| |
| |||||||
Log-Analyse und Auswertung: Win32 Dateien verschieben und löschen sich Virus ggf TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
26.08.2015, 19:10
| #1 |
 |  Win32 Dateien verschieben und löschen sich Virus ggf Trojaner Hallo, Ich habe heute bemerkt das oben links ein Fenster aufsprang, ging 3-4 Sekunden und es wurden System32-Dateien gelöscht und verschoben. Seit dem verbraucht der sched.exe Prozess sehr viel Arbeitsspeicher (ist angeblich ein Avira-Prozess). Hab sowieso schon seit längerem die Vermutung das ich einen Trojaner auf dem PC habe. Ich benutze Win7 Ultimate 64 bit. (Originale). Bitte um Hilfe. |
|
26.08.2015, 19:12
| #2 |
| /// the machine /// TB-Ausbilder    | Win32 Dateien verschieben und löschen sich Virus ggf Trojaner hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
26.08.2015, 19:27
| #3 | |
| | Win32 Dateien verschieben und löschen sich Virus ggf TrojanerZitat:
Hier: FRST Logfile: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:26-08-2015 durchgeführt von Chef (Administrator) auf CHEF-PC (26-08-2015 20:23:30) Gestartet von C:\Users\Chef\Downloads Geladene Profile: Chef & (Verfügbare Profile: Chef) Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: Chrome) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (AMD) C:\Windows\System32\atiesrxx.exe (Sandboxie Holdings, LLC) E:\Programme\SbieSvc.exe (AMD) C:\Windows\System32\atieclxx.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe (Perfect Privacy) C:\Program Files (x86)\Perfect Privacy VPN Manager\VPNManagerService.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (VMware, Inc.) E:\Programme\vmware-authd.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (The Pidgin developer community) C:\Program Files (x86)\Pidgin\pidgin.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Farbar) C:\Users\Chef\Downloads\FRST64 (1).exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-04-16] (Saitek) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [782008 2015-08-26] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [134368 2015-07-02] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-1794054482-4240154565-431294608-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd) HKU\S-1-5-21-1794054482-4240154565-431294608-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd) HKU\S-1-5-21-1794054482-4240154565-431294608-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd) Startup: C:\Users\Chef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2015-02-17] () InternetURL: C:\Users\Chef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svcchost.url -> file:///C:/Users/Chef/AppData/Roaming/macromedia/Diashow8128581258.exe InternetURL: C:\Users\Chef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchosst.url -> file:///C:/Users/Chef/AppData/Roaming/macromedia/Diashow12918568128.exe InternetURL: C:\Users\Chef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost2.url -> file:///C:/Users/Chef/AppData/Roaming/macromedia/Faceboook.exe InternetURL: C:\Users\Chef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchostt.url -> file:///C:/Users/Chef/AppData/Roaming/macromedia/SkypeSpreaderv2.exe ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-07-16] () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-07-16] () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-07-16] () ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Keine Datei ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\S-1-5-21-1794054482-4240154565-431294608-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/ HKU\S-1-5-21-1794054482-4240154565-431294608-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://de.yahoo.com?fr=hp-avast&type=prc265 HKU\S-1-5-21-1794054482-4240154565-431294608-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-1794054482-4240154565-431294608-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/androidnews/ HKU\S-1-5-21-1794054482-4240154565-431294608-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/ HKU\S-1-5-21-1794054482-4240154565-431294608-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://de.yahoo.com?fr=hp-avast&type=prc265 HKU\S-1-5-21-1794054482-4240154565-431294608-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-1794054482-4240154565-431294608-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/androidnews/ HKU\S-1-5-21-1794054482-4240154565-431294608-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/ HKU\S-1-5-21-1794054482-4240154565-431294608-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://de.yahoo.com?fr=hp-avast&type=prc265 HKU\S-1-5-21-1794054482-4240154565-431294608-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-1794054482-4240154565-431294608-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/androidnews/ SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-05] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-05] (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-05] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-05] (Oracle Corporation) Toolbar: HKLM - Kein Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - Keine Datei Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Winsock: Catalog5 07 C:\Windows\SysWOW64\PrxerNsp.dll [84040 2015-06-23] () Winsock: Catalog5-x64 07 C:\Windows\system32\PrxerNsp.dll [96840 2015-06-23] () Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{828080A0-9AB4-4F98-B91D-6E891482D9B7}: [NameServer] 208.67.222.222,208.67.220.220 Tcpip\..\Interfaces\{8E26C87B-CFDE-403F-95D6-C0A492E17AA0}: [DhcpNameServer] 10.8.0.1 Tcpip\..\Interfaces\{D3B28D28-01AC-4BA8-B889-E295C6433F59}: [NameServer] 208.67.222.222,208.67.220.220 Tcpip\..\Interfaces\{F60F2829-EE84-451A-8E86-BCFE201DFB6F}: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\lkuap7q3.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll [2014-04-29] () FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-05] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-05] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-23] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-23] (VideoLAN) FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-07-22] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll [2014-04-29] () FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-05] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-05] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-08-31] (Pando Networks) FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> E:\Spiele\Arc\Plugins\npArcPluginFF.dll [Keine Datei] FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-08] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-08] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-07-22] (Adobe Systems) FF Plugin HKU\S-1-5-21-1794054482-4240154565-431294608-1000: @my.com/Games -> C:\Users\Chef\AppData\Local\MyComGames\NPMyComDetector.dll [2015-08-12] (My.com, Inc) FF Plugin HKU\S-1-5-21-1794054482-4240154565-431294608-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Chef\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-08-08] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-1794054482-4240154565-431294608-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-08-31] (Pando Networks) FF Plugin HKU\S-1-5-21-1794054482-4240154565-431294608-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-04-15] () FF Plugin HKU\S-1-5-21-1794054482-4240154565-431294608-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @my.com/Games -> C:\Users\Chef\AppData\Local\MyComGames\NPMyComDetector.dll [2015-08-12] (My.com, Inc) FF Plugin HKU\S-1-5-21-1794054482-4240154565-431294608-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Chef\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-08-08] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-1794054482-4240154565-431294608-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-08-31] (Pando Networks) FF Plugin HKU\S-1-5-21-1794054482-4240154565-431294608-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-04-15] () FF Plugin HKU\S-1-5-21-1794054482-4240154565-431294608-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1: @my.com/Games -> C:\Users\Chef\AppData\Local\MyComGames\NPMyComDetector.dll [2015-08-12] (My.com, Inc) FF Plugin HKU\S-1-5-21-1794054482-4240154565-431294608-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Chef\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-08-08] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-1794054482-4240154565-431294608-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-08-31] (Pando Networks) FF Plugin HKU\S-1-5-21-1794054482-4240154565-431294608-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-04-15] () FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.) FF Extension: anonymoX - C:\Users\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\lkuap7q3.default\Extensions\client@anonymox.net.xpi [2015-08-20] FF Extension: Adblock Plus - C:\Users\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\lkuap7q3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-07-24] Chrome: ======= CHR Profile: C:\Users\Chef\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Chef\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-24] CHR Extension: (Google Docs) - C:\Users\Chef\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-24] CHR Extension: (Google Drive) - C:\Users\Chef\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-24] CHR Extension: (YouTube) - C:\Users\Chef\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-24] CHR Extension: (Google Search) - C:\Users\Chef\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-24] CHR Extension: (Google Sheets) - C:\Users\Chef\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-24] CHR Extension: (AdBlock) - C:\Users\Chef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-07-24] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Chef\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-24] CHR Extension: (Chrome Web Store Payments) - C:\Users\Chef\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-08] CHR Extension: (Gmail) - C:\Users\Chef\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-24] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [887128 2015-08-26] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [461672 2015-08-26] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [461672 2015-08-26] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1213072 2015-08-26] (Avira Operations GmbH & Co. KG) R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [218816 2015-07-02] (Avira Operations GmbH & Co. KG) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-01-14] (LogMeIn, Inc.) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R2 SbieSvc; E:\Programme\SbieSvc.exe [187592 2014-01-17] (Sandboxie Holdings, LLC) R2 VMAuthdService; E:\Programme\vmware-authd.exe [87744 2015-05-31] (VMware, Inc.) R2 VPNManager; C:\Program Files (x86)\Perfect Privacy VPN Manager\VPNManagerService.exe [17408 2015-02-13] (Perfect Privacy) [Datei ist nicht signiert] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S2 EslWireHelper; C:\Program Files\EslWire\service\WireHelperSvc.exe [X] ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [162528 2015-08-26] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [141416 2015-08-26] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-10-23] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-05] (Avira Operations GmbH & Co. KG) S3 CisUtMonitor; C:\Windows\System32\DRIVERS\CisUtMonitor.sys [33360 2011-10-30] (CrystalIdea Software) R2 EnergyDriver; C:\Program Files\Intel\Power Gadget 3.0\EnergyDriver.sys [14224 2014-08-21] () R0 ESLWireAC; C:\Windows\System32\drivers\ESLWireACD.sys [184968 2014-05-27] (<Turtle Entertainment>) S3 FlashUSB; C:\Windows\System32\DRIVERS\FlashUSB_x64.sys [19968 2010-12-21] (Danish Wireless Design A/S) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-26] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation) R3 SaiK1703; C:\Windows\System32\DRIVERS\SaiK1703.sys [180544 2012-09-20] (Saitek) R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek) R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek) R3 SaiU1703; C:\Windows\System32\DRIVERS\SaiU1703.sys [47168 2012-09-20] (Saitek) R3 SbieDrv; E:\Programme\SbieDrv.sys [202600 2014-01-17] (Sandboxie Holdings, LLC) S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.) U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2014-12-14] () U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] () R0 vsock; C:\Windows\System32\drivers\vsock.sys [76480 2015-05-21] (VMware, Inc.) S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 pmem; \??\C:\Users\Chef\AppData\Local\Temp\_MEI66242\drivers\winpmem64.sys [X] S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-08-26 20:23 - 2015-08-26 20:23 - 02186752 _____ (Farbar) C:\Users\Chef\Downloads\FRST64 (1).exe 2015-08-26 20:23 - 2015-08-26 20:23 - 00023386 _____ C:\Users\Chef\Downloads\FRST.txt 2015-08-26 20:23 - 2015-08-26 20:23 - 00000000 ____D C:\FRST 2015-08-26 20:15 - 2015-08-26 20:15 - 02186752 _____ (Farbar) C:\Users\Chef\Downloads\FRST64.exe 2015-08-26 20:05 - 2015-08-26 20:05 - 00388608 _____ (Trend Micro Inc.) C:\Users\Chef\Downloads\HijackThis_2.0.5.exe 2015-08-26 20:05 - 2015-08-26 20:05 - 00388608 _____ (Trend Micro Inc.) C:\Users\Chef\Downloads\HijackThis_2.0.5 (1).exe 2015-08-26 13:17 - 2015-08-26 13:18 - 14132182 _____ C:\Users\Chef\Downloads\TUTS_NEU.RAR 2015-08-26 13:17 - 2015-08-26 13:18 - 05517292 _____ C:\Users\Chef\Downloads\MAKE_162_IN_JUST_13_MINUTES_WITH_0_INVESTMENT_WITH_LINKEDIN.ZIP 2015-08-26 13:17 - 2015-08-26 13:17 - 03775982 _____ C:\Users\Chef\Downloads\1K_PER_DAY_SYSTEM.RAR 2015-08-26 09:49 - 2015-08-26 09:49 - 00061632 _____ C:\Users\Chef\AppData\Local\GDIPFONTCACHEV1.DAT 2015-08-26 09:47 - 2015-08-26 10:48 - 00004592 _____ C:\Windows\setupact.log 2015-08-26 09:47 - 2015-08-26 09:47 - 00274200 _____ C:\Windows\system32\FNTCACHE.DAT 2015-08-26 09:47 - 2015-08-26 09:47 - 00019468 _____ C:\Windows\PFRO.log 2015-08-26 09:47 - 2015-08-26 09:47 - 00000000 _____ C:\Windows\setuperr.log 2015-08-26 01:40 - 2015-08-26 01:40 - 00000218 _____ C:\Users\Chef\.recently-used.xbel 2015-08-25 18:24 - 2015-08-25 18:24 - 01510500 _____ C:\Users\Chef\Downloads\REST_KEYS.TXT 2015-08-25 17:52 - 2015-08-25 17:52 - 00890400 _____ C:\Users\Chef\Downloads\PAKET_II.TXT 2015-08-25 17:49 - 2015-08-25 17:49 - 00000979 _____ C:\Users\Public\Desktop\Bitcoin Armory.lnk 2015-08-25 17:49 - 2015-08-25 17:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Armory 2015-08-25 17:37 - 2015-08-25 17:37 - 00000000 ____D C:\Users\Chef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitcoin Core 2015-08-25 17:37 - 2015-08-25 17:37 - 00000000 ____D C:\Program Files\Bitcoin 2015-08-25 17:36 - 2015-08-25 17:37 - 12697152 _____ (Bitcoin Core project) C:\Users\Chef\Downloads\bitcoin-0.11.0-win64-setup.exe 2015-08-25 17:24 - 2015-08-25 17:24 - 03084154 _____ C:\Users\Chef\Downloads\TESTE_KEYS.TXT 2015-08-25 17:06 - 2015-08-25 17:06 - 02294554 _____ C:\Users\Chef\Downloads\KEYS_-_TESTEN.TXT 2015-08-25 16:30 - 2015-08-25 16:33 - 00000000 ____D C:\Users\Chef\AppData\Roaming\Electrum 2015-08-25 16:30 - 2015-08-25 16:30 - 00001007 _____ C:\Users\Chef\Desktop\Electrum.lnk 2015-08-25 16:30 - 2015-08-25 16:30 - 00000000 ____D C:\Users\Chef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Electrum 2015-08-25 16:30 - 2015-08-25 16:30 - 00000000 ____D C:\Program Files (x86)\Electrum 2015-08-25 16:28 - 2015-08-25 16:29 - 41325031 _____ C:\Users\Chef\Downloads\electrum-2.4.4-setup.exe 2015-08-25 16:21 - 2015-08-25 16:21 - 00027907 _____ C:\Users\Chef\Desktop\armory_bgWbQEoh_decrypt.wallet 2015-08-25 16:11 - 2015-08-25 16:11 - 00033390 _____ C:\Users\Chef\Downloads\KEYS.TXT 2015-08-25 16:01 - 2015-08-25 17:53 - 00000000 ____D C:\Users\Chef\AppData\Roaming\Bitcoin 2015-08-25 16:00 - 2015-08-26 09:47 - 00000000 ____D C:\Users\Chef\AppData\Roaming\Armory 2015-08-25 16:00 - 2015-08-26 09:47 - 00000000 ____D C:\Program Files (x86)\Armory 2015-08-25 15:58 - 2015-08-25 15:59 - 22778005 _____ (Armory Technologies Inc.) C:\Users\Chef\Downloads\armory_0.93.2_winAll.exe 2015-08-25 15:01 - 2015-08-25 15:01 - 00105879 _____ C:\Users\Chef\Downloads\5_ATM_HACKS.ZIP 2015-08-25 02:43 - 2015-08-25 02:43 - 00000513 _____ C:\Users\Chef\Desktop\für crimeandy.txt 2015-08-23 21:22 - 2015-08-23 21:23 - 00000000 ____D C:\ProgramData\FlyVPN 2015-08-23 01:32 - 2015-08-23 01:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenSSL 2015-08-23 01:32 - 2015-08-23 01:32 - 00000000 ____D C:\OpenSSL-Win64 2015-08-23 01:32 - 2015-07-09 19:21 - 00379392 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\system32\ssleay32.dll 2015-08-23 01:32 - 2015-07-09 19:21 - 00379392 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\system32\libssl32.dll 2015-08-23 01:32 - 2015-07-09 19:20 - 02077184 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\system32\libeay32.dll 2015-08-23 01:29 - 2015-08-23 01:30 - 00001021 _____ C:\Users\Public\Desktop\OpenVPN GUI.lnk 2015-08-23 01:29 - 2015-08-23 01:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows 2015-08-23 01:29 - 2015-08-23 01:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN 2015-08-23 01:29 - 2015-08-23 01:29 - 00000000 ____D C:\Program Files\OpenVPN 2015-08-23 01:21 - 2015-08-23 01:28 - 00000000 ____D C:\Users\Chef\AppData\Local\SaferVPN 2015-08-23 01:20 - 2015-08-23 01:27 - 00000003 _____ C:\END 2015-08-22 23:59 - 2015-08-23 00:04 - 00000000 ____D C:\Users\Chef\AppData\Roaming\MultiBitHD 2015-08-22 23:58 - 2015-08-22 23:58 - 00001925 _____ C:\Users\Chef\Desktop\MultiBit HD.lnk 2015-08-22 23:58 - 2015-08-22 23:58 - 00000000 ____D C:\Users\Chef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MultiBit HD 2015-08-22 23:58 - 2015-08-22 23:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MultiBit HD 2015-08-22 23:58 - 2015-08-22 23:58 - 00000000 ____D C:\Program Files\MultiBit HD 2015-08-22 17:45 - 2015-08-25 01:33 - 00001641 _____ C:\Users\Chef\Desktop\marketing.txt 2015-08-21 14:04 - 2015-08-21 14:04 - 00000000 ____D C:\Users\Chef\Downloads\Gameforge Live 2015-08-21 13:34 - 2015-08-21 13:34 - 00001858 _____ C:\Users\Public\Desktop\PC Inspector File Recovery.lnk 2015-08-21 13:34 - 2015-08-21 13:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Inspector File Recovery 2015-08-21 13:34 - 2015-08-21 13:34 - 00000000 ____D C:\Program Files (x86)\PC Inspector File Recovery 2015-08-21 13:34 - 2002-02-18 18:40 - 00006200 _____ C:\Windows\SysWOW64\INT13EXT.VXD 2015-08-21 13:31 - 2015-08-21 13:31 - 00000000 ____D C:\sss 2015-08-21 13:31 - 2012-03-18 14:49 - 00880640 _____ C:\Users\Chef\Desktop\dechk2.exe 2015-08-20 16:34 - 2015-08-20 16:34 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe 2015-08-20 16:30 - 2015-08-20 16:35 - 00000000 ____D C:\ProgramData\Comodo 2015-08-20 16:27 - 2015-08-20 16:27 - 00000000 ____D C:\Program Files\HitmanPro 2015-08-20 16:26 - 2015-08-20 16:35 - 00000000 ____D C:\ProgramData\HitmanPro 2015-08-20 16:15 - 2015-08-20 16:17 - 00000000 ____D C:\AdwCleaner 2015-08-20 16:12 - 2015-08-20 16:36 - 00000000 ____D C:\Users\Chef\Downloads\RevoUninstallerPortable 2015-08-20 00:43 - 2015-08-11 03:20 - 25191936 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-08-20 00:43 - 2015-08-11 03:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-08-20 00:43 - 2015-08-11 02:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-08-20 00:43 - 2015-08-11 02:20 - 19871232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-08-18 13:49 - 2015-08-18 13:49 - 00000000 _____ C:\Users\Chef\Desktop\geschenk an schatz.txt 2015-08-15 19:24 - 2015-08-20 00:16 - 00001512 _____ C:\Users\Chef\Desktop\subcard.txt 2015-08-14 16:09 - 2015-08-14 16:09 - 00000000 ____D C:\Users\Chef\AppData\Local\CEF 2015-08-13 03:09 - 2015-07-30 15:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-08-13 03:09 - 2015-07-30 15:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-08-13 01:49 - 2015-08-13 01:49 - 00000122 _____ C:\Users\Chef\Desktop\Skyforge My.com.url 2015-08-12 12:12 - 2015-07-21 02:39 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-08-12 12:12 - 2015-07-21 02:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-08-12 12:12 - 2015-07-16 22:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-08-12 12:12 - 2015-07-16 22:37 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-08-12 12:12 - 2015-07-16 22:36 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-08-12 12:12 - 2015-07-16 22:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-08-12 12:12 - 2015-07-16 22:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-08-12 12:12 - 2015-07-16 22:35 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-08-12 12:12 - 2015-07-16 22:35 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-08-12 12:12 - 2015-07-16 22:27 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-08-12 12:12 - 2015-07-16 22:26 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-08-12 12:12 - 2015-07-16 22:26 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-08-12 12:12 - 2015-07-16 22:23 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-08-12 12:12 - 2015-07-16 22:21 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-08-12 12:12 - 2015-07-16 22:21 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-08-12 12:12 - 2015-07-16 22:21 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-08-12 12:12 - 2015-07-16 22:21 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-08-12 12:12 - 2015-07-16 22:12 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-08-12 12:12 - 2015-07-16 22:08 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-08-12 12:12 - 2015-07-16 22:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-08-12 12:12 - 2015-07-16 21:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-08-12 12:12 - 2015-07-16 21:54 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-08-12 12:12 - 2015-07-16 21:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-08-12 12:12 - 2015-07-16 21:51 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-08-12 12:12 - 2015-07-16 21:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-08-12 12:12 - 2015-07-16 21:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-08-12 12:12 - 2015-07-16 21:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-08-12 12:12 - 2015-07-16 21:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-08-12 12:12 - 2015-07-16 21:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-08-12 12:12 - 2015-07-16 21:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-08-12 12:12 - 2015-07-16 21:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-08-12 12:12 - 2015-07-16 21:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-08-12 12:12 - 2015-07-16 21:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-08-12 12:12 - 2015-07-16 21:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-08-12 12:12 - 2015-07-16 21:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-08-12 12:12 - 2015-07-16 21:36 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-08-12 12:12 - 2015-07-16 21:35 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-08-12 12:12 - 2015-07-16 21:34 - 14451200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-08-12 12:12 - 2015-07-16 21:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-08-12 12:12 - 2015-07-16 21:32 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-08-12 12:12 - 2015-07-16 21:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-08-12 12:12 - 2015-07-16 21:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-08-12 12:12 - 2015-07-16 21:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-08-12 12:12 - 2015-07-16 21:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-08-12 12:12 - 2015-07-16 21:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-08-12 12:12 - 2015-07-16 21:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-08-12 12:12 - 2015-07-16 21:12 - 02427904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-08-12 12:12 - 2015-07-16 21:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-08-12 12:12 - 2015-07-16 21:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-08-12 12:12 - 2015-07-16 21:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-08-12 12:12 - 2015-07-16 21:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-08-12 12:12 - 2015-07-16 21:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-08-12 12:12 - 2015-07-16 20:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-08-12 12:12 - 2015-07-16 20:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-08-12 12:12 - 2015-07-16 20:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-08-12 12:12 - 2015-07-16 20:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-08-12 12:08 - 2015-07-28 22:09 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2015-08-12 12:08 - 2015-07-28 22:05 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-08-12 12:08 - 2015-07-28 22:05 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-08-12 12:08 - 2015-07-28 22:05 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-08-12 12:08 - 2015-07-28 22:05 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-08-12 12:08 - 2015-07-28 22:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-08-12 12:08 - 2015-07-28 22:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-08-12 12:08 - 2015-07-28 21:55 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-08-12 12:08 - 2015-07-16 21:12 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2015-08-12 12:08 - 2015-07-16 21:12 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll 2015-08-12 12:08 - 2015-07-16 21:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2015-08-12 12:08 - 2015-07-16 21:11 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2015-08-12 12:08 - 2015-07-16 21:11 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll 2015-08-12 12:08 - 2015-07-16 21:11 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2015-08-12 12:08 - 2015-07-15 20:15 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-08-12 12:08 - 2015-07-15 20:15 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-08-12 12:08 - 2015-07-15 20:15 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-08-12 12:08 - 2015-07-15 20:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2015-08-12 12:08 - 2015-07-15 20:12 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-08-12 12:08 - 2015-07-15 20:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-08-12 12:08 - 2015-07-15 20:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-08-12 12:08 - 2015-07-15 20:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-08-12 12:08 - 2015-07-15 20:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-08-12 12:08 - 2015-07-15 20:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-08-12 12:08 - 2015-07-15 20:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll 2015-08-12 12:08 - 2015-07-15 20:10 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-08-12 12:08 - 2015-07-15 20:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2015-08-12 12:08 - 2015-07-15 20:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-08-12 12:08 - 2015-07-15 20:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-08-12 12:08 - 2015-07-15 20:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-08-12 12:08 - 2015-07-15 20:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-08-12 12:08 - 2015-07-15 20:10 