - 2015-06-30 16:28 - 02951929 _____ (Malwarebytes Corporation) C:\Users\Sophie\Desktop\JRT.exe
2015-06-29 20:11 - 2015-06-29 22:56 - 00000000 ____D C:\AdwCleaner
2015-06-29 20:10 - 2015-06-29 20:10 - 02244096 _____ C:\Users\Sophie\Desktop\AdwCleaner_4.207.exe
2015-06-29 20:09 - 2015-06-29 20:09 - 00127321 _____ C:\Users\Sophie\Desktop\mbam.txt
2015-06-29 17:26 - 2015-06-29 17:26 - 00001104 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-29 17:26 - 2015-06-29 17:26 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-06-29 17:26 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-29 17:26 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-29 17:25 - 2015-06-29 17:25 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Sophie\Desktop\mbam-setup-2.1.6.1022.exe
2015-06-28 14:32 - 2015-06-28 14:32 - 00032402 _____ C:\ComboFix.txt
2015-06-28 14:01 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-06-28 14:01 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-06-28 14:01 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-06-28 14:01 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-06-28 14:01 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-06-28 14:01 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-06-28 14:01 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-06-28 14:01 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-06-28 13:59 - 2015-06-28 14:32 - 00000000 ____D C:\Qoobox
2015-06-28 13:57 - 2015-06-28 14:29 - 00000000 ____D C:\Windows\erdnt
2015-06-28 13:55 - 2015-06-28 13:55 - 05630589 ____R (Swearware) C:\Users\Sophie\Desktop\ComboFix.exe
2015-06-27 21:25 - 2015-06-27 21:25 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Sophie\Desktop\tdsskiller.exe
2015-06-18 22:47 - 2015-06-29 17:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-18 22:45 - 2015-06-30 16:24 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-18 22:45 - 2015-06-27 21:23 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-06-18 22:42 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-18 22:41 - 2015-06-27 21:23 - 00000000 ____D C:\Users\Sophie\Desktop\mbar
2015-06-18 22:40 - 2015-06-18 22:40 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Sophie\Desktop\mbar-1.09.1.1004.exe
2015-06-18 20:34 - 2015-06-18 20:34 - 00118788 _____ C:\Users\Sophie\Desktop\beitragkomplett.txt
2015-06-18 00:19 - 2015-06-18 09:15 - 00010970 _____ C:\Users\Sophie\Desktop\GMER.log
2015-06-18 00:00 - 2015-06-18 00:00 - 00266288 _____ C:\Windows\Minidump\061815-17113-01.dmp
2015-06-17 23:40 - 2015-06-17 23:41 - 00031208 _____ C:\Users\Sophie\Desktop\Addition.txt
2015-06-17 23:38 - 2015-06-30 16:44 - 00000000 ____D C:\FRST
2015-06-17 23:30 - 2015-06-17 23:30 - 00000584 _____ C:\Users\Sophie\Desktop\defogger_disable.log
2015-06-17 23:30 - 2015-06-17 23:30 - 00000020 _____ C:\Users\Sophie\defogger_reenable
2015-06-17 23:28 - 2015-06-17 23:28 - 00380416 _____ C:\Users\Sophie\Desktop\pybic4e9.exe
2015-06-17 23:27 - 2015-06-30 16:44 - 02112512 _____ (Farbar) C:\Users\Sophie\Desktop\FRST64.exe
2015-06-17 23:26 - 2015-06-17 23:26 - 00050477 _____ C:\Users\Sophie\Desktop\Defogger.exe
2015-06-17 23:20 - 2015-06-17 23:20 - 00001519 _____ C:\Users\Sophie\Desktop\forum_beitrag.txt
2015-06-17 23:16 - 2015-06-17 23:16 - 00010333 _____ C:\Users\Sophie\Desktop\hijackthis_abgesichert.log
2015-06-17 21:29 - 2015-06-17 21:29 - 09723600 _____ (Microsoft Corporation) C:\Users\Sophie\Desktop\WindowsUpdateAgent-7.6-x86.exe
2015-06-17 21:18 - 2015-06-17 21:18 - 00000000 __SHD C:\Users\Sophie\AppData\Local\EmieUserList
2015-06-17 21:18 - 2015-06-17 21:18 - 00000000 __SHD C:\Users\Sophie\AppData\Local\EmieSiteList
2015-06-17 21:18 - 2015-06-17 21:18 - 00000000 __SHD C:\Users\Sophie\AppData\Local\EmieBrowserModeList
2015-06-17 20:59 - 2015-06-17 20:59 - 00000000 ____D C:\found.000
