| |
| |||||||
Log-Analyse und Auswertung: Trojaner von Avira gefunden (EXP/Java.HLP.CJ und TR/ATRAPS.Gen2). Windows 7 64 BitWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
02.09.2015, 19:03
| #1 |
| |  Trojaner von Avira gefunden (EXP/Java.HLP.CJ und TR/ATRAPS.Gen2). Windows 7 64 Bit Hallo liebe Trojaner-Profis! Vor einigen Wochen spielte mein Rechner ungefragt Sounds ab (Kichern, Trommelwirbel), die nicht durch Werbeanzeigen verursacht wurden. Daraufhin lud ich mir bei chip.de eine Software zum erkennen von Trojanern herunter (Spybot S&D). Diese fand allerdings nichts. Avira meldete allerdings beim Scan 2 Trojaner: --> TR/ATRAPS.Gen2 diesen verfrachtete ich in Quarantäne und löschte ihn anschließend. Ein paar Minuten später kam erneut eine Meldung --> EXP/Java.HLP.CJ Dies lies sich allerdings meiner Meinung nach nicht löschen. Es wäre wirklich total super, wenn ihr mir helfen könntet! Liebe Grüße Juli Hier die Logfiles: GMER Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-09-02 18:22:01
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-22ZCT0 rev.11.01A11 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\Juli\AppData\Local\Temp\kxldypod.sys
---- User code sections - GMER 2.1 ----
.text C:\Users\Juli\Downloads\Defogger.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077501401 2 bytes JMP 7732b20b C:\Windows\syswow64\kernel32.dll
.text C:\Users\Juli\Downloads\Defogger.exe[2648] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077501419 2 bytes JMP 7732b336 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Juli\Downloads\Defogger.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077501431 2 bytes JMP 773a8f39 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Juli\Downloads\Defogger.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007750144a 2 bytes CALL 77304885 C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Users\Juli\Downloads\Defogger.exe[2648] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000775014dd 2 bytes JMP 773a8832 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Juli\Downloads\Defogger.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000775014f5 2 bytes JMP 773a8a08 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Juli\Downloads\Defogger.exe[2648] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007750150d 2 bytes JMP 773a8728 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Juli\Downloads\Defogger.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077501525 2 bytes JMP 773a8af2 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Juli\Downloads\Defogger.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007750153d 2 bytes JMP 7731fc98 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Juli\Downloads\Defogger.exe[2648] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077501555 2 bytes JMP 773268df C:\Windows\syswow64\kernel32.dll
.text C:\Users\Juli\Downloads\Defogger.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007750156d 2 bytes JMP 773a8ff1 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Juli\Downloads\Defogger.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077501585 2 bytes JMP 773a8b52 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Juli\Downloads\Defogger.exe[2648] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007750159d 2 bytes JMP 773a86ec C:\Windows\syswow64\kernel32.dll
.text C:\Users\Juli\Downloads\Defogger.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000775015b5 2 bytes JMP 7731fd31 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Juli\Downloads\Defogger.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000775015cd 2 bytes JMP 7732b2cc C:\Windows\syswow64\kernel32.dll
.text C:\Users\Juli\Downloads\Defogger.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000775016b2 2 bytes JMP 773a8eb4 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Juli\Downloads\Defogger.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000775016bd 2 bytes JMP 773a8681 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE[3932] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000077308769 4 bytes JMP 0000000163f668d3
.text C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE[3932] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 00000000754e6143 5 bytes JMP 0000000164c5dda2
.text C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE[3932] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 00000000770c3e59 5 bytes JMP 00000001643351ee
.text C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE[3932] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 00000000770c3eae 5 bytes JMP 000000016433515f
.text C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE[3932] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 00000000770c4731 5 bytes JMP 0000000164268abb
.text C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE[3932] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 00000000770c5dee 5 bytes JMP 000000016421e63e
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0022f7170152
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0022f7170152@1886ac84f659 0x7A 0x9E 0xA9 0xB1 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0022f7170152 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0022f7170152@1886ac84f659 0x7A 0x9E 0xA9 0xB1 ...