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-08-12 12:08 - 2015-07-15 20:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-08-12 12:08 - 2015-07-15 20:10 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-08-12 12:08 - 2015-07-15 20:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-08-12 12:08 - 2015-07-15 20:10 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-08-12 12:08 - 2015-07-15 20:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-08-12 12:08 - 2015-07-15 20:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-08-12 12:08 - 2015-07-15 20:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-08-12 12:08 - 2015-07-15 20:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2015-08-12 12:08 - 2015-07-15 20:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-08-12 12:08 - 2015-07-15 20:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-08-12 12:08 - 2015-07-15 20:10 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-08-12 12:08 - 2015-07-15 20:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-08-12 12:08 - 2015-07-15 20:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-08-12 12:08 - 2015-07-15 20:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-08-12 12:08 - 2015-07-15 20:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll 2015-08-12 12:08 - 2015-07-15 20:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-08-12 12:08 - 2015-07-15 20:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-08-12 12:08 - 2015-07-15 20:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-08-12 12:08 - 2015-07-15 20:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-08-12 12:08 - 2015-07-15 20:00 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-08-12 12:08 - 2015-07-15 20:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-08-12 12:08 - 2015-07-15 20:00 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-08-12 12:08 - 2015-07-15 20:00 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-08-12 12:08 - 2015-07-15 20:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-08-12 12:08 - 2015-07-15 20:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-08-12 12:08 - 2015-07-15 20:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-08-12 12:08 - 2015-07-15 20:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-08-12 12:08 - 2015-07-15 20:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-08-12 12:08 - 2015-07-15 20:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-08-12 12:08 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-08-12 12:08 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-08-12 12:08 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-08-12 12:08 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-08-12 12:08 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-08-12 12:08 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-08-12 12:08 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-08-12 12:08 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-08-12 12:08 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-08-12 12:08 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-08-12 12:08 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-08-12 12:08 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-08-12 12:08 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-08-12 12:08 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-08-12 12:08 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-08-12 12:08 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-08-12 12:08 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-08-12 12:08 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-08-12 12:08 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-08-12 12:08 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-08-12 12:08 - 2015-07-15 19:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-08-12 12:08 - 2015-07-15 19:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-08-12 12:08 - 2015-07-15 19:56 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-08-12 12:08 - 2015-07-15 19:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-08-12 12:08 - 2015-07-15 19:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-08-12 12:08 - 2015-07-15 19:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-08-12 12:08 - 2015-07-15 19:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-08-12 12:08 - 2015-07-15 19:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-08-12 12:08 - 2015-07-15 19:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-08-12 12:08 - 2015-07-15 19:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-08-12 12:08 - 2015-07-15 19:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-08-12 12:08 - 2015-07-15 19:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2015-08-12 12:08 - 2015-07-15 19:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-08-12 12:08 - 2015-07-15 19:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-08-12 12:08 - 2015-07-15 19:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-08-12 12:08 - 2015-07-15 19:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-08-12 12:08 - 2015-07-15 19:53 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2015-08-12 12:08 - 2015-07-15 19:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-08-12 12:08 - 2015-07-15 19:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-08-12 12:08 - 2015-07-15 19:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-08-12 12:08 - 2015-07-15 19:53 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-08-12 12:08 - 2015-07-15 19:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-08-12 12:08 - 2015-07-15 19:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-08-12 12:08 - 2015-07-15 19:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-08-12 12:08 - 2015-07-15 19:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-08-12 12:08 - 2015-07-15 19:44 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-08-12 12:08 - 2015-07-15 19:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-08-12 12:08 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-08-12 12:08 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-08-12 12:08 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-08-12 12:08 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-08-12 12:08 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-08-12 12:08 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-08-12 12:08 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-08-12 12:08 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-08-12 12:08 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-08-12 12:08 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-08-12 12:08 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-08-12 12:08 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-08-12 12:08 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-08-12 12:08 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-08-12 12:08 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-08-12 12:08 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-08-12 12:08 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-08-12 12:08 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-08-12 12:08 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-08-12 12:08 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-08-12 12:08 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-08-12 12:08 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-08-12 12:08 - 2015-07-15 18:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2015-08-12 12:08 - 2015-07-15 18:46 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2015-08-12 12:08 - 2015-07-15 18:46 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2015-08-12 12:08 - 2015-07-15 18:37 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-08-12 12:08 - 2015-07-15 18:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-08-12 12:08 - 2015-07-15 18:34 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-08-12 12:08 - 2015-07-15 18:34 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-08-12 12:08 - 2015-07-15 18:34 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-08-12 12:08 - 2015-07-15 18:34 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-08-12 12:08 - 2015-07-15 05:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll 2015-08-12 12:08 - 2015-07-11 15:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe 2015-08-12 12:04 - 2015-07-30 20:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2015-08-12 12:04 - 2015-07-30 20:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-08-12 12:04 - 2015-07-30 20:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-08-12 12:04 - 2015-07-30 20:06 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2015-08-12 12:04 - 2015-07-30 20:06 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-08-12 12:04 - 2015-07-30 20:06 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2015-08-12 12:04 - 2015-07-30 20:06 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2015-08-12 12:04 - 2015-07-30 19:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2015-08-12 12:04 - 2015-07-30 19:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-08-12 12:04 - 2015-07-30 19:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2015-08-12 12:04 - 2015-07-30 19:57 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-08-12 12:04 - 2015-07-30 19:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2015-08-12 12:04 - 2015-07-30 19:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2015-08-12 12:04 - 2015-07-30 18:56 - 03208192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-08-12 12:04 - 2015-07-30 18:52 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-08-12 12:04 - 2015-07-30 18:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-08-12 12:04 - 2015-07-20 20:12 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-08-12 12:04 - 2015-07-20 20:12 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-08-12 12:04 - 2015-07-20 20:12 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-08-12 12:04 - 2015-07-20 20:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-08-12 12:04 - 2015-07-20 20:12 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-08-12 12:04 - 2015-07-20 20:12 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-08-12 12:04 - 2015-07-20 20:12 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-08-12 12:04 - 2015-07-20 20:12 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-08-12 12:04 - 2015-07-20 20:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-08-12 12:04 - 2015-07-20 20:12 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-08-12 12:04 - 2015-07-20 20:12 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-08-12 12:04 - 2015-07-20 19:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-08-12 12:04 - 2015-07-20 19:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-08-12 12:04 - 2015-07-20 19:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-08-12 12:04 - 2015-07-20 19:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-08-12 12:04 - 2015-07-20 19:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-08-12 12:04 - 2015-07-15 05:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2015-08-12 12:04 - 2015-07-15 05:19 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-08-12 12:04 - 2015-07-15 05:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll 2015-08-12 12:04 - 2015-07-15 05:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2015-08-12 12:04 - 2015-07-15 04:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2015-08-12 12:04 - 2015-07-15 04:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2015-08-12 12:04 - 2015-07-15 04:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll 2015-08-12 12:04 - 2015-07-15 04:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2015-08-12 12:04 - 2015-07-10 19:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-08-12 12:04 - 2015-07-10 19:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2015-08-12 12:04 - 2015-07-09 19:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe 2015-08-12 12:04 - 2015-07-09 19:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe 2015-08-12 12:04 - 2015-07-09 19:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe 2015-08-12 12:04 - 2015-07-01 22:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2015-08-12 12:04 - 2015-07-01 22:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2015-08-12 12:04 - 2015-07-01 22:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll 2015-08-12 12:04 - 2015-07-01 22:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll 2015-08-10 18:46 - 2015-08-10 18:46 - 00000000 ____D C:\Users\Chef\AppData\Local\Microsoft Research 2015-08-10 18:45 - 2015-08-10 18:45 - 00003023 _____ C:\Users\Chef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Joulemeter.lnk 2015-08-10 18:45 - 2015-08-10 18:45 - 00000000 ____D C:\Program Files (x86)\Microsoft Research 2015-08-09 23:14 - 2015-08-10 00:15 - 00000089 _____ C:\Users\Chef\Desktop\serien schauen.txt 2015-08-09 12:28 - 2015-08-09 14:42 - 00000000 ____D C:\Windows\Panther 2015-08-08 11:25 - 2015-08-21 20:31 - 00002175 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-08-08 11:25 - 2015-08-08 11:25 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-08-08 11:25 - 2015-08-08 11:25 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-08-08 11:25 - 2015-08-08 11:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-08-08 11:24 - 2015-08-26 19:29 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-08-08 11:24 - 2015-08-26 11:29 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-08-08 11:24 - 2015-08-08 11:24 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-08-08 11:24 - 2015-08-08 11:24 - 00003638 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-08-26 20:04 - 2014-11-29 05:32 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-08-26 20:01 - 2014-11-15 22:41 - 00000000 ____D C:\Users\Chef\AppData\Roaming\.purple 2015-08-26 19:59 - 2014-11-29 01:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-08-26 19:58 - 2014-11-29 01:51 - 00162528 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2015-08-26 19:58 - 2014-11-29 01:51 - 00141416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2015-08-26 17:35 - 2009-07-14 06:45 - 00025872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-08-26 17:35 - 2009-07-14 06:45 - 00025872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-08-26 13:10 - 2015-07-24 10:20 - 01192903 _____ C:\Windows\WindowsUpdate.log 2015-08-26 10:54 - 2013-11-28 21:56 - 00701814 _____ C:\Windows\system32\perfh007.dat 2015-08-26 10:54 - 2013-11-28 21:56 - 00150480 _____ C:\Windows\system32\perfc007.dat 2015-08-26 10:54 - 2009-07-14 07:13 - 01627626 _____ C:\Windows\system32\PerfStringBackup.INI 2015-08-26 10:50 - 2015-02-17 10:52 - 00000000 ____D C:\Users\Chef\AppData\Local\Deployment 2015-08-26 10:49 - 2014-06-06 22:22 - 00000000 ____D C:\Users\Chef\AppData\Local\LogMeIn Hamachi 2015-08-26 10:48 - 2014-04-06 18:22 - 00000000 ____D C:\ProgramData\VMware 2015-08-26 10:48 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-08-26 01:40 - 2013-11-28 13:05 - 00000000 ____D C:\Users\Chef 2015-08-25 18:24 - 2014-06-12 15:40 - 00000000 ____D C:\Users\Chef\AppData\Local\gtk-2.0 2015-08-25 17:32 - 2014-07-19 21:04 - 00000000 ____D C:\Users\Chef\Desktop\Tranieren gogo! 2015-08-22 13:29 - 2014-12-14 09:51 - 00000000 ____D C:\Program Files\Recuva 2015-08-22 10:12 - 2014-04-15 05:44 - 00000000 ____D C:\Users\Chef\Desktop\Textdateien 2015-08-22 10:07 - 2014-12-20 09:13 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-08-22 10:07 - 2014-12-20 09:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2015-08-21 18:41 - 2014-12-20 09:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-08-21 13:55 - 2013-11-29 11:34 - 00000000 ____D C:\Users\Chef\AppData\Roaming\vlc 2015-08-21 13:34 - 2013-11-28 13:37 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2015-08-16 03:35 - 2014-12-27 00:25 - 00000000 ____D C:\Users\Chef\AppData\Local\CrashDumps 2015-08-15 22:35 - 2014-05-21 19:46 - 00000000 ____D C:\Windows\Minidump 2015-08-14 16:25 - 2014-04-04 20:38 - 00000000 ____D C:\Program Files (x86)\Steam 2015-08-14 13:22 - 2014-10-02 01:30 - 00000000 ____D C:\Users\Chef\Desktop\Tattoos die ich machen lassen will 2015-08-13 14:44 - 2015-07-22 21:23 - 00000000 ____D C:\Windows\rescache 2015-08-13 03:48 - 2015-04-16 00:09 - 00000000 ____D C:\Windows\system32\appraiser 2015-08-13 03:48 - 2014-05-06 18:48 - 00000000 ___SD C:\Windows\system32\CompatTel 2015-08-13 03:06 - 2013-11-29 16:41 - 00000000 ____D C:\Windows\system32\MRT 2015-08-13 03:00 - 2013-11-29 16:41 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-08-13 02:01 - 2015-05-20 16:53 - 00000000 ____D C:\Users\Chef\AppData\Local\MyComGames 2015-08-09 14:34 - 2015-07-10 19:29 - 00000000 ___HD C:\$Windows.~BT 2015-08-09 12:19 - 2013-12-06 14:49 - 00000000 ____D C:\ProgramData\Package Cache 2015-08-08 16:04 - 2015-05-03 19:18 - 00000000 ____D C:\Users\Chef\AppData\Local\Freenet 2015-08-08 11:25 - 2015-02-18 04:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-08-08 11:25 - 2013-11-29 09:16 - 00000000 ____D C:\Program Files (x86)\Google 2015-08-08 11:23 - 2015-04-06 14:28 - 00000000 ___SD C:\Windows\system32\GWX ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2014-04-04 21:05 - 2014-04-04 21:05 - 0000624 _____ () C:\Users\Chef\AppData\Roaming\All CPU MeterV3_Settings.ini 2014-04-05 01:56 - 2014-04-15 00:48 - 0000049 _____ () C:\Users\Chef\AppData\Roaming\install.imp 2014-04-05 01:57 - 2014-04-05 01:57 - 0000043 _____ () C:\Users\Chef\AppData\Roaming\raio93.tmp 2014-10-13 17:48 - 2015-07-10 17:32 - 0001456 _____ () C:\Users\Chef\AppData\Local\Adobe Für Web speichern 13.0 Prefs 2014-04-06 16:15 - 2015-07-19 00:51 - 0017920 _____ () C:\Users\Chef\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-11-25 04:17 - 2014-11-25 04:17 - 0000600 _____ () C:\Users\Chef\AppData\Local\PUTTY.RND 2014-08-10 20:31 - 2014-08-10 20:31 - 0002143 _____ () C:\Users\Chef\AppData\Local\recently-used.xbel 2008-02-05 14:28 - 2008-02-05 14:28 - 0000051 _____ () C:\Users\Chef\AppData\Local\setup.txt Einige Dateien in TEMP: ==================== C:\Users\Chef\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert nointegritychecks: ==> "IntegrityChecks" ist deaktiviert. <===== ACHTUNG LastRegBack: 2015-08-22 15:34 ==================== Ende von FRST.txt ============================ Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:26-08-2015
durchgeführt von Chef (2015-08-26 20:24:08)
Gestartet von C:\Users\Chef\Downloads
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-1794054482-4240154565-431294608-500 - Administrator - Disabled)
Chef (S-1-5-21-1794054482-4240154565-431294608-1000 - Administrator - Enabled) => C:\Users\Chef
Gast (S-1-5-21-1794054482-4240154565-431294608-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1794054482-4240154565-431294608-1002 - Limited - Enabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.7.1.418 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{5AE0838D-19B1-5D12-5FE8-E6503B2C8716}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Avira (HKLM-x32\...\{a5e00a72-db4a-4f77-8874-d1265b8fcd7e}) (Version: 1.1.42.10415 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.42.10415 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.12.420 - Avira Operations GmbH & Co. KG)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bitcoin Armory (HKLM-x32\...\Bitcoin Armory) (Version: 0.93.2.0 - Armory Technologies Inc.)
Bitcoin Core (64-bit) (HKU\S-1-5-21-1794054482-4240154565-431294608-1000\...\Bitcoin Core (64-bit)) (Version: 0.11.0 - Bitcoin Core project)
Bitcoin Core (64-bit) (HKU\S-1-5-21-1794054482-4240154565-431294608-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Bitcoin Core (64-bit)) (Version: 0.11.0 - Bitcoin Core project)
Bitcoin Core (64-bit) (HKU\S-1-5-21-1794054482-4240154565-431294608-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Bitcoin Core (64-bit)) (Version: 0.11.0 - Bitcoin Core project)
BleachBit (HKLM-x32\...\BleachBit) (Version: 1.8 - BleachBit)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine)
CPUID CPU-Z 1.69 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
CrystalDiskInfo 6.0.3 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.0.3 - Crystal Dew World)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
FolderVisualizer (HKLM-x32\...\FolderVisualizer_is1) (Version: 7.1 - Abelssoft)
Geeks3D FurMark 1.12.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version: - Geeks3D)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
HyperCam 3 (HKLM-x32\...\HyperCam 3 3.6.1403.19) (Version: 3.6.1403.19 - Solveig Multimedia)
Intel(R) Network Connections 14.8.43.0 (HKLM\...\PROSetDX) (Version: 14.8.43.0 - Intel)
Intel® Power Gadget 3.0 (HKLM\...\{ABCB69F0-F2E1-4CE5-8E4E-B499113405AC}) (Version: 3.01.5 - Intel)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0000 - JMICRON Technology Corp.)
Joulemeter (HKLM-x32\...\{E043568C-1745-4C69-9D52-43F6E79EB03B}) (Version: 1.2.0 - Microsoft Research)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.303 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.303 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Media Player Codec Pack 4.3.0 (HKLM-x32\...\Media Player - Codec Pack) (Version: 4.3.0 - Media Player Codec Pack)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla)
MultiBit HD 0.1.2 (HKLM\...\6925-4794-5772-4956) (Version: 0.1.2 - Bitcoin Solutions Ltd)
My.com Games (HKU\S-1-5-21-1794054482-4240154565-431294608-1000\...\MyComGames) (Version: 3.123 - My.com B.V.)
My.com Games (HKU\S-1-5-21-1794054482-4240154565-431294608-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MyComGames) (Version: 3.123 - My.com B.V.)
My.com Games (HKU\S-1-5-21-1794054482-4240154565-431294608-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MyComGames) (Version: 3.123 - My.com B.V.)
Nightly 38.0a1 (x64 en-US) (HKLM\...\Nightly 38.0a1 (x64 en-US)) (Version: 38.0a1 - Mozilla)
NirSoft Wireless Network Watcher (HKLM-x32\...\NirSoft Wireless Network Watcher) (Version: - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.9 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OpenSSL 1.0.2d Light (64-bit) (HKLM\...\OpenSSL Light (64-bit)_is1) (Version: - OpenSSL Win64 Installer Team)
OpenVPN 2.3.8-I001 (HKLM\...\OpenVPN) (Version: 2.3.8-I001 - )
PC Inspector File Recovery (HKLM-x32\...\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}) (Version: 4.0 - )
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.11 - )
Proxifier version 3.28 (HKLM-x32\...\Proxifier_is1) (Version: 3.28 - Initex)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
SAMSUNG Android USB Modem Software (HKLM\...\SAMSUNG Android USB Modem) (Version: V5.28.2.1 - )
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.4.4.0 - SAMSUNG Electronics Co., Ltd.)
Sandboxie 4.08 (64-bit) (HKLM\...\Sandboxie) (Version: 4.08 - Sandboxie Holdings, LLC)
Secure Eraser (HKLM-x32\...\Secure Eraser_is1) (Version: 4.2.0.1 - ASCOMP Software GmbH)
skyforge_mycom (HKU\S-1-5-21-1794054482-4240154565-431294608-1000\...\skyforge_mycom) (Version: 1.30 - My.com B.V.)
skyforge_mycom (HKU\S-1-5-21-1794054482-4240154565-431294608-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\skyforge_mycom) (Version: 1.30 - My.com B.V.)
skyforge_mycom (HKU\S-1-5-21-1794054482-4240154565-431294608-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\skyforge_mycom) (Version: 1.30 - My.com B.V.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Smart Technology Programming Software 7.0.27.13 (HKLM\...\{C9193CBB-C31A-412A-A074-AD08F0F2CF3D}) (Version: 7.0.27.13 - Mad Catz)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
SSD Tweaker version 3.4.2 (HKLM-x32\...\{83FA601A-241A-4956-8A21-F7D525C4422F}_is1) (Version: 3.4.2 - Elpamsoft.com)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
TAP-Windows 9.21.1 (HKLM\...\TAP-Windows) (Version: 9.21.1 - )
TeamSpeak 3 Client (HKU\S-1-5-21-1794054482-4240154565-431294608-1000\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamSpeak 3 Client (HKU\S-1-5-21-1794054482-4240154565-431294608-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamSpeak 3 Client (HKU\S-1-5-21-1794054482-4240154565-431294608-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Uninstall Tool (HKLM\...\Uninstall Tool_is1) (Version: 3.4 - CrystalIDEA Software, Inc.)
Unity Web Player (HKU\S-1-5-21-1794054482-4240154565-431294608-1000\...\UnityWebPlayer) (Version: 4.5.3f3 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-1794054482-4240154565-431294608-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\UnityWebPlayer) (Version: 4.5.3f3 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-1794054482-4240154565-431294608-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\UnityWebPlayer) (Version: 4.5.3f3 - Unity Technologies ApS)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
Vegas Pro 12.0 (64-bit) (HKLM\...\{BE94768F-5232-11E3-BD78-F04DA23A5C58}) (Version: 12.0.770 - Sony)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VMware Player (HKLM-x32\...\VMware_Player) (Version: 7.1.2 - VMware, Inc)
VMware Player (Version: 7.1.2 - VMware, Inc.) Hidden
VPN Manager 1.6.71.0 (HKLM-x32\...\VPN Manager) (Version: 1.6.71.0 - Perfect-Privacy)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 5.10 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.1 - win.rar GmbH)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-1794054482-4240154565-431294608-1000_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1794054482-4240154565-431294608-1000_Classes\CLSID\{97d5bef9-644a-4163-a796-18bf29686beb}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
==================== Wiederherstellungspunkte =========================
13-08-2015 03:00:14 Windows Update
16-08-2015 12:28:34 Windows Update
16-08-2015 19:00:11 Windows-Sicherung
19-08-2015 12:59:47 Windows Update
20-08-2015 00:43:43 Windows Update
20-08-2015 16:13:16 Revo Uninstaller's restore point - Arc
20-08-2015 16:14:27 Revo Uninstaller's restore point - Apple Application Support
20-08-2015 16:15:39 Revo Uninstaller's restore point - Fraps (remove only)
20-08-2015 16:34:16 Prüfpunkt von HitmanPro
20-08-2015 16:34:42 Prüfpunkt von HitmanPro
21-08-2015 13:34:33 Installiert PC Inspector File Recovery
21-08-2015 15:28:46 Revo Uninstaller's restore point - Nostale(DE)
21-08-2015 15:29:59 Revo Uninstaller's restore point - Gameforge Live 2.0.8
23-08-2015 01:26:11 Revo Uninstaller's restore point - SaferVPN 2.6.1
23-08-2015 11:56:49 Windows Update
23-08-2015 19:43:13 Gerätetreiber-Paketinstallation: TAP-Win32 Provider V9 Netzwerkadapter
23-08-2015 20:53:31 Revo Uninstaller's restore point - 3monkey
23-08-2015 21:21:35 Revo Uninstaller's restore point - ZenVPN
25-08-2015 16:29:10 Revo Uninstaller's restore point - Bitcoin Armory
25-08-2015 16:30:21 Revo Uninstaller's restore point - Bitcoin Armory
==================== Hosts Inhalt: ==========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2014-12-02 02:38 - 2014-12-23 04:02 - 00000157 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.vscan.n0.1 188.165.234.50
127.0.0.1 38.101.213.249
127.0.0.1 jotti.org
127.0.0.1 www.jotti.org
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {09B7A4FA-571A-4E1E-BD9F-D53224FE967A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-08] (Google Inc.)