2015-06-17 20:41 - 2015-06-17 20:41 - 00000000 ____D C:\Windows\pss
2015-06-17 19:57 - 2015-06-17 20:12 - 00015153 _____ C:\Users\Sophie\Desktop\hijackthis_normal.log
2015-06-17 19:54 - 2015-06-17 19:54 - 00388608 _____ (Trend Micro Inc.) C:\Users\Sophie\Desktop\HijackThis.exe
2015-06-16 19:28 - 2015-06-19 06:16 - 00000000 ___HD C:\ProgramData\{D612DEA7-41A3-483A-9F90-A49A62502B1B}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-30 16:44 - 2012-04-29 06:05 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-30 16:31 - 2009-07-14 06:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-30 16:31 - 2009-07-14 06:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-30 16:29 - 2012-05-04 19:50 - 00000000 ____D C:\Users\Sophie\Documents\Bluetooth Folder
2015-06-30 16:29 - 2010-11-21 08:50 - 22276266 _____ C:\Windows\system32\perfh007.dat
2015-06-30 16:29 - 2010-11-21 08:50 - 07176498 _____ C:\Windows\system32\perfc007.dat
2015-06-30 16:29 - 2009-07-14 07:13 - 00006078 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-30 16:24 - 2012-04-29 07:01 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2015-06-30 16:24 - 2012-04-29 07:01 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2015-06-30 16:24 - 2012-04-29 06:55 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2015-06-30 16:24 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-30 16:24 - 2009-07-14 06:51 - 00092803 _____ C:\Windows\setupact.log
2015-06-30 16:23 - 2010-11-21 05:47 - 00814982 _____ C:\Windows\PFRO.log
2015-06-30 16:22 - 2012-04-28 22:53 - 01452079 _____ C:\Windows\WindowsUpdate.log
2015-06-28 14:32 - 2009-07-14 05:20 - 00000000 ____D C:\Users\Default
2015-06-28 14:28 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-06-28 14:19 - 2012-05-04 19:41 - 00000000 ____D C:\Users\Sophie
2015-06-28 13:55 - 2014-08-09 17:55 - 00000000 ____D C:\Users\Sophie\AppData\Roaming\360safe
2015-06-27 19:47 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-18 08:54 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-06-18 08:13 - 2012-05-05 16:10 - 00000000 ____D C:\Users\Sophie\AppData\Local\CrashDumps
2015-06-18 00:00 - 2013-09-15 11:29 - 533258127 _____ C:\Windows\MEMORY.DMP
2015-06-18 00:00 - 2013-09-15 11:29 - 00000000 ____D C:\Windows\Minidump
2015-06-17 21:23 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2015-06-17 20:10 - 2012-05-07 18:08 - 00000000 ____D C:\Users\Sophie\AppData\Local\Nero
2015-06-17 19:52 - 2015-05-06 21:41 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-17 19:50 - 2013-04-30 04:07 - 00000000 ___RD C:\Users\Sophie\Google Drive
2015-06-17 19:50 - 2012-05-23 17:17 - 00000000 ____D C:\Users\Sophie\AppData\Roaming\Skype
2015-06-17 11:56 - 2012-05-04 19:49 - 00001371 _____ C:\Users\Sophie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-17 11:17 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-17 11:16 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2015-06-17 11:16 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2015-06-17 11:16 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\zh-HK
2015-06-17 11:16 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\tr-TR
2015-06-17 10:42 - 2014-04-28 19:49 - 00000000 ____D C:\Users\Sophie\AppData\Roaming\Spotify
2015-06-17 09:45 - 2014-04-28 19:51 - 00000000 ____D C:\Users\Sophie\AppData\Local\Spotify
2015-06-15 12:50 - 2014-09-20 15:23 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-06-14 11:44 - 2013-04-30 04:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-06-12 11:08 - 2012-07-29 13:30 - 00012702 _____ C:\Users\Sophie\Documents\NewDatabase_Keypass.kdbx
2015-06-10 11:44 - 2012-04-29 06:05 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-10 11:44 - 2012-04-29 06:05 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-10 11:44 - 2012-04-29 06:05 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