---- EOF - GMER 2.1 ----
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:31-08-2015
durchgeführt von Juli (Administrator) auf JULI-PC (02-09-2015 18:08:45)
Gestartet von C:\Users\Juli\Downloads
Geladene Profile: Juli (Verfügbare Profile: Juli & Juni)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
() C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Spotify Ltd) C:\Users\Juli\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Acer) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Computer, Inc.) C:\Program Files (x86)\QuickTime\qttask.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Users\Juli\Downloads\Defogger.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [828960 2009-08-06] (Acer Incorporated)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1157640 2009-08-18] (Dritek System Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe [262912 2009-08-21] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [RemoteControl8] => C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2009-07-07] (cyberlink)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2010-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [NavRegReminder] => "C:\Windows\temp\NavBrowser.exe" /r /i "C:\Windows\temp\NavLoad.ini" <===== ACHTUNG
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\qttask.exe [98304 2014-12-12] (Apple Computer, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [348664 2015-08-28] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$a27aeda80de6706d5c57228b2534e92f\n.ACHTUNG! ====> ZeroAccess?
HKU\S-1-5-21-316069657-1248085923-330337535-1000\...\Run: [Spotify Web Helper] => C:\Users\Juli\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-08-25] (Spotify Ltd)
HKU\S-1-5-21-316069657-1248085923-330337535-1000\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-316069657-1248085923-330337535-1000\$a27aeda80de6706d5c57228b2534e92f\n.ACHTUNG! ====> ZeroAccess?
Startup: C:\Users\Juli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\de_cleaner_kaspersky.lnk [2011-06-06]
ShortcutTarget: de_cleaner_kaspersky.lnk -> C:\Users\Juli\Desktop\Sonstiges\verschiedenes\DE-Cleaner powered by Kaspersky\de_cleaner_kaspersky\startup.exe ()
Startup: C:\Users\Juli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2011-05-29]
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2
Tcpip\..\Interfaces\{53EE9F0E-DC76-4C0D-A8FB-271F8A83D394}: [NameServer] 192.168.178.1
Tcpip\..\Interfaces\{EDEDC91C-66CE-4780-8FCD-F6E838488141}: [DhcpNameServer] 192.168.0.1 192.168.0.2
Internet Explorer:
==================
HKU\S-1-5-21-316069657-1248085923-330337535-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-316069657-1248085923-330337535-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=enlj65&r=27360610q065l0304z115f4872t45p
HKU\S-1-5-21-316069657-1248085923-330337535-1000\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
URLSearchHook: HKU\S-1-5-21-316069657-1248085923-330337535-1000 -> Standard = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKU\S-1-5-21-316069657-1248085923-330337535-1000 - ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
SearchScopes: HKU\S-1-5-21-316069657-1248085923-330337535-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_deDE384
SearchScopes: HKU\S-1-5-21-316069657-1248085923-330337535-1000 -> {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKU\S-1-5-21-316069657-1248085923-330337535-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_deDE384
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-09-22] (Adobe Systems Incorporated)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22] (Adobe Systems Incorporated)
BHO-x32: Kein Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> Keine Datei
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-08-16] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-05-29] (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll [2010-03-28] (ICQ)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll [2009-02-06] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll [2009-02-06] (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-08-16] (Skype Technologies S.A.)
FireFox:
========
FF ProfilePath: C:\Users\Juli\AppData\Roaming\Mozilla\Firefox\Profiles\be74m3z6.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-05-29] (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8064.0206 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-02-06] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-27] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-12-12] (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-12-12] (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-12-12] (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-12-12] (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-12-12] (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2014-12-12] (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2014-12-12] (Apple Computer, Inc.)