Task: {1A2953E4-A680-4855-9F86-31B2D4456BFC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {1F526CA0-DF64-4AF2-B859-B71C0AD9E1C2} - System32\Tasks\Pointstone\System Cleaner\Daily Notice => C:\Program Files (x86)\Pointstone\System Cleaner 7\Helper.exe
Task: {315EB81A-F6F1-40BE-807C-9A3EB8E63607} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-08] (Google Inc.)
Task: {71DB146A-84D6-4B1A-B56B-41F3FDEB4325} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {795ADA0C-A5CE-44A1-B55A-84346DD546B5} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {CB636306-BBB7-48CA-9D7B-F3961EA41189} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {FFFAB688-5F5D-4F59-99C0-EA4154304FEA} - System32\Tasks\Pointstone\System Cleaner\Log On Notice => C:\Program Files (x86)\Pointstone\System Cleaner 7\Helper.exe
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-06-23 18:48 - 2015-03-28 15:55 - 00096840 _____ () C:\Windows\system32\PrxerNsp.dll
2014-07-16 11:06 - 2014-07-16 11:06 - 00672416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2014-04-04 21:05 - 2014-04-04 21:05 - 00012520 _____ () C:\Users\Chef\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\CoreTempReader.dll
2014-04-04 21:05 - 2014-04-04 21:05 - 00015080 _____ () C:\Users\Chef\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\GetCoreTempInfoNET.dll
2014-04-04 21:05 - 2014-04-04 21:05 - 00014056 _____ () C:\Users\Chef\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\SystemInfo.dll
2014-11-22 02:03 - 2014-11-22 02:03 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-05-31 07:59 - 2015-05-31 07:59 - 01301696 _____ () E:\Programme\libxml2.dll
2015-08-21 20:31 - 2015-08-18 07:23 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libglesv2.dll
2015-08-21 20:31 - 2015-08-18 07:23 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libegl.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00036878 _____ () C:\Program Files (x86)\Pidgin\libssp-0.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00671031 _____ () C:\Program Files (x86)\Pidgin\exchndl.dll
2015-07-05 23:26 - 2015-07-05 23:26 - 00904525 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libcairo-2.dll
2015-07-05 23:26 - 2015-07-05 23:26 - 00279059 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libfontconfig-1.dll
2015-07-05 23:26 - 2015-07-05 23:26 - 00177586 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libexpat-1.dll
2015-07-05 23:26 - 2015-07-05 23:26 - 00553382 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\freetype6.dll
2015-07-05 23:26 - 2015-07-05 23:26 - 00216992 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libpng14-14.dll
2015-07-05 23:26 - 2015-07-05 23:26 - 00100352 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\zlib1.dll
2014-11-23 19:33 - 2014-11-23 19:33 - 01274655 _____ () C:\Program Files (x86)\Pidgin\libxml2-2.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00475580 _____ () C:\Program Files (x86)\Pidgin\spellcheck\libgtkspell-0.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00021075 _____ () C:\Program Files (x86)\Pidgin\plugins\.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00020997 _____ () C:\Program Files (x86)\Pidgin\plugins\autoaccept.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00013253 _____ () C:\Program Files (x86)\Pidgin\plugins\buddynote.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00024924 _____ () C:\Program Files (x86)\Pidgin\plugins\convcolors.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00015702 _____ () C:\Program Files (x86)\Pidgin\plugins\extplacement.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00014147 _____ () C:\Program Files (x86)\Pidgin\plugins\gtkbuddynote.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00018882 _____ () C:\Program Files (x86)\Pidgin\plugins\history.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00012865 _____ () C:\Program Files (x86)\Pidgin\plugins\iconaway.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00019043 _____ () C:\Program Files (x86)\Pidgin\plugins\idle.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00018555 _____ () C:\Program Files (x86)\Pidgin\plugins\joinpart.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00015074 _____ () C:\Program Files (x86)\Pidgin\plugins\libaim.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00311021 _____ () C:\Program Files (x86)\Pidgin\liboscar.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00092398 _____ () C:\Program Files (x86)\Pidgin\plugins\libbonjour.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00328186 _____ () C:\Program Files (x86)\Pidgin\plugins\libgg.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00016005 _____ () C:\Program Files (x86)\Pidgin\plugins\libicq.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00107365 _____ () C:\Program Files (x86)\Pidgin\plugins\libirc.dll
2014-11-23 19:33 - 2014-11-23 19:33 - 00190464 _____ () C:\Program Files (x86)\Pidgin\libsasl.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00374169 _____ () C:\Program Files (x86)\Pidgin\plugins\libmsn.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00150598 _____ () C:\Program Files (x86)\Pidgin\plugins\libmxit.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00106671 _____ () C:\Program Files (x86)\Pidgin\plugins\libmyspace.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00123540 _____ () C:\Program Files (x86)\Pidgin\plugins\libnovell.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00116071 _____ () C:\Program Files (x86)\Pidgin\plugins\libsametime.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00152852 _____ () C:\Program Files (x86)\Pidgin\libmeanwhile-1.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00171123 _____ () C:\Program Files (x86)\Pidgin\plugins\libsilc.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 02097721 _____ () C:\Program Files (x86)\Pidgin\libsilc-1-1-2.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00818985 _____ () C:\Program Files (x86)\Pidgin\libsilcclient-1-1-3.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00055880 _____ () C:\Program Files (x86)\Pidgin\plugins\libsimple.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00021337 _____ () C:\Program Files (x86)\Pidgin\plugins\libxmpp.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00417758 _____ () C:\Program Files (x86)\Pidgin\libjabber.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00022832 _____ () C:\Program Files (x86)\Pidgin\plugins\libyahoo.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00236666 _____ () C:\Program Files (x86)\Pidgin\libymsg.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00019793 _____ () C:\Program Files (x86)\Pidgin\plugins\libyahoojp.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00047934 _____ () C:\Program Files (x86)\Pidgin\plugins\log_reader.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00021795 _____ () C:\Program Files (x86)\Pidgin\plugins\markerline.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00013456 _____ () C:\Program Files (x86)\Pidgin\plugins\newline.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00029225 _____ () C:\Program Files (x86)\Pidgin\plugins\notify.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00017023 _____ () C:\Program Files (x86)\Pidgin\plugins\offlinemsg.dll
2012-09-09 15:17 - 2014-10-21 11:07 - 00750080 _____ () C:\Program Files (x86)\Pidgin\plugins\pidgin-otr.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00029256 _____ () C:\Program Files (x86)\Pidgin\plugins\pidginrc.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00015380 _____ () C:\Program Files (x86)\Pidgin\plugins\psychic.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00015429 _____ () C:\Program Files (x86)\Pidgin\plugins\relnot.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00015045 _____ () C:\Program Files (x86)\Pidgin\plugins\sendbutton.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00069625 _____ () C:\Program Files (x86)\Pidgin\plugins\spellchk.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00031993 _____ () C:\Program Files (x86)\Pidgin\plugins\ssl-nss.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00012004 _____ () C:\Program Files (x86)\Pidgin\plugins\ssl.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00015978 _____ () C:\Program Files (x86)\Pidgin\plugins\statenotify.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00030353 _____ () C:\Program Files (x86)\Pidgin\plugins\themeedit.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00032020 _____ () C:\Program Files (x86)\Pidgin\plugins\ticker.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00018399 _____ () C:\Program Files (x86)\Pidgin\plugins\timestamp.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00023851 _____ () C:\Program Files (x86)\Pidgin\plugins\timestamp_format.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00029791 _____ () C:\Program Files (x86)\Pidgin\plugins\win2ktrans.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00030771 _____ () C:\Program Files (x86)\Pidgin\plugins\winprefs.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00037191 _____ () C:\Program Files (x86)\Pidgin\plugins\xmppconsole.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00044494 _____ () C:\Program Files (x86)\Pidgin\plugins\xmppdisco.dll
2014-11-23 19:33 - 2014-11-23 19:33 - 00102400 _____ () C:\Program Files (x86)\Pidgin\sasl2\saslANONYMOUS.dll
2014-11-23 19:33 - 2014-11-23 19:33 - 00115712 _____ () C:\Program Files (x86)\Pidgin\sasl2\saslCRAMMD5.dll
2014-11-23 19:33 - 2014-11-23 19:33 - 00140288 _____ () C:\Program Files (x86)\Pidgin\sasl2\saslDIGESTMD5.dll
2014-11-23 19:33 - 2014-11-23 19:33 - 00102912 _____ () C:\Program Files (x86)\Pidgin\sasl2\saslLOGIN.dll
2014-11-23 19:33 - 2014-11-23 19:33 - 00102912 _____ () C:\Program Files (x86)\Pidgin\sasl2\saslPLAIN.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00486400 _____ () C:\Program Files (x86)\Pidgin\sqlite3.dll
2015-07-05 23:26 - 2015-07-05 23:26 - 00090496 _____ () C:\Program Files (x86)\Pidgin\Gtk\lib\gtk-2.0\2.10.0\engines\libwimp.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\Windows:nlsPreferences
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1794054482-4240154565-431294608-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Chef\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1794054482-4240154565-431294608-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Chef\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1794054482-4240154565-431294608-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper -> C:\Users\Chef\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1 - 208.67.222.222
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist deaktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CodecPackUpdateChecker.lnk => C:\Windows\pss\CodecPackUpdateChecker.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Chef^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Windows.lnk => C:\Windows\pss\Windows.lnk.Startup
MSCONFIG\startupreg: 20140526 => C:\Program Files\AVAST Software\Avast\setup\emupdate\61bb73a8-8ce9-435f-9aba-119ec3af211b.exe /check
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: amd_dc_opt => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: CyberGhost => "C:\Program Files\CyberGhost 5\CyberGhost.EXE" /autostart
MSCONFIG\startupreg: Eraser => "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart
MSCONFIG\startupreg: ESL Wire =>
MSCONFIG\startupreg: IDVCMqTtsz => C:\Users\Chef\AppData\Roaming\YiuOajmLWi\CktSXTLOCq.exe.lnk
MSCONFIG\startupreg: JMB36X IDE Setup => C:\Windows\RaidTool\xInsIDE.exe
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: Malwarebytes Anti-Malware (cleanup) => "C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe" "C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware "
MSCONFIG\startupreg: MyComGames => "C:\Users\Chef\AppData\Local\MyComGames\MyComGames.exe" -autostart
MSCONFIG\startupreg: OKAYFREEDOM_Agent => "C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe" -agent
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SaiMfd => C:\Program Files\SmartTechnology\Software\SaiMfd.exe
MSCONFIG\startupreg: SandboxieControl => "E:\Programme\SbieCtrl.exe"
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Svchost => C:\Users\Chef\AppData\Roaming\Svchost\Svchost.exe
MSCONFIG\startupreg: tOu27U => C:\Users\Chef\rAn71N\Svchost.exe
MSCONFIG\startupreg: Vidalia => "C:\Program Files (x86)\Vidalia Bridge Bundle\Vidalia\vidalia.exe"
MSCONFIG\startupreg: winupdater => C:\Windows\system32\Windupdt\winupdate.exe
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{50A4F142-2B1C-4772-A461-BE901370A249}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4306BCAD-03D1-47E1-87D0-9075E937E032}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{BB3E011D-2EBF-4FAD-9B2C-6950D083AFC4}E:\programme\bin\javaw.exe] => (Allow) E:\programme\bin\javaw.exe
FirewallRules: [UDP Query User{50482989-9801-4479-8DAB-F1FDDDE6A40F}E:\programme\bin\javaw.exe] => (Allow) E:\programme\bin\javaw.exe
FirewallRules: [TCP Query User{B0D1D2F0-C4BB-4275-8D9F-92C264E999B1}E:\programme\bin\javaw.exe] => (Block) E:\programme\bin\javaw.exe
FirewallRules: [UDP Query User{DF7FD6A0-1B42-4221-8B6A-B1EC4A7F4F44}E:\programme\bin\javaw.exe] => (Block) E:\programme\bin\javaw.exe
FirewallRules: [{8F4B87C1-7377-4D11-809D-A4F7AF4D3180}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{ABA8BCA9-8CC4-4CC7-8493-9BBC088B7B19}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{23DEC1B0-C0AB-4836-AFE9-A57A9D0FC1CA}C:\program files\onone software\perfect effects 8\perfect effects 8.exe] => (Allow) C:\program files\onone software\perfect effects 8\perfect effects 8.exe
FirewallRules: [UDP Query User{97DDBA30-E351-498D-A68A-86E2BA0D9B41}C:\program files\onone software\perfect effects 8\perfect effects 8.exe] => (Allow) C:\program files\onone software\perfect effects 8\perfect effects 8.exe
FirewallRules: [{EC059104-D072-497C-A534-287EEE752F26}] => (Block) C:\program files\onone software\perfect effects 8\perfect effects 8.exe
FirewallRules: [{B64E5274-A4A3-4C11-B15A-DCF467B570F4}] => (Block) C:\program files\onone software\perfect effects 8\perfect effects 8.exe
FirewallRules: [{AD0C2834-55B7-4504-9A9B-01CFF2CBA15C}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{852AE057-91F9-4403-AC54-A6C29F437AE9}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{3D420990-659C-42A0-BD42-260D004BB053}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{B961684A-C6E0-4E91-9249-5683032C00AC}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{E889CF15-63A6-48D6-A4B4-51E67A2689A4}] => (Allow) LPort=56504
FirewallRules: [{13354C13-D150-48F7-93FB-8765F01877FD}] => (Allow) LPort=56504
FirewallRules: [{6DAD0D07-2309-4C9B-9135-0498D27F4B65}] => (Allow) LPort=56504
FirewallRules: [{813AD3C0-5272-4FEF-87F1-AFFCADE9C207}] => (Allow) LPort=56504
FirewallRules: [{3C6FB794-440C-4CD5-AF52-BECA7B903891}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [TCP Query User{A4544990-4DA4-465C-871C-5EEE82374DB0}C:\program files\nightly\firefox.exe] => (Allow) C:\program files\nightly\firefox.exe
FirewallRules: [UDP Query User{2710473B-8CB2-4D18-A889-1FD1D4533C78}C:\program files\nightly\firefox.exe] => (Allow) C:\program files\nightly\firefox.exe
FirewallRules: [{0E07DB66-ABB1-43CA-B476-964575368342}] => (Allow) C:\Program Files\Nightly\firefox.exe
FirewallRules: [{79F70287-2524-4293-80BA-863DF70E7495}] => (Allow) C:\Program Files\Nightly\firefox.exe
FirewallRules: [TCP Query User{7D3721EB-9740-4924-AE6F-B09F32A11906}C:\program files\nightly\firefox.exe] => (Allow) C:\program files\nightly\firefox.exe
FirewallRules: [UDP Query User{3EDE6D30-316B-48D0-9B9F-AA23904586BF}C:\program files\nightly\firefox.exe] => (Allow) C:\program files\nightly\firefox.exe
FirewallRules: [{D27FDE1D-969E-4EEA-8A67-F10D5D785BB6}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{9BA4301C-7F81-4B83-B57B-B0487DA05B92}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [TCP Query User{5ABC8200-2CC6-44D4-9329-9E1B1DF8A5A6}C:\program files (x86)\java\jre1.8.0_45\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\java.exe
FirewallRules: [UDP Query User{7F3B7113-7D9D-4468-B208-DE47A53BFF35}C:\program files (x86)\java\jre1.8.0_45\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\java.exe
FirewallRules: [TCP Query User{C94059CB-1FC1-4701-8BEC-163949030004}C:\users\chef\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\chef\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [UDP Query User{3800A439-00CE-4B0E-8C7F-E120B28ED246}C:\users\chef\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\chef\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [{CA69B36B-874D-4AD3-86E6-C53DFFB8A8B1}] => (Allow) E:\Programme\vmware-authd.exe
FirewallRules: [{000D6075-B40F-4FF4-A45A-D0850F884395}] => (Allow) E:\Programme\vmware-authd.exe
FirewallRules: [{0F6F5C0B-F395-437F-9FD2-7C0BBE5860C5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8BCA6CFC-1407-4325-A654-0891772BB440}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A0363F27-47BA-40B2-97EB-C80523DA7105}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: Atheros AR928X Wireless Network Adapter
Description: Atheros AR928X Wireless Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (08/26/2015 10:50:03 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/26/2015 09:49:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/25/2015 05:10:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm electrum.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: f10
Startzeit: 01d0df42f20a4ee5
Endzeit: 13
Anwendungspfad: C:\PROGRA~2\Electrum\electrum.exe
Berichts-ID: 77ee89c0-4b3b-11e5-a5bc-005056c00008
Error: (08/25/2015 12:37:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/24/2015 11:40:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/23/2015 08:45:00 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoID={506D030A-8422-4501-83AC-64D72640D6C6}: Der Benutzer "Chef-PC\Chef" hat eine Verbindung mit dem Namen "VPN" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 0.
Error: (08/23/2015 08:42:36 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoID={78176B8C-30C2-4FA9-9D4E-6DD32254FE58}: Der Benutzer "Chef-PC\Chef" hat eine Verbindung mit dem Namen "VPN" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 0.
Error: (08/23/2015 11:44:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/23/2015 01:36:49 AM) (Source: OpenVPNService) (EventID: 0) (User: )
Description: OpenVPNService error: 0StartServiceCtrlDispatcher failed.
Error: (08/23/2015 01:35:05 AM) (Source: OpenVPNService) (EventID: 0) (User: )
Description: OpenVPNService error: 0StartServiceCtrlDispatcher failed.
Systemfehler:
=============
Error: (08/26/2015 10:48:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ESL Wire Helper Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (08/26/2015 10:48:18 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 26.08.2015 um 10:17:51 unerwartet heruntergefahren.
Error: (08/26/2015 10:03:09 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80240020 fehlgeschlagen: Upgrade auf Windows 10 Pro
Error: (08/26/2015 09:47:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ESL Wire Helper Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (08/25/2015 12:51:33 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80240020 fehlgeschlagen: Upgrade auf Windows 10 Pro
Error: (08/25/2015 12:36:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ESL Wire Helper Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (08/24/2015 11:54:45 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80240020 fehlgeschlagen: Upgrade auf Windows 10 Pro
Error: (08/24/2015 11:39:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ESL Wire Helper Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (08/23/2015 11:57:14 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80240020 fehlgeschlagen: Upgrade auf Windows 10 Pro
Error: (08/23/2015 11:42:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ESL Wire Helper Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Microsoft Office:
=========================
Error: (08/26/2015 10:50:03 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/26/2015 09:49:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/25/2015 05:10:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: electrum.exe0.0.0.0f1001d0df42f20a4ee513C:\PROGRA~2\Electrum\electrum.exe77ee89c0-4b3b-11e5-a5bc-005056c00008
Error: (08/25/2015 12:37:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/24/2015 11:40:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/23/2015 08:45:00 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: {506D030A-8422-4501-83AC-64D72640D6C6}Chef-PC\ChefVPN0
Error: (08/23/2015 08:42:36 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: {78176B8C-30C2-4FA9-9D4E-6DD32254FE58}Chef-PC\ChefVPN0
Error: (08/23/2015 11:44:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/23/2015 01:36:49 AM) (Source: OpenVPNService) (EventID: 0) (User: )
Description: OpenVPNService error: 0StartServiceCtrlDispatcher failed.
Error: (08/23/2015 01:35:05 AM) (Source: OpenVPNService) (EventID: 0) (User: )
Description: OpenVPNService error: 0StartServiceCtrlDispatcher failed.