==================== Files in the root of some directories =======

2012-08-20 15:06 - 2012-08-21 18:22 - 0000000 ____H () C:\Users\Sophie\AppData\Roaming\windrvconfig.txt
2013-05-13 22:49 - 2013-05-13 22:49 - 0000084 _____ () C:\Users\Sophie\AppData\Local\DVDPATH.TXT
2012-05-13 07:53 - 2012-05-13 07:53 - 0000000 _____ () C:\Users\Sophie\AppData\Local\rx_image32.Cache

ZeroAccess:
C:\Windows\Installer\{07520515-0e79-69ef-f5fa-e9a7dd55b95b}

ZeroAccess:
C:\Users\Sophie\AppData\Local\{07520515-0e79-69ef-f5fa-e9a7dd55b95b}

Files to move or delete:
====================
C:\Users\Sophie\FirefoxSetup.exe
C:\Users\Sophie\Opera_1202_int_Setup.exe
C:\Users\Sophie\SkypeSetup.exe


Some files in TEMP:
====================
C:\Users\Sophie\AppData\Local\Temp\Quarantine.exe
C:\Users\Sophie\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-28 14:50

==================== End of log ============================

schrauber · 01.07.2015, 05:52

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

renet · 01.07.2015, 11:13

Die verdächtigen Prozesse sind nicht mehr vorhanden im Task Manager.