FF SearchPlugin: C:\Users\Juli\AppData\Roaming\Mozilla\Firefox\Profiles\be74m3z6.default\searchplugins\duckduckgo.xml [2014-07-22]
FF Extension: Kein Name - C:\Users\Juli\AppData\Roaming\Mozilla\Firefox\Profiles\be74m3z6.default\Extensions\firefox@ghostery.com.xpi [2013-10-15]
FF Extension: Kein Name - C:\Users\Juli\AppData\Roaming\Mozilla\Firefox\Profiles\be74m3z6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-01-04]
FF Extension: Click to call with Skype - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-08-12]
FF HKU\S-1-5-21-316069657-1248085923-330337535-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Juli\AppData\Roaming\Mozilla\Firefox\Profiles\be74m3z6.default\extensions\cliqz@cliqz.com
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2015-08-28] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2015-08-28] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [844320 2009-08-06] (Acer Incorporated)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2010-06-20] (Macrovision Europe Ltd.) [Datei ist nicht signiert]
R2 Greg_Service; C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe [1150496 2009-06-04] (Acer Incorporated)
R2 ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [246520 2010-03-28] ()
S3 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [62720 2009-08-21] (NewTech Infosystems, Inc.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [240160 2009-07-04] (Acer)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R1 75168101; C:\Windows\System32\DRIVERS\75168101.sys [157712 2009-09-25] (Kaspersky Lab)
R0 75168102; C:\Windows\System32\DRIVERS\75168102.sys [40464 2009-10-22] (Kaspersky Lab)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2015-08-28] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2015-08-28] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2011-10-11] (Avira GmbH)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (CSR, plc)
R1 de_cleaner_kasperskydrv; C:\Windows\System32\DRIVERS\7516810.sys [352784 2009-10-09] (Kaspersky Lab)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [146928 2009-07-07] (CyberLink Corp.)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-09-02 18:08 - 2015-09-02 18:09 - 00018736 _____ C:\Users\Juli\Downloads\FRST.txt
2015-09-02 18:08 - 2015-09-02 18:08 - 00000000 ____D C:\FRST
2015-09-02 18:07 - 2015-09-02 18:08 - 02188800 _____ (Farbar) C:\Users\Juli\Downloads\FRST64.exe
2015-09-02 18:06 - 2015-09-02 18:06 - 00000470 _____ C:\Users\Juli\Downloads\defogger_disable.log
2015-09-02 18:06 - 2015-09-02 18:06 - 00000000 _____ C:\Users\Juli\defogger_reenable
2015-09-02 18:04 - 2015-09-02 18:04 - 00050477 _____ C:\Users\Juli\Downloads\Defogger.exe
2015-09-02 17:18 - 2015-09-02 17:19 - 00000000 ____D C:\Users\Juli\Desktop\PraktikumPflanze1
2015-09-01 10:39 - 2015-09-01 10:39 - 00000000 ___RD C:\Users\Juli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
2015-08-31 22:47 - 2015-08-31 22:50 - 155835672 _____ (Apple Inc.) C:\Users\Juli\Downloads\iTunes6464Setup(1).exe
2015-08-28 09:36 - 2015-08-28 09:36 - 00000000 ____D C:\Users\Juli\AppData\Roaming\Avira
2015-08-28 09:35 - 2015-08-28 13:23 - 00132832 _____ (Avira GmbH) C:\Windows\system32\Drivers\avipbb.sys
2015-08-28 09:35 - 2015-08-28 13:23 - 00098848 _____ (Avira GmbH) C:\Windows\system32\Drivers\avgntflt.sys
2015-08-28 09:35 - 2015-08-28 09:35 - 00002078 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2015-08-28 09:35 - 2015-08-28 09:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-08-28 09:35 - 2015-08-28 09:35 - 00000000 ____D C:\ProgramData\Avira
2015-08-28 09:35 - 2015-08-28 09:35 - 00000000 ____D C:\Program Files (x86)\Avira
2015-08-28 09:35 - 2011-10-11 15:00 - 00027760 _____ (Avira GmbH) C:\Windows\system32\Drivers\avkmgr.sys
2015-08-28 09:32 - 2009-06-10 23:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20150828-093233.backup
2015-08-26 10:56 - 2015-08-26 10:56 - 00002984 _____ C:\Users\Juli\Downloads\Wandervorschläge.html
2015-08-20 21:45 - 2015-08-11 03:20 - 25191936 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-20 21:45 - 2015-08-11 03:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-20 21:45 - 2015-08-11 02:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-20 21:45 - 2015-08-11 02:20 - 19871232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-20 15:52 - 2015-08-20 15:52 - 00000000 ____D C:\usr
2015-08-13 14:54 - 2015-08-31 10:26 - 00078774 _____ C:\Windows\PFRO.log
2015-08-12 19:37 - 2015-07-30 15:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 19:37 - 2015-07-30 15:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 18:40 - 2015-08-12 18:40 - 00000000 ____D C:\Users\Juli\AppData\Local\CEF