CodeIntegrity:
===================================
Date: 2015-06-18 17:03:42.345
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Chef\AppData\Local\Temp\qyl9h6e7wn" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-06-18 17:03:42.315
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Chef\AppData\Local\Temp\qyl9h6e7wn" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-06-08 11:10:18.256
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Chef\AppData\Local\Temp\nzsaigm2dc" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-06-08 11:10:18.228
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Chef\AppData\Local\Temp\nzsaigm2dc" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-06-08 10:54:21.645
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Chef\AppData\Local\Temp\nzsaigm2dc" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-06-08 10:54:21.616
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Chef\AppData\Local\Temp\nzsaigm2dc" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-06-08 10:54:09.026
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Chef\AppData\Local\Temp\nzsaigm2dc" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-06-08 10:54:08.998
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Chef\AppData\Local\Temp\nzsaigm2dc" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-04-08 02:39:16.152
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Chef\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-04-08 02:39:16.103
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Chef\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Speicherinformationen ===========================
Processor: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz
Prozentuale Nutzung des RAM: 28%
Installierter physikalischer RAM: 8151.12 MB
Verfügbarer physikalischer RAM: 5862.4 MB
Summe virtueller Speicher: 16300.44 MB
Verfügbarer virtueller Speicher: 13009.19 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:117.28 GB) (Free:11.04 GB) NTFS
Drive e: (Volume) (Fixed) (Total:465.76 GB) (Free:415.58 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 117.4 GB) (Disk ID: 542385B8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=117.3 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 00042270)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
Geändert von RockThatBody (26.08.2015 um 19:36 Uhr) |
|
27.08.2015, 15:12
| #4 |
| /// the machine /// TB-Ausbilder | Win32 Dateien verschieben und löschen sich Virus ggf Trojaner hi, Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
27.08.2015, 19:33
| #5 |
| | Win32 Dateien verschieben und löschen sich Virus ggf Trojaner Beide haben irgendwie nichts gefunden. Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.9.2.1008
www.malwarebytes.org
Database version:
main: v2015.08.27.04
rootkit: v2015.08.16.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17959
Chef :: CHEF-PC [administrator]
27.08.2015 20:16:41
mbar-log-2015-08-27 (20-16-41).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 394566
Time elapsed: 12 minute(s), 49 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter 20:31:17.0533 0x1554 TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57
20:31:20.0713 0x1554 ============================================================
20:31:20.0713 0x1554 Current date / time: 2015/08/27 20:31:20.0713
20:31:20.0713 0x1554 SystemInfo:
20:31:20.0713 0x1554
20:31:20.0713 0x1554 OS Version: 6.1.7601 ServicePack: 1.0
20:31:20.0713 0x1554 Product type: Workstation
20:31:20.0713 0x1554 ComputerName: CHEF-PC
20:31:20.0713 0x1554 UserName: Chef
20:31:20.0713 0x1554 Windows directory: C:\Windows
20:31:20.0713 0x1554 System windows directory: C:\Windows
20:31:20.0713 0x1554 Running under WOW64
20:31:20.0713 0x1554 Processor architecture: Intel x64
20:31:20.0713 0x1554 Number of processors: 4
20:31:20.0713 0x1554 Page size: 0x1000
20:31:20.0713 0x1554 Boot type: Normal boot
20:31:20.0713 0x1554 ============================================================
20:31:22.0894 0x1554 KLMD registered as C:\Windows\system32\drivers\20694363.sys
20:31:23.0707 0x1554 System UUID: {90239AE4-F7FD-2363-EC99-CF32E682BCCB}
20:31:25.0108 0x1554 Drive \Device\Harddisk0\DR0 - Size: 0x1D5849E000 ( 117.38 Gb ), SectorSize: 0x200, Cylinders: 0x3BDA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:31:25.0139 0x1554 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:31:25.0139 0x1554 ============================================================
20:31:25.0139 0x1554 \Device\Harddisk0\DR0:
20:31:25.0139 0x1554 MBR partitions:
20:31:25.0139 0x1554 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:31:25.0139 0x1554 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xEA8F000
20:31:25.0139 0x1554 \Device\Harddisk1\DR1:
20:31:25.0139 0x1554 MBR partitions:
20:31:25.0139 0x1554 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800
20:31:25.0139 0x1554 ============================================================
20:31:25.0155 0x1554 C: <-> \Device\Harddisk0\DR0\Partition2
20:31:25.0155 0x1554 E: <-> \Device\Harddisk1\DR1\Partition1
20:31:25.0170 0x1554 ============================================================
20:31:25.0170 0x1554 Initialize success
20:31:25.0170 0x1554 ============================================================
20:31:27.0930 0x14c4 ============================================================
20:31:27.0930 0x14c4 Scan started
20:31:27.0930 0x14c4 Mode: Manual;
20:31:27.0930 0x14c4 ============================================================
20:31:27.0930 0x14c4 KSN ping started
20:31:30.0687 0x14c4 KSN ping finished: true
20:31:31.0125 0x14c4 ================ Scan system memory ========================
20:31:31.0125 0x14c4 System memory - ok
20:31:31.0125 0x14c4 ================ Scan services =============================
20:31:31.0188 0x14c4 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:31:31.0204 0x14c4 1394ohci - ok
20:31:31.0219 0x14c4 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:31:31.0235 0x14c4 ACPI - ok
20:31:31.0235 0x14c4 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:31:31.0235 0x14c4 AcpiPmi - ok
20:31:31.0250 0x14c4 [ 013697369EAFFA675D0671607F036020, 65611C775AC4681E46A6565E5A7A4FF3363C66EBDC98C4C58AFB365D40BE23B6 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:31:31.0250 0x14c4 AdobeARMservice - ok
20:31:31.0266 0x14c4 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
20:31:31.0282 0x14c4 adp94xx - ok
20:31:31.0297 0x14c4 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
20:31:31.0297 0x14c4 adpahci - ok
20:31:31.0313 0x14c4 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
20:31:31.0313 0x14c4 adpu320 - ok
20:31:31.0313 0x14c4 [ 83BFCCAC53795E8A5055A93672D0C46C, B2B03473D950A5BA9DE59D81E7B14C1FAFF17B2A4D8A5808588F5CC21D63B291 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:31:31.0329 0x14c4 AeLookupSvc - ok
20:31:31.0329 0x14c4 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
20:31:31.0344 0x14c4 AFD - ok
20:31:31.0360 0x14c4 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
20:31:31.0360 0x14c4 agp440 - ok
20:31:31.0360 0x14c4 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
20:31:31.0360 0x14c4 ALG - ok
20:31:31.0360 0x14c4 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
20:31:31.0375 0x14c4 aliide - ok
20:31:31.0375 0x14c4 [ 68B2C801CDB2B3838E9C27C3C6F66C73, D2E7A062973CB4D1C33A299D5AEFCE943EB59934EBA427F3C99D03A56EFF7A96 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:31:31.0391 0x14c4 AMD External Events Utility - ok
20:31:31.0391 0x14c4 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
20:31:31.0391 0x14c4 amdide - ok
20:31:31.0391 0x14c4 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
20:31:31.0391 0x14c4 AmdK8 - ok
20:31:31.0719 0x14c4 [ 784C941B5A19D69814F9514CFB733906, 496E78FE91B1D6E146EEB79297C4A131D50875A8385438C376CA58A245D4A77E ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
20:31:32.0032 0x14c4 amdkmdag - ok
20:31:32.0063 0x14c4 [ 954759EAE7FB2591A5E7206AB0093AE7, A47FFCE75767CFE79A1CD2B42DC1FEEC8C65C0E503289DC70B751FECDD9CE9FF ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
20:31:32.0079 0x14c4 amdkmdap - ok
20:31:32.0079 0x14c4 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
20:31:32.0079 0x14c4 AmdPPM - ok
20:31:32.0094 0x14c4 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:31:32.0094 0x14c4 amdsata - ok
20:31:32.0094 0x14c4 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
20:31:32.0110 0x14c4 amdsbs - ok
20:31:32.0110 0x14c4 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:31:32.0110 0x14c4 amdxata - ok
20:31:32.0157 0x14c4 [ 9FE1AC875A7AD7B7FF28FEC8B754968D, EEE04D4073E49332C85028B62E8A035EAA2284526A3F3820133492C8F8CBA3D5 ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
20:31:32.0172 0x14c4 AntiVirMailService - ok
20:31:32.0188 0x14c4 [ E20B4F23EB153635D67944F63454EC84, FEE76A74767CDB33415C64F08AE1FF248F505AF22C1F1BA1EBB5CC6A75E3926F ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
20:31:32.0204 0x14c4 AntiVirSchedulerService - ok
20:31:32.0219 0x14c4 [ E20B4F23EB153635D67944F63454EC84, FEE76A74767CDB33415C64F08AE1FF248F505AF22C1F1BA1EBB5CC6A75E3926F ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
20:31:32.0219 0x14c4 AntiVirService - ok
20:31:32.0266 0x14c4 [ D9A8EE3F4A1E604B9315B34A5AA4569E, 287BA8FA1949646E03D39F36F50C016251358A8A454EE19D249E76A723F1455E ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
20:31:32.0297 0x14c4 AntiVirWebService - ok
20:31:32.0297 0x14c4 [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID C:\Windows\system32\drivers\appid.sys
20:31:32.0297 0x14c4 AppID - ok
20:31:32.0313 0x14c4 [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:31:32.0313 0x14c4 AppIDSvc - ok
20:31:32.0313 0x14c4 [ 978DC0A1FBE9CC91B21B40AF66CB396A, 90BAFF81D98F5AFD743D8BD65F716666A7A7BD2DA612492E03C79B29E9A0F8C2 ] Appinfo C:\Windows\System32\appinfo.dll
20:31:32.0313 0x14c4 Appinfo - ok
20:31:32.0329 0x14c4 [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
20:31:32.0329 0x14c4 AppMgmt - ok
20:31:32.0329 0x14c4 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
20:31:32.0344 0x14c4 arc - ok
20:31:32.0344 0x14c4 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
20:31:32.0344 0x14c4 arcsas - ok
20:31:32.0375 0x14c4 [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:31:32.0375 0x14c4 aspnet_state - ok
20:31:32.0375 0x14c4 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:31:32.0375 0x14c4 AsyncMac - ok
20:31:32.0391 0x14c4 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
20:31:32.0391 0x14c4 atapi - ok
20:31:32.0469 0x14c4 [ A5E770426D18F8EF332A593F3289DA91, 87AC97758618765814B630CB1A189CD690DC6B0EAAE93D80EDE7771FB362C9AF ] athr C:\Windows\system32\DRIVERS\athrx.sys
20:31:32.0532 0x14c4 athr - ok
20:31:32.0532 0x14c4 [ 37CB595C0AB20ECBFA5170D3185690DB, 23CA3DC63C35649021AAFF0721BA8A7DF546B5CD1530A35AAAC3E742A787A7D2 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
20:31:32.0547 0x14c4 AtiHDAudioService - ok
20:31:32.0563 0x14c4 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:31:32.0579 0x14c4 AudioEndpointBuilder - ok
20:31:32.0594 0x14c4 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:31:32.0610 0x14c4 AudioSrv - ok
20:31:32.0625 0x14c4 [ 24843902369DC82B4691F816F08F2938, 330E22C6007B10FE9C232BBCA2F388ADA17DEDBAA11BEC2A70377A4466DFB6FA ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
20:31:32.0625 0x14c4 avgntflt - ok
20:31:32.0641 0x14c4 [ 043E5F34C3878C844568658B79B3E55C, D13D8FC5205562E02F252C0EE1AB2236C9212445D6EC3715041EBDF993CB467F ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
20:31:32.0641 0x14c4 avipbb - ok
20:31:32.0657 0x14c4 [ 4B3DBF1CEBE1B2346BF2F8D2251F641A, CDC5BCA35BE658007E29E94E7FBFAA499B50929E738A12904397D16268C6FBAE ] Avira.ServiceHost C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
20:31:32.0657 0x14c4 Avira.ServiceHost - ok
20:31:32.0657 0x14c4 [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
20:31:32.0657 0x14c4 avkmgr - ok
20:31:32.0672 0x14c4 [ 13253E5E3B6BDF945B63B336A8C9489B, 671C716E43F89D4BDDAA2BE045CDEBBB569C85BC2BA334E1F550187B79A7740D ] avnetflt C:\Windows\system32\DRIVERS\avnetflt.sys
20:31:32.0672 0x14c4 avnetflt - ok
20:31:32.0672 0x14c4 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:31:32.0672 0x14c4 AxInstSV - ok
20:31:32.0688 0x14c4 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
20:31:32.0704 0x14c4 b06bdrv - ok
20:31:32.0719 0x14c4 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
20:31:32.0719 0x14c4 b57nd60a - ok
20:31:32.0735 0x14c4 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
20:31:32.0735 0x14c4 BDESVC - ok
20:31:32.0735 0x14c4 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
20:31:32.0735 0x14c4 Beep - ok
20:31:32.0766 0x14c4 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
20:31:32.0782 0x14c4 BFE - ok
20:31:32.0797 0x14c4 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
20:31:32.0829 0x14c4 BITS - ok
20:31:32.0829 0x14c4 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:31:32.0829 0x14c4 blbdrive - ok
20:31:32.0829 0x14c4 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:31:32.0829 0x14c4 bowser - ok
20:31:32.0844 0x14c4 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
20:31:32.0844 0x14c4 BrFiltLo - ok
20:31:32.0844 0x14c4 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
20:31:32.0844 0x14c4 BrFiltUp - ok
20:31:32.0860 0x14c4 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
20:31:32.0860 0x14c4 Browser - ok
20:31:32.0860 0x14c4 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:31:32.0875 0x14c4 Brserid - ok
20:31:32.0875 0x14c4 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:31:32.0875 0x14c4 BrSerWdm - ok
20:31:32.0891 0x14c4 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:31:32.0891 0x14c4 BrUsbMdm - ok
20:31:32.0891 0x14c4 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:31:32.0891 0x14c4 BrUsbSer - ok
20:31:32.0891 0x14c4 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
20:31:32.0891 0x14c4 BTHMODEM - ok
20:31:32.0907 0x14c4 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
20:31:32.0907 0x14c4 bthserv - ok
20:31:32.0907 0x14c4 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:31:32.0907 0x14c4 cdfs - ok
20:31:32.0922 0x14c4 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:31:32.0922 0x14c4 cdrom - ok
20:31:32.0922 0x14c4 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
20:31:32.0938 0x14c4 CertPropSvc - ok
20:31:32.0938 0x14c4 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
20:31:32.0938 0x14c4 circlass - ok
20:31:32.0938 0x14c4 [ 887A9970E711232E2C93F0FD343A1C9D, CDA78ACE3316118DD5800AA907F9EC5F7568A7435BAFE326119C07CE55F5963D ] CisUtMonitor C:\Windows\system32\DRIVERS\CisUtMonitor.sys
20:31:32.0938 0x14c4 CisUtMonitor - ok
20:31:32.0954 0x14c4 [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS C:\Windows\system32\CLFS.sys
20:31:32.0969 0x14c4 CLFS - ok
20:31:32.0985 0x14c4 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:31:32.0985 0x14c4 clr_optimization_v2.0.50727_32 - ok
20:31:32.0985 0x14c4 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:31:32.0985 0x14c4 clr_optimization_v2.0.50727_64 - ok
20:31:33.0016 0x14c4 [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:31:33.0016 0x14c4 clr_optimization_v4.0.30319_32 - ok
20:31:33.0016 0x14c4 [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:31:33.0032 0x14c4 clr_optimization_v4.0.30319_64 - ok
20:31:33.0047 0x14c4 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
20:31:33.0047 0x14c4 CmBatt - ok
20:31:33.0047 0x14c4 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:31:33.0047 0x14c4 cmdide - ok
20:31:33.0063 0x14c4 [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG C:\Windows\system32\Drivers\cng.sys
20:31:33.0079 0x14c4 CNG - ok
20:31:33.0079 0x14c4 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
20:31:33.0079 0x14c4 Compbatt - ok
20:31:33.0079 0x14c4 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
20:31:33.0094 0x14c4 CompositeBus - ok
20:31:33.0094 0x14c4 COMSysApp - ok
20:31:33.0094 0x14c4 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
20:31:33.0094 0x14c4 crcdisk - ok
20:31:33.0110 0x14c4 [ 7BC3E861F7E8EB543A630090FAE779E0, 52A538F25C853AAC9706CD0D4EBF80B1963391AA175895CFD9D44C8ABBFCFB74 ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:31:33.0110 0x14c4 CryptSvc - ok
20:31:33.0125 0x14c4 [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys
20:31:33.0141 0x14c4 CSC - ok
20:31:33.0157 0x14c4 [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll
20:31:33.0172 0x14c4 CscService - ok
20:31:33.0204 0x14c4 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:31:33.0204 0x14c4 DcomLaunch - ok
20:31:33.0219 0x14c4 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
20:31:33.0235 0x14c4 defragsvc - ok
20:31:33.0235 0x14c4 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:31:33.0235 0x14c4 DfsC - ok
20:31:33.0250 0x14c4 [ 73BDD44A6088916964945886F9025409, 8E2ECC9AAEF3C6EBA2E61D25F657FDFCC72AB517CC4FD5FFF992E1F9EB942662 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
20:31:33.0250 0x14c4 dg_ssudbus - ok
20:31:33.0266 0x14c4 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
20:31:33.0266 0x14c4 Dhcp - ok
20:31:33.0297 0x14c4 [ AA5319FA8602676B5D3A2B4A1355896D, 57532E16FF0DDE3D62B6B6DC35E2598DD453140E9277247965A1E835645E588A ] DiagTrack C:\Windows\system32\diagtrack.dll
20:31:33.0329 0x14c4 DiagTrack - ok
20:31:33.0344 0x14c4 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
20:31:33.0344 0x14c4 discache - ok
20:31:33.0344 0x14c4 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
20:31:33.0344 0x14c4 Disk - ok
20:31:33.0360 0x14c4 [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
20:31:33.0360 0x14c4 dmvsc - ok
20:31:33.0360 0x14c4 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:31:33.0375 0x14c4 Dnscache - ok
20:31:33.0375 0x14c4 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
20:31:33.0391 0x14c4 dot3svc - ok
20:31:33.0391 0x14c4 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
20:31:33.0391 0x14c4 DPS - ok
20:31:33.0407 0x14c4 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:31:33.0407 0x14c4 drmkaud - ok
20:31:33.0422 0x14c4 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:31:33.0454 0x14c4 DXGKrnl - ok
20:31:33.0469 0x14c4 [ 0441D427C0625C326EBFE26A9C95D76C, DB0C3AD884013713B652152ACB3F3A59480031F42ADCB9C3878A997BA64DFA2C ] e1kexpress C:\Windows\system32\DRIVERS\e1k62x64.sys
20:31:33.0469 0x14c4 e1kexpress - ok
20:31:33.0469 0x14c4 EagleX64 - ok
20:31:33.0485 0x14c4 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
20:31:33.0485 0x14c4 EapHost - ok
20:31:33.0563 0x14c4 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
20:31:33.0641 0x14c4 ebdrv - ok
20:31:33.0657 0x14c4 [ 0D48E93C6BE3143C0198CB252B992D16, AF34A41BAAE967045C8078E80B070E66ED60FDA0945FA752F715E49FD43373A4 ] EFS C:\Windows\System32\lsass.exe
20:31:33.0657 0x14c4 EFS - ok
20:31:33.0672 0x14c4 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:31:33.0688 0x14c4 ehRecvr - ok
20:31:33.0704 0x14c4 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
20:31:33.0704 0x14c4 ehSched - ok
20:31:33.0719 0x14c4 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
20:31:33.0735 0x14c4 elxstor - ok
20:31:33.0735 0x14c4 [ 4140BE2DE034EA034FCFA50991D6D9B2, 15C8E7561941328D0CF6D2FA433D080051D13CFB14C3EED91F0CA82077F1B2E4 ] EnergyDriver C:\Program Files\Intel\Power Gadget 3.0\EnergyDriver.sys
20:31:33.0735 0x14c4 EnergyDriver - ok
20:31:33.0750 0x14c4 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:31:33.0750 0x14c4 ErrDev - ok
20:31:33.0750 0x14c4 [ 0E80CECD02BC54CE10361F921FD08337, 3A62D10A9D3D6511B75B67BFA58D27070454EF7A770CFB3729DE5D6CA2C07228 ] ESLWireAC C:\Windows\system32\drivers\ESLWireACD.sys
20:31:33.0766 0x14c4 ESLWireAC - ok
20:31:33.0766 0x14c4 EslWireHelper - ok
20:31:33.0782 0x14c4 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
20:31:33.0797 0x14c4 EventSystem - ok
20:31:33.0797 0x14c4 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
20:31:33.0797 0x14c4 exfat - ok
20:31:33.0813 0x14c4 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:31:33.0813 0x14c4 fastfat - ok
20:31:33.0829 0x14c4 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
20:31:33.0860 0x14c4 Fax - ok
20:31:33.0860 0x14c4 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
20:31:33.0860 0x14c4 fdc - ok
20:31:33.0860 0x14c4 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
20:31:33.0860 0x14c4 fdPHost - ok
20:31:33.0860 0x14c4 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
20:31:33.0875 0x14c4 FDResPub - ok
20:31:33.0875 0x14c4 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:31:33.0875 0x14c4 FileInfo - ok
20:31:33.0875 0x14c4 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:31:33.0875 0x14c4 Filetrace - ok
20:31:33.0891 0x14c4 [ 9BE8AAEA071CB5666A1FE297E5588E71, 18F2A92472A43E1F8BD55B9534C5C28C490ACA75C29A64239161B3A0C0422A8F ] FlashUSB C:\Windows\system32\DRIVERS\FlashUSB_x64.sys
20:31:33.0891 0x14c4 FlashUSB - ok
20:31:33.0891 0x14c4 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
20:31:33.0891 0x14c4 flpydisk - ok
20:31:33.0907 0x14c4 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:31:33.0907 0x14c4 FltMgr - ok
20:31:33.0938 0x14c4 [ D5A775990A7C202A037378FDBCDB6141, 27AD242914FAFB7A27B3045C0F0F6AFE6873FE331A51D8BB29A63B5D84C72EFB ] FontCache C:\Windows\system32\FntCache.dll
20:31:33.0969 0x14c4 FontCache - ok
20:31:33.0969 0x14c4 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:31:33.0969 0x14c4 FontCache3.0.0.0 - ok
20:31:33.0985 0x14c4 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:31:33.0985 0x14c4 FsDepends - ok
20:31:33.0985 0x14c4 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:31:33.0985 0x14c4 Fs_Rec - ok
20:31:34.0000 0x14c4 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:31:34.0000 0x14c4 fvevol - ok
20:31:34.0000 0x14c4 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
20:31:34.0016 0x14c4 gagp30kx - ok
20:31:34.0032 0x14c4 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
20:31:34.0047 0x14c4 gpsvc - ok
20:31:34.0063 0x14c4 [ C6FF00DA1605982E616C03BE809FFE2D, 4D9C86B9FF2FA291DC320677D28DF00C26834409F7AD94D6C07D2233ED746B19 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:31:34.0063 0x14c4 gupdate - ok
20:31:34.0063 0x14c4 [ C6FF00DA1605982E616C03BE809FFE2D, 4D9C86B9FF2FA291DC320677D28DF00C26834409F7AD94D6C07D2233ED746B19 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:31:34.0079 0x14c4 gupdatem - ok
20:31:34.0079 0x14c4 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B, F9995CFEC7BBFE10B06EEE04CA6B49658275C43096E57747BFF9C2C31A0F9011 ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
20:31:34.0079 0x14c4 hamachi - ok