Das war aber glaube ich schon so, nachdem MBAR den Rechner neu gestartet hatte.

Leider funktioniert das Windows Update weiterhin nicht. Es wurde vermutlich von einer der Viren deinstalliert? Kannst du mir dabei helfen, es wieder zu installieren?

Anbei die Log-Dateien. Eine Frage habe ich aber noch: ESET hatte 31 Funde, aber ich habe die Option "Entdeckte Bedrohungen entfernen" ja deaktiviert. Was geschieht denn nun mit den Funden? Ich würde sie schon gerne löschen - oder ist das nicht nötig?

ESET:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=c74869d814281c4fa9e968f03f3c80fe
# end=init
# utc_time=2015-07-01 07:02:59
# local_time=2015-07-01 09:02:59 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
esets_scanner_update returned -1 esets_gle=37126
Update Finalize
Updated modules version: 0
Old modules - leave modules
Update Init
Update Download
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=c74869d814281c4fa9e968f03f3c80fe
# end=init
# utc_time=2015-07-01 07:08:18
# local_time=2015-07-01 09:08:18 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24584
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=c74869d814281c4fa9e968f03f3c80fe
# end=updated
# utc_time=2015-07-01 07:10:48
# local_time=2015-07-01 09:10:48 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=c74869d814281c4fa9e968f03f3c80fe
# engine=24584
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-07-01 09:45:03
# local_time=2015-07-01 11:45:03 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 145425303 187373753 0 0
# compatibility_mode_1='360 Internet Security'
# compatibility_mode=16642 16777213 100 98 9873 74469310 0 0
# scanned=257598
# found=31
# cleaned=0
# scan_time=9254
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir"
sh=ED5788B177CA8065A704FEBD7A037E97BBEE92D8 ft=1 fh=180bdf1c411327c5 vn="Variante von Win32/LoadTubes.A evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Sophie\AppData\Roaming\loadtbs\uninstall.exe.vir"
sh=2503638237A9469DCB691D06A5701C55C66644D3 ft=1 fh=7d1eeff0aaa50cda vn="Win32/Toolbar.SearchSuite evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\$RECYCLE.BIN\S-1-5-21-3075084587-570557683-2351437684-1000\$R83PKSR.exe"
sh=1D3BC6AF95D2B271D66757D0C76A09F5C6EC111C ft=1 fh=fe9306a65cf046c5 vn="Win32/Conduit.SearchProtect.J evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\$RECYCLE.BIN\S-1-5-21-3075084587-570557683-2351437684-1000\$RMCPB4M.exe"
sh=7BA36A4CE1E6BA5EF490AAEA375B813DA63E5C28 ft=1 fh=438176683fa27dfc vn="Win32/SoftonicDownloader.D evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\$RECYCLE.BIN\S-1-5-21-3075084587-570557683-2351437684-1000\$RU8BHPX.exe"
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\Conduit\Community Alerts\Alert.dll"
sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\Winload\ldrtbWinl.dll"
sh=A2D929A9864513C0E8ED84AAD622EF6ADCC9B950 ft=1 fh=22c06217fc444ec5 vn="Win32/Toolbar.Conduit.O evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\Winload\prxtbWinl.dll"
sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\Winload\tbWinl.dll"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\Winload\WinloadToolbarHelper.exe"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Sophie\AppData\Local\Conduit\CT2319825\WinloadAutoUpdateHelper.exe"
sh=5A0B2E3D7EA5AAACCC7AA2A579373021204BEDA1 ft=1 fh=572549f60b65a80d vn="Win32/Toolbar.Conduit evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Sophie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A8DU5T0Y\statisticsstub[1].exe"
sh=C2D03B5ECA61D4162E72AEDB4DE06ADF32C29167 ft=1 fh=872ffd8282d31593 vn="Win32/Toolbar.Conduit evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Sophie\AppData\Local\Temp\conduitinstaller.exe"
sh=F00DE4012A30D11877ED36FA147F0386F19B518D ft=1 fh=c71c00117f9d4383 vn="Variante von Win32/Toolbar.SearchSuite.Y evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Sophie\AppData\Local\Temp\installhelper.dll"
sh=4C608AF800DCBFAFAF964581B6823AAD45D72F6E ft=1 fh=c71c00116734e13b vn="Variante von Win32/Toolbar.SearchSuite.AD evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Sophie\AppData\Local\Temp\SRAssetsHelper.dll"
sh=4A18A4489A09ADC861439835521DB948B06FBF33 ft=1 fh=4629051b53d91c32 vn="Win32/Toolbar.Conduit evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Sophie\AppData\Local\Temp\ct2319825\ieLogic.exe"
sh=5A0B2E3D7EA5AAACCC7AA2A579373021204BEDA1 ft=1 fh=572549f60b65a80d vn="Win32/Toolbar.Conduit evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Sophie\AppData\Local\Temp\ct2319825\statisticsStub.exe"
sh=C9AE55F15B28459248B14CDDB03B3E33478C774A ft=1 fh=578a4d6752204186 vn="Win32/LoadTubes.B evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Sophie\AppData\Local\Temp\ltsilentio\npm.dll"
sh=ED5788B177CA8065A704FEBD7A037E97BBEE92D8 ft=1 fh=180bdf1c411327c5 vn="Variante von Win32/LoadTubes.A evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Sophie\AppData\Local\Temp\ltsilentio\Setup.exe"
sh=3688C37930585EF4D3689AEAF78297CE8893CCE3 ft=1 fh=9c7b498cf0067834 vn="Variante von Win32/LoadTubes.C evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Sophie\AppData\Local\Temp\ltsilentio\toolbar.dll"
sh=EEF40F3F5B9E8A15E6C31C13F092321B52B58ADE ft=0 fh=0000000000000000 vn="Win32/LoadTubes.D evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Sophie\AppData\Local\Temp\ltsilentio\chrome@loadtubes.com\background.js"
sh=121A47B1DE7B73677B7EEFFA9DE86C1264A41633 ft=0 fh=0000000000000000 vn="Win32/LoadTubes.D evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Sophie\AppData\Local\Temp\ltsilentio\software@loadtubes.com\chrome\content\loadtbs.js"
sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Sophie\AppData\LocalLow\Winload\ldrtbWinl.dll"
sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Sophie\AppData\LocalLow\Winload\tbWinl.dll"
sh=3688C37930585EF4D3689AEAF78297CE8893CCE3 ft=1 fh=9c7b498cf0067834 vn="Variante von Win32/LoadTubes.C evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Sophie\AppData\Roaming\loadtbs\toolbar.dll"
sh=ED5788B177CA8065A704FEBD7A037E97BBEE92D8 ft=1 fh=180bdf1c411327c5 vn="Variante von Win32/LoadTubes.A evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Sophie\AppData\Roaming\loadtbs\uninstall.exe"
sh=28004160728B1F01ED5DDB1971E24BC3FF65C132 ft=0 fh=0000000000000000 vn="Win32/LoadTubes.D evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Sophie\AppData\Roaming\loadtbs\chrome@loadtubes.com\background.js"
sh=AB921069C2BBE7343E9C43F01DFFC7240AE69C0F ft=1 fh=b399c82e2f993e66 vn="Win32/InstalleRex.C evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Sophie\Downloads\Bruno Mars - Locked Out Of Heaven [Official Music Video].mp3.exe"
sh=B5406ABAF22C04B346B765B70CCBE96EBD92BA32 ft=1 fh=726dbab417421b85 vn="Win32/Toolbar.SearchSuite evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Sophie\Downloads\iLividSetup.exe"
sh=581EF4F27D5560920BE434FC64ED1430D25EDF38 ft=1 fh=824a9c3fc506c182 vn="Win32/InstalleRex.C evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Sophie\Downloads\Vampire Diaries 3x02 Jason Walker - Echo.mp3.exe"
sh=4393B28D5AD414689EAEA09FF505C6A6427667A1 ft=1 fh=28b83d50dc5a3ad1 vn="Win32/InstalleRex.C evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Sophie\Downloads\Vampire Diaries Soundtrack- Holding on and Letting go.mp3.exe"

Security Check:

Code:

ATTFilter

Results of screen317's Security Check version 1.004  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
360 Internet Security   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
  Adobe Flash Player 17.0.0.188 Flash Player out of Date!  
 Adobe Reader XI  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