20:31:34.0141 0x14c4 [ 1AF89F124E46EECF2C13CBA0F45B3512, 86FF5B5B9F3F07972CB3ACAFCDD38DB465B184FD1B72CA0964736DBBC0402719 ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
20:31:34.0188 0x14c4 Hamachi2Svc - ok
20:31:34.0204 0x14c4 [ 3F95931AEEA6DEF9FC02C565D2EFC145, A77CE97B0143A035D7C2655C2BF31008D4D555EF63CCF188EC58D5611782E635 ] hcmon C:\Windows\system32\drivers\hcmon.sys
20:31:34.0204 0x14c4 hcmon - ok
20:31:34.0204 0x14c4 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:31:34.0204 0x14c4 hcw85cir - ok
20:31:34.0219 0x14c4 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:31:34.0235 0x14c4 HdAudAddService - ok
20:31:34.0235 0x14c4 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:31:34.0235 0x14c4 HDAudBus - ok
20:31:34.0235 0x14c4 [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
20:31:34.0250 0x14c4 HECIx64 - ok
20:31:34.0250 0x14c4 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
20:31:34.0250 0x14c4 HidBatt - ok
20:31:34.0250 0x14c4 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
20:31:34.0250 0x14c4 HidBth - ok
20:31:34.0266 0x14c4 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
20:31:34.0266 0x14c4 HidIr - ok
20:31:34.0266 0x14c4 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
20:31:34.0266 0x14c4 hidserv - ok
20:31:34.0266 0x14c4 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:31:34.0282 0x14c4 HidUsb - ok
20:31:34.0282 0x14c4 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:31:34.0282 0x14c4 hkmsvc - ok
20:31:34.0297 0x14c4 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:31:34.0297 0x14c4 HomeGroupListener - ok
20:31:34.0313 0x14c4 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:31:34.0313 0x14c4 HomeGroupProvider - ok
20:31:34.0313 0x14c4 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:31:34.0329 0x14c4 HpSAMD - ok
20:31:34.0344 0x14c4 [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:31:34.0360 0x14c4 HTTP - ok
20:31:34.0360 0x14c4 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:31:34.0360 0x14c4 hwpolicy - ok
20:31:34.0375 0x14c4 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
20:31:34.0375 0x14c4 i8042prt - ok
20:31:34.0391 0x14c4 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:31:34.0407 0x14c4 iaStorV - ok
20:31:34.0422 0x14c4 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:31:34.0438 0x14c4 idsvc - ok
20:31:34.0454 0x14c4 IEEtwCollectorService - ok
20:31:34.0454 0x14c4 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
20:31:34.0454 0x14c4 iirsp - ok
20:31:34.0485 0x14c4 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
20:31:34.0500 0x14c4 IKEEXT - ok
20:31:34.0500 0x14c4 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
20:31:34.0500 0x14c4 intelide - ok
20:31:34.0516 0x14c4 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:31:34.0516 0x14c4 intelppm - ok
20:31:34.0516 0x14c4 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:31:34.0516 0x14c4 IPBusEnum - ok
20:31:34.0532 0x14c4 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:31:34.0532 0x14c4 IpFilterDriver - ok
20:31:34.0547 0x14c4 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:31:34.0563 0x14c4 iphlpsvc - ok
20:31:34.0563 0x14c4 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:31:34.0563 0x14c4 IPMIDRV - ok
20:31:34.0579 0x14c4 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:31:34.0579 0x14c4 IPNAT - ok
20:31:34.0579 0x14c4 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:31:34.0579 0x14c4 IRENUM - ok
20:31:34.0579 0x14c4 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:31:34.0594 0x14c4 isapnp - ok
20:31:34.0594 0x14c4 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:31:34.0610 0x14c4 iScsiPrt - ok
20:31:34.0610 0x14c4 [ 86CFEF6DC6DE51AAB0C10384FE98F48F, 2E41D017B6166A0CCD2DB067AA1D677CF9E32470763B0F251EE0574FB2009D6F ] JRAID C:\Windows\system32\DRIVERS\jraid.sys
20:31:34.0610 0x14c4 JRAID - ok
20:31:34.0625 0x14c4 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:31:34.0625 0x14c4 kbdclass - ok
20:31:34.0625 0x14c4 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:31:34.0625 0x14c4 kbdhid - ok
20:31:34.0625 0x14c4 [ 0D48E93C6BE3143C0198CB252B992D16, AF34A41BAAE967045C8078E80B070E66ED60FDA0945FA752F715E49FD43373A4 ] KeyIso C:\Windows\system32\lsass.exe
20:31:34.0625 0x14c4 KeyIso - ok
20:31:34.0641 0x14c4 [ 67A1743377EBB5D9A370A8C2086CFDCC, 2F0FD6C1969B1EEEEFFC1A8F972E1E90F1AD9558FF00EC159BC19ED927FD4BF5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:31:34.0641 0x14c4 KSecDD - ok
20:31:34.0657 0x14c4 [ 522A1595D5701800DD41B2D472F5AAED, B62924AE94A5AC454AD6057BC133D717BB1C6445BE36D6BECAB76E1600F60C33 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:31:34.0657 0x14c4 KSecPkg - ok
20:31:34.0657 0x14c4 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:31:34.0657 0x14c4 ksthunk - ok
20:31:34.0672 0x14c4 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
20:31:34.0688 0x14c4 KtmRm - ok
20:31:34.0688 0x14c4 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
20:31:34.0704 0x14c4 LanmanServer - ok
20:31:34.0704 0x14c4 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:31:34.0704 0x14c4 LanmanWorkstation - ok
20:31:34.0719 0x14c4 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:31:34.0719 0x14c4 lltdio - ok
20:31:34.0735 0x14c4 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:31:34.0735 0x14c4 lltdsvc - ok
20:31:34.0735 0x14c4 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:31:34.0735 0x14c4 lmhosts - ok
20:31:34.0750 0x14c4 [ DECDC94EE980974EDFE4663B28A127C1, 9546F6B6F049EAD3D503A18CA106A1716AFE46CA40769D3DB128A3C152E02D30 ] LMIGuardianSvc C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
20:31:34.0766 0x14c4 LMIGuardianSvc - ok
20:31:34.0766 0x14c4 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
20:31:34.0766 0x14c4 LSI_FC - ok
20:31:34.0782 0x14c4 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
20:31:34.0782 0x14c4 LSI_SAS - ok
20:31:34.0782 0x14c4 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
20:31:34.0782 0x14c4 LSI_SAS2 - ok
20:31:34.0797 0x14c4 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
20:31:34.0797 0x14c4 LSI_SCSI - ok
20:31:34.0797 0x14c4 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
20:31:34.0813 0x14c4 luafv - ok
20:31:34.0813 0x14c4 [ A8D28D5B3E2A528D1EF0E338E44F2820, 40D1EFDD253BC0A0D984A5AD8A2721C3E83B15F14D538204714E6D5B00D92CEB ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
20:31:34.0813 0x14c4 MBAMProtector - ok
20:31:34.0860 0x14c4 [ 301E3FDFCF33640BB8763BA444BC5093, 362B069BB9A313A06B376CE27E6F7F8D569F6CA39A8ABC96D9DF231EE462C604 ] MBAMScheduler C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
20:31:34.0891 0x14c4 MBAMScheduler - ok
20:31:34.0922 0x14c4 [ 83C982A395D00BAFF6515FB38424EA76, 0E1B66F84A483D47550347D4A9426B95A066DB5104C4284F606A16768A11DB0C ] MBAMService C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
20:31:34.0954 0x14c4 MBAMService - ok
20:31:34.0954 0x14c4 [ 8F22037D3F5A6BB676525D825A1388B9, 2AAC748D46136DFA1BE45150BF0AB7707D45391CAC1F63B964D341D11B135C91 ] MBAMSwissArmy C:\Windows\system32\drivers\MBAMSwissArmy.sys
20:31:34.0954 0x14c4 MBAMSwissArmy - ok
20:31:34.0969 0x14c4 [ AE757332EA130E94E646621CC695B52A, E688CF34A4206F32B5C7301119D8459C3456FC178FA1DAA6215CE15F2C824C43 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
20:31:34.0969 0x14c4 MBAMWebAccessControl - ok
20:31:34.0969 0x14c4 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:31:34.0969 0x14c4 Mcx2Svc - ok
20:31:34.0985 0x14c4 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
20:31:34.0985 0x14c4 megasas - ok
20:31:34.0985 0x14c4 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
20:31:35.0000 0x14c4 MegaSR - ok
20:31:35.0000 0x14c4 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
20:31:35.0000 0x14c4 MMCSS - ok
20:31:35.0016 0x14c4 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
20:31:35.0016 0x14c4 Modem - ok
20:31:35.0016 0x14c4 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:31:35.0016 0x14c4 monitor - ok
20:31:35.0016 0x14c4 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:31:35.0016 0x14c4 mouclass - ok
20:31:35.0032 0x14c4 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:31:35.0032 0x14c4 mouhid - ok
20:31:35.0032 0x14c4 [ 67050452C0118BAF2883928E6FCCFE47, 335FC0AEB7B47DCC7CE0CF3F424EB60ACB1327D2FF6515F04D9AC03A10FF1E31 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:31:35.0032 0x14c4 mountmgr - ok
20:31:35.0047 0x14c4 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
20:31:35.0047 0x14c4 mpio - ok
20:31:35.0047 0x14c4 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:31:35.0047 0x14c4 mpsdrv - ok
20:31:35.0079 0x14c4 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:31:35.0094 0x14c4 MpsSvc - ok
20:31:35.0110 0x14c4 [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:31:35.0110 0x14c4 MRxDAV - ok
20:31:35.0125 0x14c4 [ B2081803D510DCE174992BA880EDCA70, 37DB53C9756EC03EB7165DEB58251615D70B7C86DF32A54DE25ADAF30A04D792 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:31:35.0125 0x14c4 mrxsmb - ok
20:31:35.0141 0x14c4 [ 552FA62B0EFECD22D8D52499324BCA4F, C3A02C9C30C36928AC7B1025496544967187A05BEF5D100B54F2C0155E47145C ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:31:35.0141 0x14c4 mrxsmb10 - ok
20:31:35.0157 0x14c4 [ 97687971F9CB30E2633DE0F1296B9F61, 865DA87523E4C32D65D55D5475A5CDDFA10699780DA500E6D606384FB3BEB1BE ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:31:35.0157 0x14c4 mrxsmb20 - ok
20:31:35.0157 0x14c4 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
20:31:35.0157 0x14c4 msahci - ok
20:31:35.0172 0x14c4 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:31:35.0172 0x14c4 msdsm - ok
20:31:35.0172 0x14c4 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
20:31:35.0192 0x14c4 MSDTC - ok
20:31:35.0197 0x14c4 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:31:35.0197 0x14c4 Msfs - ok
20:31:35.0197 0x14c4 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:31:35.0197 0x14c4 mshidkmdf - ok
20:31:35.0212 0x14c4 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:31:35.0212 0x14c4 msisadrv - ok
20:31:35.0212 0x14c4 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:31:35.0212 0x14c4 MSiSCSI - ok
20:31:35.0228 0x14c4 msiserver - ok
20:31:35.0228 0x14c4 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:31:35.0228 0x14c4 MSKSSRV - ok
20:31:35.0228 0x14c4 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:31:35.0228 0x14c4 MSPCLOCK - ok
20:31:35.0228 0x14c4 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:31:35.0228 0x14c4 MSPQM - ok
20:31:35.0244 0x14c4 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:31:35.0259 0x14c4 MsRPC - ok
20:31:35.0259 0x14c4 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
20:31:35.0259 0x14c4 mssmbios - ok
20:31:35.0259 0x14c4 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:31:35.0259 0x14c4 MSTEE - ok
20:31:35.0275 0x14c4 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
20:31:35.0275 0x14c4 MTConfig - ok
20:31:35.0275 0x14c4 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
20:31:35.0275 0x14c4 Mup - ok
20:31:35.0306 0x14c4 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
20:31:35.0306 0x14c4 napagent - ok
20:31:35.0322 0x14c4 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:31:35.0337 0x14c4 NativeWifiP - ok
20:31:35.0369 0x14c4 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
20:31:35.0384 0x14c4 NDIS - ok
20:31:35.0384 0x14c4 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:31:35.0384 0x14c4 NdisCap - ok
20:31:35.0400 0x14c4 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:31:35.0400 0x14c4 NdisTapi - ok
20:31:35.0400 0x14c4 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:31:35.0400 0x14c4 Ndisuio - ok
20:31:35.0416 0x14c4 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:31:35.0416 0x14c4 NdisWan - ok
20:31:35.0416 0x14c4 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:31:35.0416 0x14c4 NDProxy - ok
20:31:35.0431 0x14c4 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:31:35.0431 0x14c4 NetBIOS - ok
20:31:35.0431 0x14c4 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:31:35.0447 0x14c4 NetBT - ok
20:31:35.0447 0x14c4 [ 0D48E93C6BE3143C0198CB252B992D16, AF34A41BAAE967045C8078E80B070E66ED60FDA0945FA752F715E49FD43373A4 ] Netlogon C:\Windows\system32\lsass.exe
20:31:35.0447 0x14c4 Netlogon - ok
20:31:35.0462 0x14c4 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
20:31:35.0462 0x14c4 Netman - ok
20:31:35.0478 0x14c4 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:31:35.0478 0x14c4 NetMsmqActivator - ok
20:31:35.0494 0x14c4 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:31:35.0494 0x14c4 NetPipeActivator - ok
20:31:35.0509 0x14c4 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
20:31:35.0525 0x14c4 netprofm - ok
20:31:35.0525 0x14c4 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:31:35.0525 0x14c4 NetTcpActivator - ok
20:31:35.0541 0x14c4 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:31:35.0541 0x14c4 NetTcpPortSharing - ok
20:31:35.0541 0x14c4 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
20:31:35.0541 0x14c4 nfrd960 - ok
20:31:35.0556 0x14c4 [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll
20:31:35.0572 0x14c4 NlaSvc - ok
20:31:35.0603 0x14c4 [ D6691A65D2414AE04200D5FCE7542E90, 91394B20B59D3DB0E54315B9B4B288D80D60E48B34111AF683A0BCD99045C6DE ] nlsX86cc C:\Windows\SysWOW64\nlssrv32.exe
20:31:35.0603 0x14c4 nlsX86cc - ok
20:31:35.0603 0x14c4 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:31:35.0603 0x14c4 Npfs - ok
20:31:35.0619 0x14c4 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
20:31:35.0619 0x14c4 nsi - ok
20:31:35.0619 0x14c4 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:31:35.0619 0x14c4 nsiproxy - ok
20:31:35.0666 0x14c4 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:31:35.0697 0x14c4 Ntfs - ok
20:31:35.0697 0x14c4 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
20:31:35.0697 0x14c4 Null - ok
20:31:35.0712 0x14c4 [ 786DB821BFD57C0551DBBE4F75384A7D, F956D636F834F2BA5F019E187FDB9CC33940363C75A60E53CD81310A4DB6A6AB ] nusb3hub C:\Windows\system32\drivers\nusb3hub.sys
20:31:35.0712 0x14c4 nusb3hub - ok
20:31:35.0712 0x14c4 [ DAA8005CAF745042BB427A1ED7433354, 3019002F174783B76D5D8AA47F7A465B7FEC7C14235B70E5C9277FE534839226 ] nusb3xhc C:\Windows\system32\drivers\nusb3xhc.sys
20:31:35.0728 0x14c4 nusb3xhc - ok
20:31:35.0728 0x14c4 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:31:35.0744 0x14c4 nvraid - ok
20:31:35.0744 0x14c4 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:31:35.0744 0x14c4 nvstor - ok
20:31:35.0759 0x14c4 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:31:35.0759 0x14c4 nv_agp - ok
20:31:35.0759 0x14c4 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:31:35.0775 0x14c4 ohci1394 - ok
20:31:35.0775 0x14c4 [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:31:35.0775 0x14c4 ose - ok
20:31:35.0791 0x14c4 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:31:35.0806 0x14c4 p2pimsvc - ok
20:31:35.0822 0x14c4 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
20:31:35.0837 0x14c4 p2psvc - ok
20:31:35.0837 0x14c4 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys
20:31:35.0837 0x14c4 Parport - ok
20:31:35.0837 0x14c4 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:31:35.0853 0x14c4 partmgr - ok
20:31:35.0853 0x14c4 [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:31:35.0869 0x14c4 PcaSvc - ok
20:31:35.0869 0x14c4 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
20:31:35.0884 0x14c4 pci - ok
20:31:35.0884 0x14c4 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
20:31:35.0884 0x14c4 pciide - ok
20:31:35.0884 0x14c4 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
20:31:35.0900 0x14c4 pcmcia - ok
20:31:35.0900 0x14c4 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
20:31:35.0900 0x14c4 pcw - ok
20:31:35.0931 0x14c4 [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:31:35.0947 0x14c4 PEAUTH - ok
20:31:35.0978 0x14c4 [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
20:31:36.0009 0x14c4 PeerDistSvc - ok
20:31:36.0025 0x14c4 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:31:36.0025 0x14c4 PerfHost - ok
20:31:36.0056 0x14c4 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
20:31:36.0103 0x14c4 pla - ok
20:31:36.0119 0x14c4 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:31:36.0119 0x14c4 PlugPlay - ok
20:31:36.0166 0x14c4 pmem - ok
20:31:36.0166 0x14c4 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:31:36.0166 0x14c4 PNRPAutoReg - ok
20:31:36.0181 0x14c4 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:31:36.0181 0x14c4 PNRPsvc - ok
20:31:36.0197 0x14c4 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:31:36.0212 0x14c4 PolicyAgent - ok
20:31:36.0228 0x14c4 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
20:31:36.0228 0x14c4 Power - ok
20:31:36.0244 0x14c4 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:31:36.0244 0x14c4 PptpMiniport - ok
20:31:36.0259 0x14c4 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
20:31:36.0259 0x14c4 Processor - ok
20:31:36.0275 0x14c4 [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll
20:31:36.0275 0x14c4 ProfSvc - ok
20:31:36.0275 0x14c4 [ 0D48E93C6BE3143C0198CB252B992D16, AF34A41BAAE967045C8078E80B070E66ED60FDA0945FA752F715E49FD43373A4 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:31:36.0275 0x14c4 ProtectedStorage - ok
20:31:36.0291 0x14c4 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:31:36.0291 0x14c4 Psched - ok
20:31:36.0337 0x14c4 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
20:31:36.0369 0x14c4 ql2300 - ok
20:31:36.0384 0x14c4 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
20:31:36.0384 0x14c4 ql40xx - ok
20:31:36.0384 0x14c4 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
20:31:36.0400 0x14c4 QWAVE - ok
20:31:36.0400 0x14c4 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:31:36.0400 0x14c4 QWAVEdrv - ok
20:31:36.0416 0x14c4 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:31:36.0416 0x14c4 RasAcd - ok
20:31:36.0416 0x14c4 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:31:36.0416 0x14c4 RasAgileVpn - ok
20:31:36.0416 0x14c4 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
20:31:36.0431 0x14c4 RasAuto - ok
20:31:36.0431 0x14c4 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:31:36.0431 0x14c4 Rasl2tp - ok
20:31:36.0447 0x14c4 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
20:31:36.0462 0x14c4 RasMan - ok
20:31:36.0462 0x14c4 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:31:36.0462 0x14c4 RasPppoe - ok
20:31:36.0478 0x14c4 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:31:36.0478 0x14c4 RasSstp - ok
20:31:36.0478 0x14c4 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:31:36.0494 0x14c4 rdbss - ok
20:31:36.0494 0x14c4 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:31:36.0494 0x14c4 rdpbus - ok
20:31:36.0494 0x14c4 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:31:36.0494 0x14c4 RDPCDD - ok
20:31:36.0509 0x14c4 [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
20:31:36.0509 0x14c4 RDPDR - ok
20:31:36.0525 0x14c4 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:31:36.0525 0x14c4 RDPENCDD - ok
20:31:36.0525 0x14c4 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:31:36.0525 0x14c4 RDPREFMP - ok
20:31:36.0525 0x14c4 [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
20:31:36.0525 0x14c4 RdpVideoMiniport - ok
20:31:36.0541 0x14c4 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:31:36.0556 0x14c4 RDPWD - ok
20:31:36.0556 0x14c4 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:31:36.0572 0x14c4 rdyboost - ok
20:31:36.0572 0x14c4 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:31:36.0572 0x14c4 RemoteAccess - ok
20:31:36.0587 0x14c4 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:31:36.0587 0x14c4 RemoteRegistry - ok
20:31:36.0587 0x14c4 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:31:36.0603 0x14c4 RpcEptMapper - ok
20:31:36.0603 0x14c4 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
20:31:36.0603 0x14c4 RpcLocator - ok
20:31:36.0619 0x14c4 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
20:31:36.0619 0x14c4 RpcSs - ok
20:31:36.0634 0x14c4 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:31:36.0634 0x14c4 rspndr - ok
20:31:36.0634 0x14c4 [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys
20:31:36.0634 0x14c4 s3cap - ok
20:31:36.0650 0x14c4 [ 306D778E9B6B1612DE29419ABB43BEE5, D10C5AAEB504E9ADA84B69BBA62E956CB70DE758E901D9F697BEFC5B62672A6A ] SaiK1703 C:\Windows\system32\DRIVERS\SaiK1703.sys
20:31:36.0650 0x14c4 SaiK1703 - ok
20:31:36.0666 0x14c4 [ B08581EDF3290210D3366CD2D992F6C2, FF1BE97B8F37FF39B784CAB254F2460B7F7A84C45BAD5CDB06FE5C29CF293BE5 ] SaiMini C:\Windows\system32\DRIVERS\SaiMini.sys
20:31:36.0666 0x14c4 SaiMini - ok
20:31:36.0666 0x14c4 [ D086C2F45D328C2F63FC6B4CD79FCB66, BF3D27D95C83D2454AE62BAFE9297E08BB58EA4C7FBFBDEE075A4FFC6085735C ] SaiNtBus C:\Windows\system32\drivers\SaiBus.sys
20:31:36.0666 0x14c4 SaiNtBus - ok
20:31:36.0681 0x14c4 [ C30B518844FED70334462BE6CE8BC30A, 08DC356E27B83E1A444A12F29BE44BD7A23499852F04C316DE118B9042E6F4F0 ] SaiU1703 C:\Windows\system32\DRIVERS\SaiU1703.sys
20:31:36.0681 0x14c4 SaiU1703 - ok
20:31:36.0681 0x14c4 [ 0D48E93C6BE3143C0198CB252B992D16, AF34A41BAAE967045C8078E80B070E66ED60FDA0945FA752F715E49FD43373A4 ] SamSs C:\Windows\system32\lsass.exe
20:31:36.0681 0x14c4 SamSs - ok
20:31:36.0697 0x14c4 [ E20128053F3F4641A2627ECFA7149ECA, CE5620BC170E76E53FEDCCEE12BBFBEE7C67B96E53E5D9C63FA7773C36699DC6 ] SbieDrv E:\Programme\SbieDrv.sys
20:31:36.0697 0x14c4 SbieDrv - ok
20:31:36.0712 0x14c4 [ 0FA1025D7AC725EEA5EA3076965EEA6B, 80AFCFD77BCE07F34C1276F5F416A156ABB9FEDC2AAF7AE68CEA500A4468D125 ] SbieSvc E:\Programme\SbieSvc.exe
20:31:36.0712 0x14c4 SbieSvc - ok
20:31:36.0712 0x14c4 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:31:36.0728 0x14c4 sbp2port - ok
20:31:36.0728 0x14c4 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:31:36.0728 0x14c4 SCardSvr - ok
20:31:36.0744 0x14c4 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:31:36.0744 0x14c4 scfilter - ok
20:31:36.0775 0x14c4 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
20:31:36.0791 0x14c4 Schedule - ok
20:31:36.0806 0x14c4 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
20:31:36.0806 0x14c4 SCPolicySvc - ok
20:31:36.0806 0x14c4 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:31:36.0822 0x14c4 SDRSVC - ok
20:31:36.0822 0x14c4 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:31:36.0822 0x14c4 secdrv - ok
20:31:36.0822 0x14c4 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
20:31:36.0837 0x14c4 seclogon - ok
20:31:36.0837 0x14c4 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