FRST:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01
Ran by Sophie (administrator) on SOPHIE-PC on 01-07-2015 12:03:30
Running from C:\Users\Sophie\Desktop
Loaded Profiles: Sophie (Available Profiles: Sophie)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Qihu 360 Software Co., Ltd.) C:\Program Files\360\360 Internet Security\360rps.exe
(Qihu 360 Software Co., Ltd.) C:\Program Files\360\360 Internet Security\deepscan\QHActiveDefense.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Atheros Communications) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Opera Software) C:\Program Files (x86)\Opera\opera.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\imstrayicon.exe
(Qihu 360 Software Co., Ltd.) C:\Program Files\360\360 Internet Security\360sd.exe
(Qihu 360 Software Co., Ltd.) C:\Program Files\360\360 Internet Security\360rp.exe
(Qihu 360 Software Co., Ltd.) C:\Program Files\360\360 Internet Security\safemon\360Tray.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6629480 2011-04-15] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-13] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [627360 2011-05-20] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe [379552 2011-05-20] (Atheros Commnucations)
HKLM\...\Run: [Stage Remote] => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe [2022976 2011-06-28] ()
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()
HKLM\...\Run: [360sd] => C:\Program Files\360\360 Internet Security\360sdrun.exe [287560 2014-04-16] (Qihu 360 Software Co., Ltd.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-01-20] (Apple Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
HKLM\...\RunOnce: [PC-Doctor for Windows REBOOT] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3075084587-570557683-2351437684-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3075084587-570557683-2351437684-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3075084587-570557683-2351437684-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3075084587-570557683-2351437684-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
SearchScopes: HKLM -> {91DF08E6-BA8D-4989-926E-191C59F06182} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {91DF08E6-BA8D-4989-926E-191C59F06182} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3075084587-570557683-2351437684-1000 -> {4108A944-B095-421A-ADBE-CBD71A773B08} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files\360\360 Internet Security\safemon\safemon64.dll [2014-04-23] (Qihu 360 Software Co., Ltd.)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2011-05-20] (Atheros Commnucations)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424 2015-05-18] (Microsoft Corporation) ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 C:\Windows\System32\mswsock.dll [327168 2015-05-18] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{1F07790A-810A-48E6-92E7-9CB96E372E6D}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{8357BF13-81FF-4290-B65D-70A90D22E771}: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\232biimb.default
FF NewTab: yafd:tabs
FF Homepage: hxxp://www.yandex.ru/?clid=1923017
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-10] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-10] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll [2012-03-29] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\232biimb.default\extensions\vb@yandex.ru [not found]
FF Extension: No Name - C:\Users\Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\232biimb.default\extensions\yasearch@yandex.ru [not found]
FF Extension: No Name - C:\Program Files (x86)\Search Results Toolbar\Datamngr\FirefoxExtension [not found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]

Chrome: 
=======
CHR Profile: C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-22]
CHR Extension: (Google Drive) - C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-22]
CHR Extension: (YouTube) - C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-22]
CHR Extension: (Google Search) - C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-22]
CHR Extension: (Google Drive Client Native Proxy) - C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nknebiagdodnminbdpflhpkgfpeijdbf [2014-08-09]
CHR Extension: (Google Wallet) - C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-22]
CHR Extension: (Gmail) - C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-22]
CHR HKU\S-1-5-21-3075084587-570557683-2351437684-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Sophie\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-12-24]
CHR HKU\S-1-5-21-3075084587-570557683-2351437684-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nknebiagdodnminbdpflhpkgfpeijdbf] - C:\Users\Sophie\AppData\Local\Google\Drive\nknebiagdodnminbdpflhpkgfpeijdbf_live.crx [2014-08-07]
CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - No Path Or update_url value