20:31:36.0837 0x14c4 SENS - ok
20:31:36.0837 0x14c4 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:31:36.0837 0x14c4 SensrSvc - ok
20:31:36.0853 0x14c4 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:31:36.0853 0x14c4 Serenum - ok
20:31:36.0853 0x14c4 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:31:36.0853 0x14c4 Serial - ok
20:31:36.0853 0x14c4 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
20:31:36.0853 0x14c4 sermouse - ok
20:31:36.0869 0x14c4 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
20:31:36.0869 0x14c4 SessionEnv - ok
20:31:36.0884 0x14c4 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:31:36.0884 0x14c4 sffdisk - ok
20:31:36.0884 0x14c4 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:31:36.0884 0x14c4 sffp_mmc - ok
20:31:36.0884 0x14c4 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:31:36.0884 0x14c4 sffp_sd - ok
20:31:36.0884 0x14c4 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
20:31:36.0900 0x14c4 sfloppy - ok
20:31:36.0900 0x14c4 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:31:36.0916 0x14c4 SharedAccess - ok
20:31:36.0931 0x14c4 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:31:36.0931 0x14c4 ShellHWDetection - ok
20:31:36.0947 0x14c4 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
20:31:36.0947 0x14c4 SiSRaid2 - ok
20:31:36.0947 0x14c4 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
20:31:36.0947 0x14c4 SiSRaid4 - ok
20:31:36.0962 0x14c4 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:31:36.0962 0x14c4 Smb - ok
20:31:36.0962 0x14c4 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:31:36.0962 0x14c4 SNMPTRAP - ok
20:31:36.0994 0x14c4 [ 0FFE35F0B0CD5A324BBE22F02569AE3B, F4EE803EEFDB4EAEEDB3024C3516F1F9A202C77F4870D6B74356BBDE32B3B560 ] speedfan C:\Windows\SysWOW64\speedfan.sys
20:31:36.0994 0x14c4 speedfan - ok
20:31:37.0009 0x14c4 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
20:31:37.0009 0x14c4 spldr - ok
20:31:37.0025 0x14c4 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
20:31:37.0041 0x14c4 Spooler - ok
20:31:37.0119 0x14c4 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
20:31:37.0212 0x14c4 sppsvc - ok
20:31:37.0212 0x14c4 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:31:37.0212 0x14c4 sppuinotify - ok
20:31:37.0228 0x14c4 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
20:31:37.0244 0x14c4 srv - ok
20:31:37.0259 0x14c4 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:31:37.0275 0x14c4 srv2 - ok
20:31:37.0275 0x14c4 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:31:37.0291 0x14c4 srvnet - ok
20:31:37.0291 0x14c4 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:31:37.0306 0x14c4 SSDPSRV - ok
20:31:37.0306 0x14c4 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:31:37.0306 0x14c4 SstpSvc - ok
20:31:37.0322 0x14c4 [ 5252D7BC56E5E0ED715AEA8FE173A455, 1408B3E98B35A449434718777EE70595F0D306197A428279C6281D2F1953F259 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
20:31:37.0322 0x14c4 ssudmdm - ok
20:31:37.0353 0x14c4 [ 3013B9B3791A4843FADF5CEFED399B1D, 52BCA3A59F435CE57076DA64C2BD959C9A16A7F5BC1FA0D312186E5C0B82C025 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
20:31:37.0369 0x14c4 Steam Client Service - ok
20:31:37.0369 0x14c4 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
20:31:37.0384 0x14c4 stexstor - ok
20:31:37.0400 0x14c4 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
20:31:37.0416 0x14c4 stisvc - ok
20:31:37.0416 0x14c4 [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\Windows\system32\drivers\vmstorfl.sys
20:31:37.0416 0x14c4 storflt - ok
20:31:37.0416 0x14c4 [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc C:\Windows\system32\storsvc.dll
20:31:37.0431 0x14c4 StorSvc - ok
20:31:37.0431 0x14c4 [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys
20:31:37.0431 0x14c4 storvsc - ok
20:31:37.0431 0x14c4 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
20:31:37.0431 0x14c4 swenum - ok
20:31:37.0447 0x14c4 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
20:31:37.0462 0x14c4 swprv - ok
20:31:37.0509 0x14c4 [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain C:\Windows\system32\sysmain.dll
20:31:37.0556 0x14c4 SysMain - ok
20:31:37.0556 0x14c4 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:31:37.0556 0x14c4 TabletInputService - ok
20:31:37.0572 0x14c4 [ 134B275751051C5D03F9ACCDC4F8CAAB, D50F96485AF6F26EA9A5A3A2ADEACC2DFD3B2ABCDAB88195B75CC72EAC543BE2 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
20:31:37.0572 0x14c4 tap0901 - ok
20:31:37.0572 0x14c4 [ BCF5E78E87D258088346E399E406E501, FD75AC5A7085E08AB00A2D0CE01970873598E381B6542DC5EBAC240D727AF6D7 ] taphss6 C:\Windows\system32\DRIVERS\taphss6.sys
20:31:37.0572 0x14c4 taphss6 - ok
20:31:37.0587 0x14c4 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
20:31:37.0603 0x14c4 TapiSrv - ok
20:31:37.0603 0x14c4 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
20:31:37.0603 0x14c4 TBS - ok
20:31:37.0650 0x14c4 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:31:37.0697 0x14c4 Tcpip - ok
20:31:37.0744 0x14c4 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:31:37.0775 0x14c4 TCPIP6 - ok
20:31:37.0791 0x14c4 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:31:37.0791 0x14c4 tcpipreg - ok
20:31:37.0791 0x14c4 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:31:37.0791 0x14c4 TDPIPE - ok
20:31:37.0806 0x14c4 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:31:37.0806 0x14c4 TDTCP - ok
20:31:37.0806 0x14c4 [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:31:37.0806 0x14c4 tdx - ok
20:31:37.0822 0x14c4 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
20:31:37.0822 0x14c4 TermDD - ok
20:31:37.0837 0x14c4 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
20:31:37.0853 0x14c4 TermService - ok
20:31:37.0853 0x14c4 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
20:31:37.0853 0x14c4 Themes - ok
20:31:37.0869 0x14c4 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
20:31:37.0869 0x14c4 THREADORDER - ok
20:31:37.0869 0x14c4 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
20:31:37.0869 0x14c4 TrkWks - ok
20:31:37.0884 0x14c4 [ 370A6907DDF79532A39319492B1FA38A, 46AECC5160F04FC3FFE4D37B404CCBBD1C5DC1501C2CEEE8284FF544DBDF10F8 ] truecrypt C:\Windows\system32\drivers\truecrypt.sys
20:31:37.0900 0x14c4 truecrypt - ok
20:31:37.0900 0x14c4 [ FD44FA80DA03EA144153A76DEBBB61B4, 0C46717F489A415A583470DAE8CF58E47BC307B9CB0F9DB6C4EDF33B7525475C ] TrueSight C:\Windows\System32\drivers\TrueSight.sys
20:31:37.0900 0x14c4 TrueSight - ok
20:31:37.0916 0x14c4 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:31:37.0916 0x14c4 TrustedInstaller - ok
20:31:37.0916 0x14c4 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:31:37.0916 0x14c4 tssecsrv - ok
20:31:37.0931 0x14c4 [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:31:37.0931 0x14c4 TsUsbFlt - ok
20:31:37.0931 0x14c4 [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
20:31:37.0931 0x14c4 TsUsbGD - ok
20:31:37.0931 0x14c4 TuneUpUtilitiesDrv - ok
20:31:37.0947 0x14c4 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:31:37.0947 0x14c4 tunnel - ok
20:31:37.0947 0x14c4 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
20:31:37.0947 0x14c4 uagp35 - ok
20:31:37.0962 0x14c4 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:31:37.0978 0x14c4 udfs - ok
20:31:37.0978 0x14c4 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:31:37.0978 0x14c4 UI0Detect - ok
20:31:37.0994 0x14c4 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:31:37.0994 0x14c4 uliagpkx - ok
20:31:37.0994 0x14c4 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:31:37.0994 0x14c4 umbus - ok
20:31:37.0994 0x14c4 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys
20:31:37.0994 0x14c4 UmPass - ok
20:31:38.0009 0x14c4 [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll
20:31:38.0009 0x14c4 UmRdpService - ok
20:31:38.0025 0x14c4 [ 9DC07E73A4ABB9ACF692113B36A5009F, CA7176FC219515D58DCFA66EC61880ECE5617275C9B83701BB74D8B60E733D34 ] UnlockerDriver5 C:\Program Files\Unlocker\UnlockerDriver5.sys
20:31:38.0025 0x14c4 UnlockerDriver5 - ok
20:31:38.0041 0x14c4 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
20:31:38.0041 0x14c4 upnphost - ok
20:31:38.0056 0x14c4 [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
20:31:38.0056 0x14c4 usbaudio - ok
20:31:38.0056 0x14c4 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:31:38.0072 0x14c4 usbccgp - ok
20:31:38.0072 0x14c4 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:31:38.0072 0x14c4 usbcir - ok
20:31:38.0087 0x14c4 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\drivers\usbehci.sys
20:31:38.0087 0x14c4 usbehci - ok
20:31:38.0087 0x14c4 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:31:38.0103 0x14c4 usbhub - ok
20:31:38.0103 0x14c4 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:31:38.0103 0x14c4 usbohci - ok
20:31:38.0119 0x14c4 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:31:38.0119 0x14c4 usbprint - ok
20:31:38.0119 0x14c4 [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
20:31:38.0119 0x14c4 usbscan - ok
20:31:38.0119 0x14c4 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:31:38.0134 0x14c4 USBSTOR - ok
20:31:38.0134 0x14c4 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
20:31:38.0134 0x14c4 usbuhci - ok
20:31:38.0150 0x14c4 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
20:31:38.0150 0x14c4 usbvideo - ok
20:31:38.0150 0x14c4 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
20:31:38.0150 0x14c4 UxSms - ok
20:31:38.0166 0x14c4 [ 0D48E93C6BE3143C0198CB252B992D16, AF34A41BAAE967045C8078E80B070E66ED60FDA0945FA752F715E49FD43373A4 ] VaultSvc C:\Windows\system32\lsass.exe
20:31:38.0166 0x14c4 VaultSvc - ok
20:31:38.0166 0x14c4 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:31:38.0166 0x14c4 vdrvroot - ok
20:31:38.0181 0x14c4 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
20:31:38.0197 0x14c4 vds - ok
20:31:38.0197 0x14c4 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:31:38.0197 0x14c4 vga - ok
20:31:38.0212 0x14c4 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
20:31:38.0212 0x14c4 VgaSave - ok
20:31:38.0212 0x14c4 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:31:38.0228 0x14c4 vhdmp - ok
20:31:38.0228 0x14c4 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
20:31:38.0228 0x14c4 viaide - ok
20:31:38.0228 0x14c4 [ 225E1E03B2AABE2D493FCDB459303701, 6123280A48E973AC9696954879CF5F791E6D52CBE0BD07F291437D1A82413891 ] VMAuthdService E:\Programme\vmware-authd.exe
20:31:38.0228 0x14c4 VMAuthdService - ok
20:31:38.0244 0x14c4 [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\Windows\system32\drivers\vmbus.sys
20:31:38.0244 0x14c4 vmbus - ok
20:31:38.0259 0x14c4 [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
20:31:38.0259 0x14c4 VMBusHID - ok
20:31:38.0259 0x14c4 [ BE8E5E5D53ACF71D4E8E686B68C99B04, 4F30A360095FCB2627068FA6A65A951688058E8FDDF5CE895E2AE39500A413B1 ] vmci C:\Windows\system32\DRIVERS\vmci.sys
20:31:38.0259 0x14c4 vmci - ok
20:31:38.0259 0x14c4 [ B6DE5224D881BF17ADDE4C88AE553423, AC9C113080313855BC93E99BEFAC4B942E93D8E4CF024607F596CA9D7F8F8A14 ] vmkbd C:\Windows\system32\drivers\VMkbd.sys
20:31:38.0275 0x14c4 vmkbd - ok
20:31:38.0275 0x14c4 [ A3412EC3FF7A5AC2CA3A3951476BFA9C, 8A3D241168205B6B5348F44DF89875067CDD5B29BE8CF14ADA8403225AE2A379 ] VMnetAdapter C:\Windows\system32\DRIVERS\vmnetadapter.sys
20:31:38.0275 0x14c4 VMnetAdapter - ok
20:31:38.0275 0x14c4 [ F76AD463DBE8D30CB715A09DF9FF2BE9, 5B2184582496ED0EE8582C6AD3BCF49674690C585439B6F57B43ADC12DF941F6 ] VMnetBridge C:\Windows\system32\DRIVERS\vmnetbridge.sys
20:31:38.0275 0x14c4 VMnetBridge - ok
20:31:38.0291 0x14c4 [ 98E73D79FCD3D48E31EE999B5DF1B0ED, FBDC884BD9376C7E8727BACCF6482207166634F4B2644C8C794295094B29426E ] VMnetDHCP C:\Windows\SysWOW64\vmnetdhcp.exe
20:31:38.0306 0x14c4 VMnetDHCP - ok
20:31:38.0306 0x14c4 [ B564A598B9B31E9358B2D6C9BC96D710, 19A9EFC08AE11A31169F712C577EBAFFF0A37311271FD46F02873286C8281DB7 ] VMnetuserif C:\Windows\system32\drivers\vmnetuserif.sys
20:31:38.0306 0x14c4 VMnetuserif - ok
20:31:38.0337 0x14c4 [ 15D702F235BD1077007A180EEFB9DBB8, 610794EB9AF68789F46D193EF11B406D190096DF9EC557563798D625806D5704 ] VMUSBArbService C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
20:31:38.0353 0x14c4 VMUSBArbService - ok
20:31:38.0369 0x14c4 [ 0769FDF4C15D9EDD3CAAC148A8EDC2E5, 65E5CA9461C47491E83EBD755C10AE1665E71D2B73F2CE97A59B9E7380D42E8D ] VMware NAT Service C:\Windows\SysWOW64\vmnat.exe
20:31:38.0369 0x14c4 VMware NAT Service - ok
20:31:38.0384 0x14c4 [ 8FCCBE30DC217C244CE38DD7F9B673C3, C1E6E65A435D764695C4B9411ED623D626D8A744E3E09752FBB66260D9ACE8D6 ] vmx86 C:\Windows\system32\drivers\vmx86.sys
20:31:38.0384 0x14c4 vmx86 - ok
20:31:38.0384 0x14c4 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:31:38.0384 0x14c4 volmgr - ok
20:31:38.0400 0x14c4 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:31:38.0416 0x14c4 volmgrx - ok
20:31:38.0416 0x14c4 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:31:38.0431 0x14c4 volsnap - ok
20:31:38.0431 0x14c4 [ 552B3D9426DF268942D87ADA569B2F15, 2EB57E5050C16C2712CCEFF94921B49AB0EB977947E19831890BE58CE1EEF719 ] VPNManager C:\Program Files (x86)\Perfect Privacy VPN Manager\VPNManagerService.exe
20:31:38.0431 0x14c4 VPNManager - ok
20:31:38.0447 0x14c4 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
20:31:38.0447 0x14c4 vsmraid - ok
20:31:38.0462 0x14c4 [ 1C7DC94FDCABD06D24C3A532DC33FB34, 5403724E70ABBE1070958CA58496DB2237F35CAB37296E1ECB64D4A0FE432AC1 ] vsock C:\Windows\system32\drivers\vsock.sys
20:31:38.0462 0x14c4 vsock - ok
20:31:38.0494 0x14c4 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
20:31:38.0541 0x14c4 VSS - ok
20:31:38.0541 0x14c4 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
20:31:38.0541 0x14c4 vwifibus - ok
20:31:38.0556 0x14c4 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
20:31:38.0556 0x14c4 vwififlt - ok
20:31:38.0572 0x14c4 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
20:31:38.0587 0x14c4 W32Time - ok
20:31:38.0587 0x14c4 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
20:31:38.0587 0x14c4 WacomPen - ok
20:31:38.0603 0x14c4 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:31:38.0603 0x14c4 WANARP - ok
20:31:38.0603 0x14c4 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:31:38.0603 0x14c4 Wanarpv6 - ok
20:31:38.0650 0x14c4 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
20:31:38.0681 0x14c4 wbengine - ok
20:31:38.0697 0x14c4 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:31:38.0697 0x14c4 WbioSrvc - ok
20:31:38.0712 0x14c4 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:31:38.0728 0x14c4 wcncsvc - ok
20:31:38.0728 0x14c4 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:31:38.0728 0x14c4 WcsPlugInService - ok
20:31:38.0728 0x14c4 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
20:31:38.0728 0x14c4 Wd - ok
20:31:38.0759 0x14c4 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:31:38.0775 0x14c4 Wdf01000 - ok
20:31:38.0775 0x14c4 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:31:38.0791 0x14c4 WdiServiceHost - ok
20:31:38.0791 0x14c4 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:31:38.0791 0x14c4 WdiSystemHost - ok
20:31:38.0806 0x14c4 [ 4E89FC53493704BF835F0300DC201C34, FB3080725E144D93512DED81047D21C0582BC3412250EFF37E039108D7351F53 ] WebClient C:\Windows\System32\webclnt.dll
20:31:38.0806 0x14c4 WebClient - ok
20:31:38.0822 0x14c4 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:31:38.0822 0x14c4 Wecsvc - ok
20:31:38.0837 0x14c4 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:31:38.0837 0x14c4 wercplsupport - ok
20:31:38.0837 0x14c4 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
20:31:38.0837 0x14c4 WerSvc - ok
20:31:38.0853 0x14c4 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:31:38.0853 0x14c4 WfpLwf - ok
20:31:38.0853 0x14c4 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:31:38.0853 0x14c4 WIMMount - ok
20:31:38.0853 0x14c4 WinDefend - ok
20:31:38.0853 0x14c4 WinHttpAutoProxySvc - ok
20:31:38.0869 0x14c4 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:31:38.0884 0x14c4 Winmgmt - ok
20:31:38.0931 0x14c4 [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\Windows\system32\WsmSvc.dll
20:31:38.0978 0x14c4 WinRM - ok
20:31:38.0994 0x14c4 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\drivers\WinUsb.sys
20:31:38.0994 0x14c4 WinUsb - ok
20:31:39.0025 0x14c4 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
20:31:39.0041 0x14c4 Wlansvc - ok
20:31:39.0041 0x14c4 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:31:39.0041 0x14c4 WmiAcpi - ok
20:31:39.0056 0x14c4 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:31:39.0056 0x14c4 wmiApSrv - ok
20:31:39.0072 0x14c4 WMPNetworkSvc - ok
20:31:39.0072 0x14c4 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:31:39.0072 0x14c4 WPCSvc - ok
20:31:39.0072 0x14c4 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:31:39.0087 0x14c4 WPDBusEnum - ok
20:31:39.0087 0x14c4 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:31:39.0087 0x14c4 ws2ifsl - ok
20:31:39.0087 0x14c4 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
20:31:39.0103 0x14c4 wscsvc - ok
20:31:39.0103 0x14c4 WSearch - ok
20:31:39.0166 0x14c4 [ 499034D7F1F6AF49F9EE12F8822793CB, 55D591C4861AF66C6B9201BF78808B2ECE7B79D95C6BB07FF0ED87EFE63DD99E ] wuauserv C:\Windows\system32\wuaueng.dll
20:31:39.0228 0x14c4 wuauserv - ok
20:31:39.0228 0x14c4 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:31:39.0244 0x14c4 WudfPf - ok
20:31:39.0244 0x14c4 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\drivers\WUDFRd.sys
20:31:39.0259 0x14c4 WUDFRd - ok
20:31:39.0259 0x14c4 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:31:39.0259 0x14c4 wudfsvc - ok
20:31:39.0275 0x14c4 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
20:31:39.0275 0x14c4 WwanSvc - ok
20:31:39.0291 0x14c4 ================ Scan global ===============================
20:31:39.0291 0x14c4 [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
20:31:39.0306 0x14c4 [ E80CA72FA43BF258E72C408CEF9839BE, 06482E80F43AD91F4B9E5919A0C50219382213D59EACF9FBAE7AFD7A321F30D2 ] C:\Windows\system32\winsrv.dll
20:31:39.0322 0x14c4 [ E80CA72FA43BF258E72C408CEF9839BE, 06482E80F43AD91F4B9E5919A0C50219382213D59EACF9FBAE7AFD7A321F30D2 ] C:\Windows\system32\winsrv.dll
20:31:39.0322 0x14c4 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
20:31:39.0337 0x14c4 [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
20:31:39.0353 0x14c4 [ Global ] - ok
20:31:39.0353 0x14c4 ================ Scan MBR ==================================
20:31:39.0353 0x14c4 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:31:39.0416 0x14c4 \Device\Harddisk0\DR0 - ok
20:31:39.0416 0x14c4 [ C06575B18B90345CE86AB291B56DB94D ] \Device\Harddisk1\DR1
20:31:39.0431 0x14c4 \Device\Harddisk1\DR1 - ok
20:31:39.0431 0x14c4 ================ Scan VBR ==================================
20:31:39.0431 0x14c4 [ BDC0FCA9847D144BCDC783ADB9C2FD1C ] \Device\Harddisk0\DR0\Partition1
20:31:39.0431 0x14c4 \Device\Harddisk0\DR0\Partition1 - ok
20:31:39.0431 0x14c4 [ BE443E9F9C53C09F7806F3A502DF53F3 ] \Device\Harddisk0\DR0\Partition2
20:31:39.0431 0x14c4 \Device\Harddisk0\DR0\Partition2 - ok
20:31:39.0431 0x14c4 [ 11CCF29649B77095039BD6F6BD386AA6 ] \Device\Harddisk1\DR1\Partition1
20:31:39.0447 0x14c4 \Device\Harddisk1\DR1\Partition1 - ok
20:31:39.0447 0x14c4 ================ Scan generic autorun ======================
20:31:39.0462 0x14c4 [ B2B879C0BA746CBB6A97212D8B5908B9, 6B38EB19064746EF42B6DABE754361377D6A460FD8E4C6B619EF4DD659F7357B ] C:\Program Files\SmartTechnology\Software\ProfilerU.exe
20:31:39.0478 0x14c4 ProfilerU - ok
20:31:39.0525 0x14c4 [ 27F8A7A78773427E5D931628F89D6839, 61A312590322109BEA9EA70345E6FB40435D9BACE2B9CFF3ADF68C7B3D6FA163 ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
20:31:39.0541 0x14c4 avgnt - ok
20:31:39.0541 0x14c4 [ F2BC40E35AB242AA27BCD8FBA9D0B5CB, 4F89E1F57E8E4897D1614DAA852B0CBF7C1FD705641895E874C52377DC3F3403 ] C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
20:31:39.0541 0x14c4 Avira Systray - ok
20:31:39.0572 0x14c4 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
20:31:39.0603 0x14c4 Sidebar - ok
20:31:39.0603 0x14c4 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
20:31:39.0619 0x14c4 mctadmin - ok
20:31:39.0650 0x14c4 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
20:31:39.0666 0x14c4 Sidebar - ok
20:31:39.0666 0x14c4 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
20:31:39.0666 0x14c4 mctadmin - ok
20:31:39.0869 0x14c4 [ 18EE6C694976C4D205AF24D6CCE3B660, 262F8B929CBBC8BFDD465826A27625ED9508A7C325C45F1964A4EFAC36D60056 ] C:\Program Files\CCleaner\CCleaner64.exe
20:31:39.0994 0x14c4 CCleaner Monitoring - ok
20:31:40.0041 0x14c4 [ E3BF29CED96790CDAAFA981FFDDF53A3, 76CB27EF7B27E5636EDA9D95229519B2A2870729A0BB694F1FD11CD602BAC4DC ] C:\Program Files\Windows Sidebar\sidebar.exe
20:31:40.0072 0x14c4 Sidebar - ok
20:31:40.0072 0x14c4 Waiting for KSN requests completion. In queue: 260
20:31:41.0072 0x14c4 Waiting for KSN requests completion. In queue: 260
20:31:42.0072 0x14c4 Waiting for KSN requests completion. In queue: 260
20:31:43.0072 0x14c4 Waiting for KSN requests completion. In queue: 260
20:31:44.0110 0x14c4 AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 15.0.12.420 ), 0x41000 ( enabled : updated )
20:31:44.0157 0x14c4 Win FW state via NFP2: disabled ( trusted )
20:31:46.0922 0x14c4 ============================================================
20:31:46.0922 0x14c4 Scan finished
20:31:46.0922 0x14c4 ============================================================
20:31:46.0922 0x16c4 Detected object count: 0
20:31:46.0922 0x16c4 Actual detected object count: 0
|
|
28.08.2015, 15:23
| #6 |
| /// the machine /// TB-Ausbilder | Win32 Dateien verschieben und löschen sich Virus ggf Trojaner hi, Scan mit Combofix
__________________ --> Win32 Dateien verschieben und löschen sich Virus ggf Trojaner |
|
28.08.2015, 23:05
| #7 |
| | Win32 Dateien verschieben und löschen sich Virus ggf TrojanerCode:
ATTFilter ComboFix 15-08-27.01 - Chef 28.08.2015 23:55:23.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8151.5907 [GMT 2:00]
ausgeführt von:: c:\users\Chef\Desktop\ComboFix.exe
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 192 bytes in 1 streams.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\users\Chef\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\Chef\AppData\Roaming\install.imp
c:\users\Chef\AppData\Roaming\Microsoft\Windows\Recent\Dota 2.url
c:\users\Chef\AppData\Roaming\raio93.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-07-28 bis 2015-08-28 ))))))))))))))))))))))))))))))
.
.