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 360rp; C:\Program Files\360\360 Internet Security\360rps.exe [310352 2014-04-16] (Qihu 360 Software Co., Ltd.)
S4 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S4 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-03-05] (Adobe Systems) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-05-20] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [80032 2011-05-20] (Atheros Commnucations) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2573520 2015-05-22] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-05-22] (Dell Inc.)
S4 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE [102400 2006-04-18] (SEIKO EPSON CORPORATION)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S4 MotoConnect Service; C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [91392 2010-01-27] ()
S3 scan; C:\Program Files\360\360 Internet Security\scan.dll [423144 2013-02-20] (S.C. BitDefender S.R.L)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [20648 2015-06-11] (Dell Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 ZhuDongFangYu; C:\Program Files\360\360 Internet Security\deepscan\QHActiveDefense.exe [236360 2014-04-23] (Qihu 360 Software Co., Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [97872 2014-04-21] (Qihu 360 Software Co., Ltd.)
R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [67664 2014-04-23] (Qihu 360 Software Co., Ltd.)
R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [305744 2014-04-29] (Qihu 360 Software Co., Ltd.)
R1 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [41552 2014-04-29] (Qihu 360 Software Co., Ltd.)
R1 360fsflt; C:\Windows\System32\DRIVERS\360FsFlt.sys [304208 2014-05-07] (Qihu 360 Software Co., Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [180816 2014-04-18] (Qihu 360 Software Co., Ltd.)
R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [23760 2015-05-22] (Dell Computer Corporation)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2012-07-22] (Duplex Secure Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-01 12:03 - 2015-07-01 12:03 - 00018638 _____ C:\Users\Sophie\Desktop\FRST.txt
2015-07-01 12:02 - 2015-07-01 12:02 - 00000736 _____ C:\Users\Sophie\Desktop\checkup.txt
2015-07-01 11:51 - 2015-07-01 11:51 - 00852662 _____ C:\Users\Sophie\Desktop\SecurityCheck.exe
2015-07-01 11:49 - 2015-07-01 11:45 - 00009841 _____ C:\Users\Sophie\Desktop\eset.txt
2015-07-01 09:56 - 2015-07-01 10:19 - 00003484 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-07-01 09:56 - 2015-07-01 09:56 - 00004034 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2015-07-01 09:55 - 2015-07-01 09:55 - 00003222 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2015-07-01 09:55 - 2015-07-01 09:55 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows
2015-07-01 09:55 - 2015-07-01 09:55 - 00000000 ____D C:\Program Files\Dell Support Center
2015-07-01 09:49 - 2015-07-01 09:49 - 00003818 _____ C:\Windows\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2015-07-01 09:49 - 2015-07-01 09:49 - 00000000 __HDC C:\ProgramData\{8AF32939-989B-460A-8726-CA2C776032A1}
2015-07-01 09:47 - 2015-07-01 10:19 - 00000000 ____D C:\ProgramData\SupportAssistAgent
2015-07-01 09:45 - 2015-07-01 09:50 - 00000000 ____D C:\Users\Sophie\AppData\Roaming\PCDr
2015-07-01 09:43 - 2015-07-01 09:52 - 00000000 ____D C:\ProgramData\PCDr
2015-07-01 09:01 - 2015-07-01 09:02 - 02870984 _____ (ESET) C:\Users\Sophie\Desktop\esetsmartinstaller_deu.exe
2015-07-01 08:57 - 2015-07-01 08:57 - 00000000 ___RD C:\Users\Sophie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-06-30 16:59 - 2015-06-30 16:59 - 00005239 _____ C:\Users\Sophie\Desktop\mbam.zip
2015-06-30 16:44 - 2015-06-30 16:44 - 00000000 ____D C:\Users\Sophie\Desktop\FRST-OlderVersion
2015-06-30 16:39 - 2015-06-30 16:39 - 00001604 _____ C:\Users\Sophie\Desktop\JRT.txt
2015-06-30 16:29 - 2015-06-30 16:29 - 00000207 _____ C:\Windows\tweaking.com-regbackup-SOPHIE-PC-Windows-7-Home-Premium-(64-bit).dat
2015-06-30 16:29 - 2015-06-30 16:29 - 00000000 ____D C:\RegBackup
2015-06-30 16:28 - 2015-06-30 16:28 - 02951929 _____ (Malwarebytes Corporation) C:\Users\Sophie\Desktop\JRT.exe
2015-06-29 20:11 - 2015-06-29 22:56 - 00000000 ____D C:\AdwCleaner
2015-06-29 20:10 - 2015-06-29 20:10 - 02244096 _____ C:\Users\Sophie\Desktop\AdwCleaner_4.207.exe
2015-06-29 20:09 - 2015-06-29 20:09 - 00127321 _____ C:\Users\Sophie\Desktop\mbam.txt
2015-06-29 17:26 - 2015-06-29 17:26 - 00001104 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-29 17:26 - 2015-06-29 17:26 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-06-29 17:26 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-29 17:26 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-29 17:25 - 2015-06-29 17:25 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Sophie\Desktop\mbam-setup-2.1.6.1022.exe
2015-06-28 14:32 - 2015-06-28 14:32 - 00032402 _____ C:\ComboFix.txt
2015-06-28 14:01 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-06-28 14:01 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-06-28 14:01 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-06-28 14:01 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-06-28 14:01 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-06-28 14:01 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-06-28 14:01 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-06-28 14:01 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-06-28 13:59 - 2015-06-28 14:32 - 00000000 ____D C:\Qoobox
2015-06-28 13:57 - 2015-06-28 14:29 - 00000000 ____D C:\Windows\erdnt
2015-06-28 13:55 - 2015-06-28 13:55 - 05630589 ____R (Swearware) C:\Users\Sophie\Desktop\ComboFix.exe
2015-06-27 21:25 - 2015-06-27 21:25 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Sophie\Desktop\tdsskiller.exe
2015-06-18 22:47 - 2015-06-29 17:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-18 22:45 - 2015-07-01 08:57 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-18 22:45 - 2015-06-27 21:23 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-06-18 22:42 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-18 22:41 - 2015-06-27 21:23 - 00000000 ____D C:\Users\Sophie\Desktop\mbar