2015-08-28 21:59 . 2015-08-28 21:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-08-28 17:36 . 2015-07-31 09:21 11745192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C9B238AD-FED1-48FF-8B78-D5E230EBBC55}\mpengine.dll
2015-08-27 18:16 . 2015-08-27 18:30 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-08-26 18:23 . 2015-08-26 18:24 -------- d-----w- C:\FRST
2015-08-25 15:37 . 2015-08-25 15:37 -------- d-----w- c:\program files\Bitcoin
2015-08-25 14:30 . 2015-08-25 14:33 -------- d-----w- c:\users\Chef\AppData\Roaming\Electrum
2015-08-25 14:30 . 2015-08-25 14:30 -------- d-----w- c:\program files (x86)\Electrum
2015-08-25 14:01 . 2015-08-25 15:53 -------- d-----w- c:\users\Chef\AppData\Roaming\Bitcoin
2015-08-25 14:00 . 2015-08-26 07:47 -------- d-----w- c:\users\Chef\AppData\Roaming\Armory
2015-08-25 14:00 . 2015-08-26 07:47 -------- d-----w- c:\program files (x86)\Armory
2015-08-23 19:22 . 2015-08-23 19:23 -------- d-----w- c:\programdata\FlyVPN
2015-08-22 23:32 . 2015-07-09 17:21 379392 ----a-w- c:\windows\system32\ssleay32.dll
2015-08-22 23:32 . 2015-07-09 17:21 379392 ----a-w- c:\windows\system32\libssl32.dll
2015-08-22 23:32 . 2015-07-09 17:20 2077184 ----a-w- c:\windows\system32\libeay32.dll
2015-08-22 23:32 . 2015-08-22 23:32 -------- d-----w- C:\OpenSSL-Win64
2015-08-22 23:29 . 2015-08-22 23:29 -------- d-----w- c:\program files\OpenVPN
2015-08-22 23:21 . 2015-08-22 23:28 -------- d-----w- c:\users\Chef\AppData\Local\SaferVPN
2015-08-22 21:59 . 2015-08-22 22:04 -------- d-----w- c:\users\Chef\AppData\Roaming\MultiBitHD
2015-08-22 21:58 . 2015-08-22 21:58 -------- d-----w- c:\program files\MultiBit HD
2015-08-21 11:34 . 2015-08-21 11:34 -------- d-----w- c:\program files (x86)\PC Inspector File Recovery
2015-08-21 11:34 . 2002-02-18 16:40 6200 ----a-w- c:\windows\SysWow64\INT13EXT.VXD
2015-08-21 11:34 . 2002-12-05 12:12 692224 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2015-08-21 11:34 . 2002-12-05 12:10 155648 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2015-08-21 11:34 . 2002-12-02 13:22 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2015-08-21 11:34 . 2002-12-02 11:33 57344 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2015-08-21 11:34 . 2002-12-02 11:33 237568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2015-08-21 11:34 . 2015-08-21 11:34 282756 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2015-08-21 11:34 . 2015-08-21 11:34 163972 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2015-08-21 11:31 . 2015-08-21 11:31 -------- d-----w- C:\sss
2015-08-20 14:34 . 2015-08-20 14:34 12872 ----a-w- c:\windows\system32\bootdelete.exe
2015-08-20 14:30 . 2015-08-20 14:35 -------- d-----w- c:\programdata\Comodo
2015-08-20 14:27 . 2015-08-20 14:27 -------- d-----w- c:\program files\HitmanPro
2015-08-20 14:26 . 2015-08-20 14:35 -------- d-----w- c:\programdata\HitmanPro
2015-08-20 14:15 . 2015-08-20 14:17 -------- d-----w- C:\AdwCleaner
2015-08-19 22:43 . 2015-08-11 01:20 25191936 ----a-w- c:\windows\system32\mshtml.dll
2015-08-19 22:43 . 2015-08-11 01:14 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2015-08-19 22:43 . 2015-08-11 00:33 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2015-08-14 14:09 . 2015-08-14 14:09 -------- d-----w- c:\users\Chef\AppData\Local\CEF
2015-08-13 01:09 . 2015-07-30 13:13 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 01:09 . 2015-07-30 13:13 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 10:08 . 2015-07-28 20:09 17344 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-08-12 10:04 . 2015-07-15 03:19 2004992 ----a-w- c:\windows\system32\msxml6.dll
2015-08-10 16:46 . 2015-08-10 16:46 -------- d-----w- c:\users\Chef\AppData\Local\Microsoft Research
2015-08-10 16:45 . 2015-08-10 16:45 -------- d-----w- c:\program files (x86)\Microsoft Research
2015-08-09 10:28 . 2015-08-09 12:42 -------- d-----w- c:\windows\Panther
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-28 22:00 . 2014-11-29 03:32 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-08-27 18:15 . 2014-11-29 03:31 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-08-26 17:58 . 2014-11-28 23:51 162528 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2015-08-26 17:58 . 2014-11-28 23:51 141416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2015-08-13 01:00 . 2013-11-29 14:41 132483416 ----a-w- c:\windows\system32\MRT.exe
2015-07-15 17:54 . 2015-08-12 10:08 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-07-04 18:07 . 2015-07-15 10:03 2087424 ----a-w- c:\windows\system32\ole32.dll
2015-07-04 17:48 . 2015-07-15 10:03 1414656 ----a-w- c:\windows\SysWow64\ole32.dll
2015-06-23 11:30 . 2010-11-21 03:27 300704 ------w- c:\windows\system32\MpSigStub.exe
2015-06-18 06:41 . 2014-11-29 03:31 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-06-18 06:41 . 2014-11-29 03:31 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-06-17 17:47 . 2015-07-15 10:07 404992 ----a-w- c:\windows\system32\gdi32.dll
2015-06-17 17:37 . 2015-07-15 10:07 312320 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-06-15 21:50 . 2015-07-15 10:03 112064 ----a-w- c:\windows\system32\consent.exe
2015-06-15 21:45 . 2015-07-15 10:03 3242496 ----a-w- c:\windows\system32\msi.dll
2015-06-15 21:45 . 2015-07-15 10:03 504320 ----a-w- c:\windows\system32\msihnd.dll
2015-06-15 21:45 . 2015-07-15 10:03 1941504 ----a-w- c:\windows\system32\authui.dll
2015-06-15 21:45 . 2015-07-15 10:03 70656 ----a-w- c:\windows\system32\appinfo.dll
2015-06-15 21:44 . 2015-07-15 10:03 128000 ----a-w- c:\windows\system32\msiexec.exe
2015-06-15 21:43 . 2015-07-15 10:03 337408 ----a-w- c:\windows\SysWow64\msihnd.dll
2015-06-15 21:43 . 2015-07-15 10:03 2364416 ----a-w- c:\windows\SysWow64\msi.dll
2015-06-15 21:43 . 2015-07-15 10:03 1805824 ----a-w- c:\windows\SysWow64\authui.dll
2015-06-15 21:42 . 2015-07-15 10:03 73216 ----a-w- c:\windows\SysWow64\msiexec.exe
2015-06-15 21:42 . 2015-07-15 10:03 25088 ----a-w- c:\windows\system32\msimsg.dll
2015-06-15 21:37 . 2015-07-15 10:03 25088 ----a-w- c:\windows\SysWow64\msimsg.dll
2015-06-09 18:03 . 2015-07-15 10:07 3180544 ----a-w- c:\windows\system32\rdpcorets.dll
2015-06-09 18:03 . 2015-07-15 10:07 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2015-06-02 00:07 . 2015-07-15 10:07 254976 ----a-w- c:\windows\system32\cewmdm.dll
2015-06-01 23:47 . 2015-07-15 10:07 210432 ----a-w- c:\windows\SysWow64\cewmdm.dll
2015-05-31 05:59 . 2015-07-13 18:48 66752 ----a-w- c:\windows\system32\drivers\vmx86.sys
2015-05-31 05:59 . 2015-07-13 18:48 26816 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2015-05-31 05:59 . 2015-07-13 18:48 931520 ----a-w- c:\windows\system32\vnetlib64.dll
2015-05-31 05:59 . 2015-07-13 18:48 359104 ----a-w- c:\windows\SysWow64\vmnetdhcp.exe
2015-05-31 05:58 . 2015-07-13 18:48 438464 ----a-w- c:\windows\SysWow64\vmnat.exe
2015-05-31 05:58 . 2015-05-31 05:58 81088 ----a-w- c:\windows\system32\vmnetbridge.dll
2015-05-31 05:58 . 2015-05-31 05:58 49856 ----a-w- c:\windows\system32\vnetinst.dll
2015-05-31 05:58 . 2015-05-31 05:58 48832 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys
2015-05-31 05:58 . 2015-05-31 05:58 28864 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys
2015-05-31 05:58 . 2015-05-31 05:58 27328 ----a-w- c:\windows\system32\drivers\vmnet.sys
2015-05-31 05:58 . 2015-07-13 18:48 33472 ----a-w- c:\windows\system32\drivers\VMkbd.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-11-21 7063832]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2015-08-26 782008]
"Avira Systray"="c:\program files (x86)\Avira\Launcher\Avira.Systray.exe" [2015-07-02 134368]
.
c:\users\Chef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2015-2-17 0]
svcchost.url [2014-4-18 159]
svchosst.url [2014-4-9 160]
svchost2.url [2014-4-6 151]
svchostt.url [2014-4-9 157]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 AntiVirMailService;Avira Email-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x]
R2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 EslWireHelper;ESL Wire Helper Service;c:\program files\EslWire\service\WireHelperSvc.exe;c:\program files\EslWire\service\WireHelperSvc.exe [x]
R3 CisUtMonitor;CisUtMonitor;c:\windows\system32\DRIVERS\CisUtMonitor.sys;c:\windows\SYSNATIVE\DRIVERS\CisUtMonitor.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 FlashUSB;FlashUSB;c:\windows\system32\DRIVERS\FlashUSB_x64.sys;c:\windows\SYSNATIVE\DRIVERS\FlashUSB_x64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [x]
S0 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys;c:\windows\SYSNATIVE\drivers\ESLWireACD.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Avira.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 EnergyDriver;Intel Energy Driver;c:\program files\Intel\Power Gadget 3.0\EnergyDriver.sys;c:\program files\Intel\Power Gadget 3.0\EnergyDriver.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe;c:\windows\SysWOW64\nlssrv32.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S2 VPNManager;Perfect Privacy VPN Manager;c:\program files (x86)\Perfect Privacy VPN Manager\VPNManagerService.exe;c:\program files (x86)\Perfect Privacy VPN Manager\VPNManagerService.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 SaiK1703;SaiK1703;c:\windows\system32\DRIVERS\SaiK1703.sys;c:\windows\SYSNATIVE\DRIVERS\SaiK1703.sys [x]
S3 SaiU1703;SaiU1703;c:\windows\system32\DRIVERS\SaiU1703.sys;c:\windows\SYSNATIVE\DRIVERS\SaiU1703.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-08-21 18:30 993608 ----a-w- c:\program files (x86)\Google\Chrome\Application\44.0.2403.157\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-08-08 09:24]
.
2015-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-08-08 09:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2014-07-16 09:06 672416 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2014-07-16 09:06 672416 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2014-07-16 09:06 672416 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProfilerU"="c:\program files\SmartTechnology\Software\ProfilerU.exe" [2013-04-16 454144]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
uDefault_Search_URL = www.google.com
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = www.google.com
mDefault_Page_URL = about:blank
mDefault_Search_URL = www.google.com
TCP: Interfaces\{828080A0-9AB4-4F98-B91D-6E891482D9B7}: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{D3B28D28-01AC-4BA8-B889-E295C6433F59}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\lkuap7q3.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1794054482-4240154565-431294608-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CD33ED78-1F2D-1ACE-1732-E7D9A04D2AB4}*]
"jaaafpimooccpgcclick"=hex:62,61,6f,6e,00,00
"iaabpglmlcdagfggci"=hex:6b,61,6a,6e,6d,6d,6e,68,61,61,65,61,6e,6e,6a,6c,69,6c,
69,65,64,67,00,00
"hagajepmlomjfiji"=hex:6b,61,6a,6e,6d,6d,6e,68,61,61,65,61,6e,6e,6f,6c,6c,6e,
6b,63,62,6f,00,00
"jaaafpimooccpgcclioj"=hex:62,61,6f,6e,00,00
"hamphgaincfcmplh"=hex:6f,61,6e,61,6e,65,61,65,69,68,61,6d,67,64,6f,69,6e,6f,
64,68,62,6c,65,66,62,6d,62,6b,66,6b,00,6c
"jalpapbopobfhnlmmdfi"=hex:64,62,69,61,6f,63,67,64,6a,64,6b,69,67,64,70,70,67,
63,64,70,61,65,65,6d,66,6f,6f,70,61,6e,6f,68,67,63,70,6b,6c,6c,62,64,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\vmnat.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\ Malwarebytes Anti-Malware \mbam.exe
e:\programme\vmware-authd.exe
c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-08-29 00:03:09 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2015-08-28 22:03
.
Vor Suchlauf: 9.528.635.392 Bytes frei
Nach Suchlauf: 9.384.796.160 Bytes frei
.
- - End Of File - - 7AC15F9B6A50CDF14F4ABAA4C396B297
A36C5E4F47E84449FF07ED3517B43A31
|
|
29.08.2015, 12:42
| #8 |
| /// the machine /// TB-Ausbilder | Win32 Dateien verschieben und löschen sich Virus ggf Trojaner Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
29.08.2015, 14:58
| #9 |
| | Win32 Dateien verschieben und löschen sich Virus ggf Trojaner MBAM Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 29.08.2015 Suchlaufzeit: 15:31 Protokolldatei: mbam.txt Administrator: Ja Version: 2.1.8.1057 Malware-Datenbank: v2015.08.29.02 Rootkit-Datenbank: v2015.08.16.01 Lizenz: Premium-Version Malware-Schutz: Aktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Chef Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 414269 Abgelaufene Zeit: 10 Min., 12 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswerte: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 0 (keine bösartigen Elemente erkannt) Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) AdwCleaner Code:
ATTFilter # AdwCleaner v5.004 - Bericht erstellt 29/08/2015 um 15:45:08
# Aktualisiert 26/08/2015 von Xplode
# Datenbank : 2015-08-25.1 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x64)
# Benutzername : Chef - CHEF-PC
# Gestarted von : C:\Users\Chef\Desktop\AdwCleaner_5.004.exe
# Option : Suchlauf
# Unterstützung : hxxp://toolslib.net/forum
***** [ Dienste ] *****
***** [ Ordner ] *****
***** [ Dateien ] *****
***** [ Verknüpfungen ] *****
***** [ Geplante Tasks ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Internetbrowser ] *****
[C:\Users\Chef\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Gefunden : ask
[C:\Users\Chef\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Gefunden : babylon.com
[C:\Users\Chef\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Gefunden : isearch.avg.com
[C:\Users\Chef\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Gefunden : delta-search.com
[C:\Users\Chef\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Gefunden : de.ask.com
[C:\Users\Chef\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Gefunden : hxxp://isearch.babylon.com/?affID=119776&babsrc=HP_ss_gr2&mntrId=A40B0015AF5CF873
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1353 Bytes] ##########
JRT Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.9 (08.27.2015:1)
OS: Windows 7 Professional x64
Ran by Chef on 29.08.2015 at 15:48:05,66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\TuneUp Undelete
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer
~~~ Files
Successfully deleted: [File] C:\Windows\SysWOW64\REN8C97.tmp
~~~ Folders
Successfully deleted: [Folder] C:\Windows\SysWOW64\ai_recyclebin
Successfully deleted: [Folder] C:\Windows\SysWOW64\C2MP
Successfully deleted: [Folder] C:\Users\Chef\AppData\Roaming\1661
~~~ Chrome
[C:\Users\Chef\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
[C:\Users\Chef\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
[C:\Users\Chef\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
[C:\Users\Chef\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.08.2015 at 15:51:23,16
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Frisches FRST Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:28-08-2015
durchgeführt von Chef (Administrator) auf CHEF-PC (29-08-2015 15:55:37)
Gestartet von C:\Users\Chef\Desktop
Geladene Profile: Chef (Verfügbare Profile: Chef)
Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-04-16] (Saitek)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [782008 2015-08-26] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [134368 2015-07-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5579624 2015-08-03] (LogMeIn Inc.)
HKU\S-1-5-21-1794054482-4240154565-431294608-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
Startup: C:\Users\Chef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2015-02-17] ()
InternetURL: C:\Users\Chef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svcchost.url -> file:///C:/Users/Chef/AppData/Roaming/macromedia/Diashow8128581258.exe
InternetURL: C:\Users\Chef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchosst.url -> file:///C:/Users/Chef/AppData/Roaming/macromedia/Diashow12918568128.exe
InternetURL: C:\Users\Chef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost2.url -> file:///C:/Users/Chef/AppData/Roaming/macromedia/Faceboook.exe
InternetURL: C:\Users\Chef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchostt.url -> file:///C:/Users/Chef/AppData/Roaming/macromedia/SkypeSpreaderv2.exe
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-07-16] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-07-16] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-07-16] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Keine Datei
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1794054482-4240154565-431294608-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1794054482-4240154565-431294608-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-05] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-05] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-05] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-05] (Oracle Corporation)
Toolbar: HKLM - Kein Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - Keine Datei
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Winsock: Catalog5 07 C:\Windows\SysWOW64\PrxerNsp.dll [84040 2015-06-23] ()
Winsock: Catalog5-x64 07 C:\Windows\system32\PrxerNsp.dll [96840 2015-06-23] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{828080A0-9AB4-4F98-B91D-6E891482D9B7}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{D3B28D28-01AC-4BA8-B889-E295C6433F59}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{F60F2829-EE84-451A-8E86-BCFE201DFB6F}: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\lkuap7q3.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll [2014-04-29] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-05] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-23] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-07-22] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll [2014-04-29] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-05] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-08-31] (Pando Networks)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> E:\Spiele\Arc\Plugins\npArcPluginFF.dll [Keine Datei]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-27] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-07-22] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1794054482-4240154565-431294608-1000: @my.com/Games -> C:\Users\Chef\AppData\Local\MyComGames\NPMyComDetector.dll [2015-08-12] (My.com, Inc)
FF Plugin HKU\S-1-5-21-1794054482-4240154565-431294608-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Chef\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-08-08] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1794054482-4240154565-431294608-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-08-31] (Pando Networks)
FF Plugin HKU\S-1-5-21-1794054482-4240154565-431294608-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-04-15] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Extension: anonymoX - C:\Users\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\lkuap7q3.default\Extensions\client@anonymox.net.xpi [2015-08-20]
FF Extension: Adblock Plus - C:\Users\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\lkuap7q3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-07-24]
Chrome:
=======
CHR Profile: C:\Users\Chef\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Chef\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-24]
CHR Extension: (Google Docs) - C:\Users\Chef\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-24]
CHR Extension: (Google Drive) - C:\Users\Chef\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-24]
CHR Extension: (YouTube) - C:\Users\Chef\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-24]
CHR Extension: (Google Search) - C:\Users\Chef\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-24]
CHR Extension: (Google Sheets) - C:\Users\Chef\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-24]
CHR Extension: (AdBlock) - C:\Users\Chef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-07-24]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Chef\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Chef\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-08]
CHR Extension: (Gmail) - C:\Users\Chef\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-24]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [887128 2015-08-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [461672 2015-08-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [461672 2015-08-26] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1213072 2015-08-26] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [218816 2015-07-02] (Avira Operations GmbH & Co. KG)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-08-03] (LogMeIn, Inc.)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S2 SbieSvc; E:\Programme\SbieSvc.exe [187592 2014-01-17] (Sandboxie Holdings, LLC)
S2 VMAuthdService; E:\Programme\vmware-authd.exe [87744 2015-05-31] (VMware, Inc.)
S2 VPNManager; C:\Program Files (x86)\Perfect Privacy VPN Manager\VPNManagerService.exe [17408 2015-02-13] (Perfect Privacy) [Datei ist nicht signiert]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 EslWireHelper; C:\Program Files\EslWire\service\WireHelperSvc.exe [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [162528 2015-08-26] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [141416 2015-08-26] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-10-23] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-05] (Avira Operations GmbH & Co. KG)
S3 CisUtMonitor; C:\Windows\System32\DRIVERS\CisUtMonitor.sys [33360 2011-10-30] (CrystalIdea Software)
R2 EnergyDriver; C:\Program Files\Intel\Power Gadget 3.0\EnergyDriver.sys [14224 2014-08-21] ()
R0 ESLWireAC; C:\Windows\System32\drivers\ESLWireACD.sys [184968 2014-05-27] (<Turtle Entertainment>)
S3 FlashUSB; C:\Windows\System32\DRIVERS\FlashUSB_x64.sys [19968 2010-12-21] (Danish Wireless Design A/S)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 SaiK1703; C:\Windows\System32\DRIVERS\SaiK1703.sys [180544 2012-09-20] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
R3 SaiU1703; C:\Windows\System32\DRIVERS\SaiU1703.sys [47168 2012-09-20] (Saitek)
R3 SbieDrv; E:\Programme\SbieDrv.sys [202600 2014-01-17] (Sandboxie Holdings, LLC)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2014-12-14] ()
R0 vsock; C:\Windows\System32\drivers\vsock.sys [76480 2015-05-21] (VMware, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 pmem; \??\C:\Users\Chef\AppData\Local\Temp\_MEI66242\drivers\winpmem64.sys [X]
S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-08-29 15:55 - 2015-08-29 15:55 - 02186752 _____ (Farbar) C:\Users\Chef\Downloads\FRST64.exe
2015-08-29 15:55 - 2015-08-29 15:55 - 02186752 _____ (Farbar) C:\Users\Chef\Desktop\FRST64.exe
2015-08-29 15:55 - 2015-08-29 15:55 - 00017166 _____ C:\Users\Chef\Desktop\FRST.txt
2015-08-29 15:51 - 2015-08-29 15:51 - 00001541 _____ C:\Users\Chef\Desktop\JRT.txt
2015-08-29 15:45 - 2015-08-29 15:45 - 00001432 _____ C:\Users\Chef\Desktop\AdwCleaner[S3].txt
2015-08-29 15:42 - 2015-08-29 15:42 - 00001202 _____ C:\Users\Chef\Desktop\mbam.txt
2015-08-29 15:34 - 2015-08-29 15:34 - 00001377 _____ C:\Users\Chef\Desktop\Anleitung.txt
2015-08-29 15:32 - 2015-08-29 15:32 - 01798640 _____ (Malwarebytes Corporation) C:\Users\Chef\Downloads\JRT.exe
2015-08-29 15:32 - 2015-08-29 15:32 - 01798640 _____ (Malwarebytes Corporation) C:\Users\Chef\Desktop\JRT.exe
2015-08-29 15:32 - 2015-08-29 15:32 - 01618432 _____ C:\Users\Chef\Downloads\AdwCleaner_5.004.exe
2015-08-29 15:32 - 2015-08-29 15:32 - 01618432 _____ C:\Users\Chef\Desktop\AdwCleaner_5.004.exe
2015-08-29 12:58 - 2015-08-29 12:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-08-29 12:58 - 2015-08-29 12:58 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2015-08-29 12:57 - 2015-08-29 15:46 - 00007616 _____ C:\Windows\setupact.log
2015-08-29 12:57 - 2015-08-29 12:57 - 00274200 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-29 12:57 - 2015-08-29 12:57 - 00061632 _____ C:\Users\Chef\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-29 12:57 - 2015-08-29 12:57 - 00000000 _____ C:\Windows\setuperr.log
2015-08-28 23:54 - 2015-08-29 00:03 - 00000000 ____D C:\Qoobox
2015-08-28 23:54 - 2015-08-29 00:01 - 00000000 ____D C:\Windows\erdnt
2015-08-28 23:54 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-08-28 23:54 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-08-28 23:54 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-08-28 23:54 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-08-28 23:54 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-08-28 23:54 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-08-28 23:54 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-08-28 23:54 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-08-27 20:16 - 2015-08-27 20:30 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-08-27 20:15 - 2015-08-27 20:29 - 00000000 ____D C:\Users\Chef\Desktop\mbar
2015-08-26 20:23 - 2015-08-29 15:55 - 00000000 ____D C:\FRST
2015-08-26 01:40 - 2015-08-26 01:40 - 00000218 _____ C:\Users\Chef\.recently-used.xbel
2015-08-25 17:49 - 2015-08-27 00:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Armory
2015-08-25 17:37 - 2015-08-25 17:37 - 00000000 ____D C:\Users\Chef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitcoin Core
2015-08-25 17:37 - 2015-08-25 17:37 - 00000000 ____D C:\Program Files\Bitcoin
2015-08-25 16:30 - 2015-08-25 16:33 - 00000000 ____D C:\Users\Chef\AppData\Roaming\Electrum
2015-08-25 16:30 - 2015-08-25 16:30 - 00001007 _____ C:\Users\Chef\Desktop\Electrum.lnk
2015-08-25 16:30 - 2015-08-25 16:30 - 00000000 ____D C:\Users\Chef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Electrum
2015-08-25 16:30 - 2015-08-25 16:30 - 00000000 ____D C:\Program Files (x86)\Electrum
2015-08-25 16:01 - 2015-08-25 17:53 - 00000000 ____D C:\Users\Chef\AppData\Roaming\Bitcoin
2015-08-25 16:00 - 2015-08-26 09:47 - 00000000 ____D C:\Users\Chef\AppData\Roaming\Armory
2015-08-25 16:00 - 2015-08-26 09:47 - 00000000 ____D C:\Program Files (x86)\Armory
2015-08-23 21:22 - 2015-08-23 21:23 - 00000000 ____D C:\ProgramData\FlyVPN
2015-08-23 01:32 - 2015-08-23 01:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenSSL
2015-08-23 01:32 - 2015-08-23 01:32 - 00000000 ____D C:\OpenSSL-Win64
2015-08-23 01:32 - 2015-07-09 19:21 - 00379392 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\system32\ssleay32.dll
2015-08-23 01:32 - 2015-07-09 19:21 - 00379392 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\system32\libssl32.dll
2015-08-23 01:32 - 2015-07-09 19:20 - 02077184 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\system32\libeay32.dll
2015-08-23 01:29 - 2015-08-23 01:30 - 00001021 _____ C:\Users\Public\Desktop\OpenVPN GUI.lnk
2015-08-23 01:29 - 2015-08-23 01:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2015-08-23 01:29 - 2015-08-23 01:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2015-08-23 01:29 - 2015-08-23 01:29 - 00000000 ____D C:\Program Files\OpenVPN
2015-08-23 01:21 - 2015-08-23 01:28 - 00000000 ____D C:\Users\Chef\AppData\Local\SaferVPN
2015-08-22 23:59 - 2015-08-23 00:04 - 00000000 ____D C:\Users\Chef\AppData\Roaming\MultiBitHD
2015-08-22 23:58 - 2015-08-22 23:58 - 00001925 _____ C:\Users\Chef\Desktop\MultiBit HD.lnk
2015-08-22 23:58 - 2015-08-22 23:58 - 00000000 ____D C:\Users\Chef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MultiBit HD
2015-08-22 23:58 - 2015-08-22 23:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MultiBit HD
2015-08-22 23:58 - 2015-08-22 23:58 - 00000000 ____D C:\Program Files\MultiBit HD
2015-08-21 14:04 - 2015-08-21 14:04 - 00000000 ____D C:\Users\Chef\Downloads\Gameforge Live
2015-08-21 13:34 - 2015-08-21 13:34 - 00001858 _____ C:\Users\Public\Desktop\PC Inspector File Recovery.lnk
2015-08-21 13:34 - 2015-08-21 13:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Inspector File Recovery
2015-08-21 13:34 - 2015-08-21 13:34 - 00000000 ____D C:\Program Files (x86)\PC Inspector File Recovery
2015-08-21 13:34 - 2002-02-18 18:40 - 00006200 _____ C:\Windows\SysWOW64\INT13EXT.VXD
2015-08-21 13:31 - 2015-08-21 13:31 - 00000000 ____D C:\sss
2015-08-21 13:31 - 2012-03-18 14:49 - 00880640 _____ C:\Users\Chef\Desktop\dechk2.exe
2015-08-20 16:34 - 2015-08-20 16:34 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2015-08-20 16:30 - 2015-08-20 16:35 - 00000000 ____D C:\ProgramData\Comodo
2015-08-20 16:27 - 2015-08-20 16:27 - 00000000 ____D C:\Program Files\HitmanPro
2015-08-20 16:26 - 2015-08-20 16:35 - 00000000 ____D C:\ProgramData\HitmanPro
2015-08-20 16:15 - 2015-08-29 15:47 - 00000000 ____D C:\AdwCleaner
2015-08-20 16:12 - 2015-08-20 16:36 - 00000000 ____D C:\Users\Chef\Downloads\RevoUninstallerPortable
2015-08-20 00:43 - 2015-08-11 03:20 - 25191936 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-20 00:43 - 2015-08-11 03:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-20 00:43 - 2015-08-11 02:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-20 00:43 - 2015-08-11 02:20 - 19871232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-18 13:49 - 2015-08-18 13:49 - 00000000 _____ C:\Users\Chef\Desktop\geschenk an schatz.txt
2015-08-14 16:09 - 2015-08-14 16:09 - 00000000 ____D C:\Users\Chef\AppData\Local\CEF
2015-08-13 03:09 - 2015-07-30 15:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 03:09 - 2015-07-30 15:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 01:49 - 2015-08-13 01:49 - 00000122 _____ C:\Users\Chef\Desktop\Skyforge My.com.url
2015-08-12 12:12 - 2015-07-21 02:39 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-12 12:12 - 2015-07-21 02:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-08-12 12:12 - 2015-07-16 22:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-08-12 12:12 - 2015-07-16 22:37 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-12 12:12 - 2015-07-16 22:36 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-12 12:12 - 2015-07-16 22:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-12 12:12 - 2015-07-16 22:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-08-12 12:12 - 2015-07-16 22:35 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-12 12:12 - 2015-07-16 22:35 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-12 12:12 - 2015-07-16 22:27 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-12 12:12 - 2015-07-16 22:26 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-12 12:12 - 2015-07-16 22:26 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-12 12:12 - 2015-07-16 22:23 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-12 12:12 - 2015-07-16 22:21 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-12 12:12 - 2015-07-16 22:21 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-12 12:12 - 2015-07-16 22:21 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-12 12:12 - 2015-07-16 22:21 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-08-12 12:12 - 2015-07-16 22:12 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-12 12:12 - 2015-07-16 22:08 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-12 12:12 - 2015-07-16 22:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-12 12:12 - 2015-07-16 21:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-12 12:12 - 2015-07-16 21:54 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-12 12:12 - 2015-07-16 21:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-12 12:12 - 2015-07-16 21:51 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-12 12:12 - 2015-07-16 21:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-08-12 12:12 - 2015-07-16 21:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-12 12:12 - 2015-07-16 21:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-08-12 12:12 - 2015-07-16 21:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-08-12 12:12 - 2015-07-16 21:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-12 12:12 - 2015-07-16 21:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-08-12 12:12 - 2015-07-16 21:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-08-12 12:12 - 2015-07-16 21:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-12 12:12 - 2015-07-16 21:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-12 12:12 - 2015-07-16 21:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-08-12 12:12 - 2015-07-16 21:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-08-12 12:12 - 2015-07-16 21:36 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-12 12:12 - 2015-07-16 21:35 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-12 12:12 - 2015-07-16 21:34 - 14451200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-12 12:12 - 2015-07-16 21:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-08-12 12:12 - 2015-07-16 21:32 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-12 12:12 - 2015-07-16 21:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-12 12:12 - 2015-07-16 21:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-08-12 12:12 - 2015-07-16 21:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-08-12 12:12 - 2015-07-16 21:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-12 12:12 - 2015-07-16 21:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-12 12:12 - 2015-07-16 21:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-12 12:12 - 2015-07-16 21:12 - 02427904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-12 12:12 - 2015-07-16 21:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-12 12:12 - 2015-07-16 21:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-12 12:12 - 2015-07-16 21:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-12 12:12 - 2015-07-16 21:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-08-12 12:12 - 2015-07-16 21:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-12 12:12 - 2015-07-16 20:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-12 12:12 - 2015-07-16 20:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-12 12:12 - 2015-07-16 20:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-12 12:12 - 2015-07-16 20:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-08-12 12:08 - 2015-07-28 22:09 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-12 12:08 - 2015-07-28 22:05 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-12 12:08 - 2015-07-28 22:05 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-12 12:08 - 2015-07-28 22:05 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-12 12:08 - 2015-07-28 22:05 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-12 12:08 - 2015-07-28 22:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-12 12:08 - 2015-07-28 22:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-12 12:08 - 2015-07-28 21:55 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-12 12:08 - 2015-07-16 21:12 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-12 12:08 - 2015-07-16 21:12 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-08-12 12:08 - 2015-07-16 21:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-08-12 12:08 - 2015-07-16 21:11 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-12 12:08 - 2015-07-16 21:11 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-08-12 12:08 - 2015-07-16 21:11 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-12 12:08 - 2015-07-15 20:15 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-12 12:08 - 2015-07-15 20:15 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-12 12:08 - 2015-07-15 20:15 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-12 12:08 - 2015-07-15 20:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-12 12:08 - 2015-07-15 20:12 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-12 12:08 - 2015-07-15 20:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-08-12 12:08 - 2015-07-15 20:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-08-12 12:08 - 2015-07-15 20:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-08-12 12:08 - 2015-07-15 20:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-12 12:08 - 2015-07-15 20:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-08-12 12:08 - 2015-07-15 20:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-12 12:08 - 2015-07-15 20:10 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-12 12:08 - 2015-07-15 20:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-12 12:08 - 2015-07-15 20:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-08-12 12:08 - 2015-07-15 20:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-12 12:08 - 2015-07-15 20:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-12 12:08 - 2015-07-15 20:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-08-12 12:08 - 2015-07-15 20:10 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-12 12:08 - 2015-07-15 20:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-12 12:08 - 2015-07-15 20:10 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-12 12:08 - 2015-07-15 20:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-12 12:08 - 2015-07-15 20:10 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-12 12:08 - 2015-07-15 20:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-12 12:08 - 2015-07-15 20:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-12 12:08 - 2015-07-15 20:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-12 12:08 - 2015-07-15 20:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-12 12:08 - 2015-07-15 20:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-12 12:08 - 2015-07-15 20:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-12 12:08 - 2015-07-15 20:10 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-12 12:08 - 2015-07-15 20:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-12 12:08 - 2015-07-15 20:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-12 12:08 - 2015-07-15 20:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-08-12 12:08 - 2015-07-15 20:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-12 12:08 - 2015-07-15 20:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-08-12 12:08 - 2015-07-15 20:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-12 12:08 - 2015-07-15 20:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-12 12:08 - 2015-07-15 20:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-12 12:08 - 2015-07-15 20:00 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-12 12:08 - 2015-07-15 20:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-12 12:08 - 2015-07-15 20:00 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-12 12:08 - 2015-07-15 20:00 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-12 12:08 - 2015-07-15 20:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-12 12:08 - 2015-07-15 20:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-12 12:08 - 2015-07-15 20:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-12 12:08 - 2015-07-15 20:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-12 12:08 - 2015-07-15 20:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-12 12:08 - 2015-07-15 20:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-12 12:08 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-12 12:08 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-12 12:08 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-12 12:08 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-12 12:08 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-12 12:08 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-12 12:08 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-12 12:08 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-12 12:08 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-12 12:08 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-12 12:08 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-12 12:08 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-12 12:08 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-12 12:08 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-12 12:08 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-12 12:08 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-12 12:08 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-12 12:08 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-12 12:08 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-12 12:08 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-12 12:08 - 2015-07-15 19:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-08-12 12:08 - 2015-07-15 19:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-08-12 12:08 - 2015-07-15 19:56 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-12 12:08 - 2015-07-15 19:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-08-12 12:08 - 2015-07-15 19:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-08-12 12:08 - 2015-07-15 19:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-08-12 12:08 - 2015-07-15 19:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-08-12 12:08 - 2015-07-15 19:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-08-12 12:08 - 2015-07-15 19:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-12 12:08 - 2015-07-15 19:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-12 12:08 - 2015-07-15 19:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-08-12 12:08 - 2015-07-15 19:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-08-12 12:08 - 2015-07-15 19:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-08-12 12:08 - 2015-07-15 19:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-08-12 12:08 - 2015-07-15 19:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-08-12 12:08 - 2015-07-15 19:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-08-12 12:08 - 2015-07-15 19:53 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-12 12:08 - 2015-07-15 19:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-08-12 12:08 - 2015-07-15 19:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-08-12 12:08 - 2015-07-15 19:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-08-12 12:08 - 2015-07-15 19:53 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-08-12 12:08 - 2015-07-15 19:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-08-12 12:08 - 2015-07-15 19:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-08-12 12:08 - 2015-07-15 19:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-08-12 12:08 - 2015-07-15 19:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-08-12 12:08 - 2015-07-15 19:44 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-12 12:08 - 2015-07-15 19:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-12 12:08 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-12 12:08 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-12 12:08 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-12 12:08 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-12 12:08 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-12 12:08 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-12 12:08 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-12 12:08 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-12 12:08 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-12 12:08 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-12 12:08 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-12 12:08 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-12 12:08 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-12 12:08 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-12 12:08 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-12 12:08 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-12 12:08 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-12 12:08 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-12 12:08 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-12 12:08 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-12 12:08 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-12 12:08 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-12 12:08 - 2015-07-15 18:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-12 12:08 - 2015-07-15 18:46 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-12 12:08 - 2015-07-15 18:46 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-12 12:08 - 2015-07-15 18:37 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-08-12 12:08 - 2015-07-15 18:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-08-12 12:08 - 2015-07-15 18:34 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-12 12:08 - 2015-07-15 18:34 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-12 12:08 - 2015-07-15 18:34 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-12 12:08 - 2015-07-15 18:34 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-12 12:08 - 2015-07-15 05:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-12 12:08 - 2015-07-11 15:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-08-12 12:04 - 2015-07-30 20:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-12 12:04 - 2015-07-30 20:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-12 12:04 - 2015-07-30 20:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-12 12:04 - 2015-07-30 20:06 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-12 12:04 - 2015-07-30 20:06 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-12 12:04 - 2015-07-30 20:06 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-12 12:04 - 2015-07-30 20:06 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-12 12:04 - 2015-07-30 19:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-12 12:04 - 2015-07-30 19:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-12 12:04 - 2015-07-30 19:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-08-12 12:04 - 2015-07-30 19:57 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-12 12:04 - 2015-07-30 19:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-08-12 12:04 - 2015-07-30 19:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-08-12 12:04 - 2015-07-30 18:56 - 03208192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-12 12:04 - 2015-07-30 18:52 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-12 12:04 - 2015-07-30 18:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-12 12:04 - 2015-07-20 20:12 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-12 12:04 - 2015-07-20 20:12 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-12 12:04 - 2015-07-20 20:12 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-12 12:04 - 2015-07-20 20:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-12 12:04 - 2015-07-20 20:12 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-12 12:04 - 2015-07-20 20:12 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-12 12:04 - 2015-07-20 20:12 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-12 12:04 - 2015-07-20 20:12 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-12 12:04 - 2015-07-20 20:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-12 12:04 - 2015-07-20 20:12 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-12 12:04 - 2015-07-20 20:12 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-12 12:04 - 2015-07-20 19:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-12 12:04 - 2015-07-20 19:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-12 12:04 - 2015-07-20 19:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-12 12:04 - 2015-07-20 19:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-12 12:04 - 2015-07-20 19:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-08-12 12:04 - 2015-07-15 05:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-12 12:04 - 2015-07-15 05:19 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-12 12:04 - 2015-07-15 05:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-12 12:04 - 2015-07-15 05:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-12 12:04 - 2015-07-15 04:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-12 12:04 - 2015-07-15 04:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-12 12:04 - 2015-07-15 04:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-08-12 12:04 - 2015-07-15 04:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-08-12 12:04 - 2015-07-10 19:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-12 12:04 - 2015-07-10 19:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-12 12:04 - 2015-07-09 19:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-12 12:04 - 2015-07-09 19:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-12 12:04 - 2015-07-09 19:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-12 12:04 - 2015-07-01 22:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-12 12:04 - 2015-07-01 22:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-12 12:04 - 2015-07-01 22:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-12 12:04 - 2015-07-01 22:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-10 18:46 - 2015-08-10 18:46 - 00000000 ____D C:\Users\Chef\AppData\Local\Microsoft Research
2015-08-10 18:45 - 2015-08-10 18:45 - 00003023 _____ C:\Users\Chef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Joulemeter.lnk
2015-08-10 18:45 - 2015-08-10 18:45 - 00000000 ____D C:\Program Files (x86)\Microsoft Research
2015-08-09 23:14 - 2015-08-10 00:15 - 00000089 _____ C:\Users\Chef\Desktop\serien schauen.txt
2015-08-09 12:28 - 2015-08-09 14:42 - 00000000 ____D C:\Windows\Panther
2015-08-08 11:25 - 2015-08-21 20:31 - 00002175 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-08 11:25 - 2015-08-08 11:25 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-08-08 11:25 - 2015-08-08 11:25 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-08-08 11:25 - 2015-08-08 11:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-08 11:24 - 2015-08-29 15:46 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-08 11:24 - 2015-08-29 15:35 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-08 11:24 - 2015-08-27 23:30 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-08 11:24 - 2015-08-27 23:30 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-08-29 15:55 - 2009-07-14 06:45 - 00025872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-29 15:55 - 2009-07-14 06:45 - 00025872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-29 15:47 - 2014-06-06 22:22 - 00000000 ____D C:\Users\Chef\AppData\Local\LogMeIn Hamachi
2015-08-29 15:46 - 2015-07-24 10:20 - 01373666 _____ C:\Windows\WindowsUpdate.log
2015-08-29 15:46 - 2015-02-17 10:52 - 00000000 ____D C:\Users\Chef\AppData\Local\Deployment
2015-08-29 15:46 - 2014-11-29 05:32 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-29 15:46 - 2014-04-06 18:22 - 00000000 ____D C:\ProgramData\VMware
2015-08-29 15:46 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-29 15:44 - 2014-11-15 22:41 - 00000000 ____D C:\Users\Chef\AppData\Roaming\.purple
2015-08-29 12:57 - 2014-04-14 05:41 - 00000000 ____D C:\Users\Chef\AppData\Local\Apps\2.0
2015-08-29 00:06 - 2013-11-28 21:56 - 00701814 _____ C:\Windows\system32\perfh007.dat
2015-08-29 00:06 - 2013-11-28 21:56 - 00150480 _____ C:\Windows\system32\perfc007.dat
2015-08-29 00:06 - 2009-07-14 07:13 - 01627626 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-29 00:03 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2015-08-29 00:00 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-08-27 20:15 - 2014-11-29 05:31 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-26 19:59 - 2014-11-29 01:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-08-26 19:58 - 2014-11-29 01:51 - 00162528 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-08-26 19:58 - 2014-11-29 01:51 - 00141416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-08-26 01:40 - 2013-11-28 13:05 - 00000000 ____D C:\Users\Chef
2015-08-25 18:24 - 2014-06-12 15:40 - 00000000 ____D C:\Users\Chef\AppData\Local\gtk-2.0
2015-08-25 17:32 - 2014-07-19 21:04 - 00000000 ____D C:\Users\Chef\Desktop\Tranieren gogo!
2015-08-22 13:29 - 2014-12-14 09:51 - 00000000 ____D C:\Program Files\Recuva
2015-08-22 10:12 - 2014-04-15 05:44 - 00000000 ____D C:\Users\Chef\Desktop\Textdateien
2015-08-22 10:07 - 2014-12-20 09:13 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-22 10:07 - 2014-12-20 09:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-21 18:41 - 2014-12-20 09:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-21 13:55 - 2013-11-29 11:34 - 00000000 ____D C:\Users\Chef\AppData\Roaming\vlc
2015-08-21 13:34 - 2013-11-28 13:37 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-08-16 03:35 - 2014-12-27 00:25 - 00000000 ____D C:\Users\Chef\AppData\Local\CrashDumps
2015-08-15 22:35 - 2014-05-21 19:46 - 00000000 ____D C:\Windows\Minidump
2015-08-14 16:25 - 2014-04-04 20:38 - 00000000 ____D C:\Program Files (x86)\Steam
2015-08-14 13:22 - 2014-10-02 01:30 - 00000000 ____D C:\Users\Chef\Desktop\Tattoos die ich machen lassen will
2015-08-13 14:44 - 2015-07-22 21:23 - 00000000 ____D C:\Windows\rescache
2015-08-13 03:48 - 2015-04-16 00:09 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-13 03:48 - 2014-05-06 18:48 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-13 03:06 - 2013-11-29 16:41 - 00000000 ____D C:\Windows\system32\MRT
2015-08-13 03:00 - 2013-11-29 16:41 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-13 02:01 - 2015-05-20 16:53 - 00000000 ____D C:\Users\Chef\AppData\Local\MyComGames
2015-08-09 14:34 - 2015-07-10 19:29 - 00000000 ____D C:\$Windows.~BT
2015-08-09 12:19 - 2013-12-06 14:49 - 00000000 ____D C:\ProgramData\Package Cache
2015-08-08 16:04 - 2015-05-03 19:18 - 00000000 ____D C:\Users\Chef\AppData\Local\Freenet
2015-08-08 11:25 - 2015-02-18 04:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-08 11:25 - 2013-11-29 09:16 - 00000000 ____D C:\Program Files (x86)\Google
2015-08-08 11:23 - 2015-04-06 14:28 - 00000000 ___SD C:\Windows\system32\GWX
2015-08-03 12:12 - 2014-06-24 14:14 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2014-04-04 21:05 - 2014-04-04 21:05 - 0000624 _____ () C:\Users\Chef\AppData\Roaming\All CPU MeterV3_Settings.ini
2014-10-13 17:48 - 2015-07-10 17:32 - 0001456 _____ () C:\Users\Chef\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2014-04-06 16:15 - 2015-07-19 00:51 - 0017920 _____ () C:\Users\Chef\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-25 04:17 - 2014-11-25 04:17 - 0000600 _____ () C:\Users\Chef\AppData\Local\PUTTY.RND
2014-08-10 20:31 - 2014-08-10 20:31 - 0002143 _____ () C:\Users\Chef\AppData\Local\recently-used.xbel
2008-02-05 14:28 - 2008-02-05 14:28 - 0000051 _____ () C:\Users\Chef\AppData\Local\setup.txt
Einige Dateien in TEMP:
====================
C:\Users\Chef\AppData\Local\Temp\avgnt.exe
C:\Users\Chef\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
nointegritychecks: ==> "IntegrityChecks" ist deaktiviert. <===== ACHTUNG
LastRegBack: 2015-08-22 15:34
==================== Ende von FRST.txt ============================
gruß, rock |
|
30.08.2015, 11:29
| #10 |
| /// the machine /// TB-Ausbilder | Win32 Dateien verschieben und löschen sich Virus ggf Trojaner Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
30.08.2015, 16:43
| #11 |
| | Win32 Dateien verschieben und löschen sich Virus ggf Trojaner Hab ich doch schon alles gestern gemacht? Wieso jetzt noch mal. |
|
31.08.2015, 07:11
| #12 |
| /// the machine /// TB-Ausbilder | Win32 Dateien verschieben und löschen sich Virus ggf Trojaner lol, mein Fehler, aus irgend einem Grund hab ich den falschen Baustein erwischt und nicht mehr kontrolliert. Sorry  ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
31.08.2015, 23:08
| #13 |
| | Win32 Dateien verschieben und löschen sich Virus ggf Trojaner Danke, ist nichts mehr drauf. |
|
01.09.2015, 17:33
| #14 |
| /// the machine /// TB-Ausbilder | Win32 Dateien verschieben und löschen sich Virus ggf Trojaner Logfiles zu den Scans?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Win32 Dateien verschieben und löschen sich Virus ggf Trojaner |
| angeblich, arbeitsspeicher, dateien, fenster, gelöscht, heute, hilfe, links, längerem, löschen, prozess, sched.exe, sekunden, system, troja, trojane, trojaner, trojaner virus hilfe, ultima, ultimate, verbraucht, vermutung, verschieben, virus, win, win32, win7 |
WARNUNG an die MITLESER: 
Linear-Darstellung