2015-06-18 22:40 - 2015-06-18 22:40 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Sophie\Desktop\mbar-1.09.1.1004.exe
2015-06-18 20:34 - 2015-06-18 20:34 - 00118788 _____ C:\Users\Sophie\Desktop\beitragkomplett.txt
2015-06-18 00:19 - 2015-06-18 09:15 - 00010970 _____ C:\Users\Sophie\Desktop\GMER.log
2015-06-18 00:00 - 2015-06-18 00:00 - 00266288 _____ C:\Windows\Minidump\061815-17113-01.dmp
2015-06-17 23:40 - 2015-06-17 23:41 - 00031208 _____ C:\Users\Sophie\Desktop\Addition.txt
2015-06-17 23:38 - 2015-07-01 12:03 - 00000000 ____D C:\FRST
2015-06-17 23:30 - 2015-06-17 23:30 - 00000584 _____ C:\Users\Sophie\Desktop\defogger_disable.log
2015-06-17 23:30 - 2015-06-17 23:30 - 00000020 _____ C:\Users\Sophie\defogger_reenable
2015-06-17 23:28 - 2015-06-17 23:28 - 00380416 _____ C:\Users\Sophie\Desktop\pybic4e9.exe
2015-06-17 23:27 - 2015-06-30 16:44 - 02112512 _____ (Farbar) C:\Users\Sophie\Desktop\FRST64.exe
2015-06-17 23:26 - 2015-06-17 23:26 - 00050477 _____ C:\Users\Sophie\Desktop\Defogger.exe
2015-06-17 23:20 - 2015-06-17 23:20 - 00001519 _____ C:\Users\Sophie\Desktop\forum_beitrag.txt
2015-06-17 23:16 - 2015-06-17 23:16 - 00010333 _____ C:\Users\Sophie\Desktop\hijackthis_abgesichert.log
2015-06-17 21:29 - 2015-06-17 21:29 - 09723600 _____ (Microsoft Corporation) C:\Users\Sophie\Desktop\WindowsUpdateAgent-7.6-x86.exe
2015-06-17 21:18 - 2015-06-17 21:18 - 00000000 __SHD C:\Users\Sophie\AppData\Local\EmieUserList
2015-06-17 21:18 - 2015-06-17 21:18 - 00000000 __SHD C:\Users\Sophie\AppData\Local\EmieSiteList
2015-06-17 21:18 - 2015-06-17 21:18 - 00000000 __SHD C:\Users\Sophie\AppData\Local\EmieBrowserModeList
2015-06-17 20:59 - 2015-06-17 20:59 - 00000000 ____D C:\found.000
2015-06-17 20:41 - 2015-06-17 20:41 - 00000000 ____D C:\Windows\pss
2015-06-17 19:57 - 2015-06-17 20:12 - 00015153 _____ C:\Users\Sophie\Desktop\hijackthis_normal.log
2015-06-17 19:54 - 2015-06-17 19:54 - 00388608 _____ (Trend Micro Inc.) C:\Users\Sophie\Desktop\HijackThis.exe
2015-06-16 19:28 - 2015-06-19 06:16 - 00000000 ___HD C:\ProgramData\{D612DEA7-41A3-483A-9F90-A49A62502B1B}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-01 11:54 - 2012-04-28 22:53 - 01466329 _____ C:\Windows\WindowsUpdate.log
2015-07-01 11:44 - 2012-04-29 06:05 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-01 09:55 - 2012-04-29 07:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-07-01 09:49 - 2012-04-29 06:50 - 00000000 ____D C:\Program Files\Dell
2015-07-01 09:48 - 2012-04-29 07:30 - 00000000 ____D C:\ProgramData\Dell
2015-07-01 09:47 - 2012-04-29 07:04 - 00000000 ____D C:\Program Files (x86)\Dell
2015-07-01 08:58 - 2009-07-14 06:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-01 08:58 - 2009-07-14 06:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-01 08:57 - 2012-05-04 19:50 - 00000000 ____D C:\Users\Sophie\Documents\Bluetooth Folder
2015-07-01 08:57 - 2012-04-29 07:01 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2015-07-01 08:57 - 2012-04-29 07:01 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2015-07-01 08:57 - 2012-04-29 06:55 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2015-07-01 08:55 - 2010-11-21 08:50 - 22306210 _____ C:\Windows\system32\perfh007.dat
2015-07-01 08:55 - 2010-11-21 08:50 - 07186330 _____ C:\Windows\system32\perfc007.dat
2015-07-01 08:55 - 2009-07-14 07:13 - 00006078 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-01 08:51 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-01 08:50 - 2010-11-21 05:47 - 00819748 _____ C:\Windows\PFRO.log
2015-07-01 08:50 - 2009-07-14 06:51 - 00092859 _____ C:\Windows\setupact.log
2015-06-28 14:32 - 2009-07-14 05:20 - 00000000 ____D C:\Users\Default
2015-06-28 14:28 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-06-28 14:19 - 2012-05-04 19:41 - 00000000 ____D C:\Users\Sophie
2015-06-28 13:55 - 2014-08-09 17:55 - 00000000 ____D C:\Users\Sophie\AppData\Roaming\360safe
2015-06-27 19:47 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-18 08:54 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-06-18 08:13 - 2012-05-05 16:10 - 00000000 ____D C:\Users\Sophie\AppData\Local\CrashDumps
2015-06-18 00:00 - 2013-09-15 11:29 - 533258127 _____ C:\Windows\MEMORY.DMP
2015-06-18 00:00 - 2013-09-15 11:29 - 00000000 ____D C:\Windows\Minidump
2015-06-17 21:23 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2015-06-17 20:10 - 2012-05-07 18:08 - 00000000 ____D C:\Users\Sophie\AppData\Local\Nero
2015-06-17 19:52 - 2015-05-06 21:41 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-17 19:50 - 2013-04-30 04:07 - 00000000 ___RD C:\Users\Sophie\Google Drive
2015-06-17 19:50 - 2012-05-23 17:17 - 00000000 ____D C:\Users\Sophie\AppData\Roaming\Skype
2015-06-17 11:56 - 2012-05-04 19:49 - 00001371 _____ C:\Users\Sophie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-17 11:17 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-17 11:16 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2015-06-17 11:16 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2015-06-17 11:16 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\zh-HK
2015-06-17 11:16 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\tr-TR
2015-06-17 10:42 - 2014-04-28 19:49 - 00000000 ____D C:\Users\Sophie\AppData\Roaming\Spotify
2015-06-17 09:45 - 2014-04-28 19:51 - 00000000 ____D C:\Users\Sophie\AppData\Local\Spotify
2015-06-15 12:50 - 2014-09-20 15:23 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-06-14 11:44 - 2013-04-30 04:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-06-12 11:08 - 2012-07-29 13:30 - 00012702 _____ C:\Users\Sophie\Documents\NewDatabase_Keypass.kdbx
2015-06-10 11:44 - 2012-04-29 06:05 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-10 11:44 - 2012-04-29 06:05 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-10 11:44 - 2012-04-29 06:05 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

==================== Files in the root of some directories =======

2012-08-20 15:06 - 2012-08-21 18:22 - 0000000 ____H () C:\Users\Sophie\AppData\Roaming\windrvconfig.txt
2013-05-13 22:49 - 2013-05-13 22:49 - 0000084 _____ () C:\Users\Sophie\AppData\Local\DVDPATH.TXT
2012-05-13 07:53 - 2012-05-13 07:53 - 0000000 _____ () C:\Users\Sophie\AppData\Local\rx_image32.Cache

ZeroAccess:
C:\Windows\Installer\{07520515-0e79-69ef-f5fa-e9a7dd55b95b}

ZeroAccess:
C:\Users\Sophie\AppData\Local\{07520515-0e79-69ef-f5fa-e9a7dd55b95b}

Files to move or delete:
====================
C:\Users\Sophie\FirefoxSetup.exe
C:\Users\Sophie\Opera_1202_int_Setup.exe
C:\Users\Sophie\SkypeSetup.exe


Some files in TEMP:
====================
C:\Users\Sophie\AppData\Local\Temp\Quarantine.exe
C:\Users\Sophie\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-28 14:50

==================== End of log ============================

schrauber · 02.07.2015, 06:09

Windows Repair Tool laufen lassen:
Windows reparieren - so geht's - Anleitungen

renet · 02.07.2015, 20:57

Okay, das scheint geklappt zu haben. Trotzdem habe ich noch folgende Fragen:

1. Was ist mit den ESET Funden? Soll ich diese ignorieren, oder kann ich sie getrost mit dem ESET Scanner löschen lassen?
2. Ist das System meiner Freundin damit erstmal wieder Malware-frei?
3. Darf ich den Re-Enable Button von defogger jetzt betätigen?

Vielen lieben Dank für dein Unterstützung!

schrauber · 03.07.2015, 07:19

Die werden beim Aufräumen gelöscht

Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren .

Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
Klicke auf OK.
Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte

DelFix herunter.

Schließe alle offenen Programme.
Starte die delfix.exe mit einem Doppelklick.
Setze vor jede Funktion ein Häkchen.
Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...

und/oder das Forum mit einer kleinen Spende unterstützen.

Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:

Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:

NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.

Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.

Lade Software von einem sauberen Portal wie

.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwarecleaner .

Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

02.07.2015, 06:09	#10
schrauber /// the machine /// TB-Ausbilder	Win 7 SP1 64-bit: Verdächtige Prozesse und deaktiviertes Windows Update Windows Repair Tool laufen lassen: Windows reparieren - so geht's - Anleitungen __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Win 7 SP1 64-bit: Verdächtige Prozesse und deaktiviertes Windows Update

Log-Analyse und Auswertung: Win 7 SP1 64-bit: Verdächtige Prozesse und deaktiviertes Windows Update