2015-08-12 16:11 - 2015-08-12 16:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-12 14:25 - 2015-07-28 22:09 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-12 14:25 - 2015-07-28 22:05 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-12 14:25 - 2015-07-28 22:05 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-12 14:25 - 2015-07-28 22:05 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-12 14:25 - 2015-07-28 22:05 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-12 14:25 - 2015-07-28 22:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-12 14:25 - 2015-07-28 22:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-12 14:25 - 2015-07-28 21:55 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-12 14:25 - 2015-07-15 20:15 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-12 14:25 - 2015-07-15 20:12 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-12 14:25 - 2015-07-15 20:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-08-12 14:25 - 2015-07-15 19:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-08-12 14:24 - 2015-07-21 02:39 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-12 14:24 - 2015-07-21 02:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-08-12 14:24 - 2015-07-16 22:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-08-12 14:24 - 2015-07-16 22:37 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-12 14:24 - 2015-07-16 22:36 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-12 14:24 - 2015-07-16 22:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-12 14:24 - 2015-07-16 22:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-08-12 14:24 - 2015-07-16 22:35 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-12 14:24 - 2015-07-16 22:35 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-12 14:24 - 2015-07-16 22:27 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-12 14:24 - 2015-07-16 22:26 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-12 14:24 - 2015-07-16 22:26 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-12 14:24 - 2015-07-16 22:23 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-12 14:24 - 2015-07-16 22:21 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-12 14:24 - 2015-07-16 22:21 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-12 14:24 - 2015-07-16 22:21 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-12 14:24 - 2015-07-16 22:21 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-08-12 14:24 - 2015-07-16 22:12 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-12 14:24 - 2015-07-16 22:08 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-12 14:24 - 2015-07-16 22:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-12 14:24 - 2015-07-16 21:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-12 14:24 - 2015-07-16 21:54 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-12 14:24 - 2015-07-16 21:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-12 14:24 - 2015-07-16 21:51 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-12 14:24 - 2015-07-16 21:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-08-12 14:24 - 2015-07-16 21:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-12 14:24 - 2015-07-16 21:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-08-12 14:24 - 2015-07-16 21:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-08-12 14:24 - 2015-07-16 21:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-12 14:24 - 2015-07-16 21:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-08-12 14:24 - 2015-07-16 21:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-08-12 14:24 - 2015-07-16 21:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-12 14:24 - 2015-07-16 21:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-12 14:24 - 2015-07-16 21:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-08-12 14:24 - 2015-07-16 21:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-08-12 14:24 - 2015-07-16 21:36 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-12 14:24 - 2015-07-16 21:35 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-12 14:24 - 2015-07-16 21:34 - 14451200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-12 14:24 - 2015-07-16 21:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-08-12 14:24 - 2015-07-16 21:32 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-12 14:24 - 2015-07-16 21:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-12 14:24 - 2015-07-16 21:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-08-12 14:24 - 2015-07-16 21:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-08-12 14:24 - 2015-07-16 21:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-12 14:24 - 2015-07-16 21:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-12 14:24 - 2015-07-16 21:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-12 14:24 - 2015-07-16 21:12 - 02427904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-12 14:24 - 2015-07-16 21:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-12 14:24 - 2015-07-16 21:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-12 14:24 - 2015-07-16 21:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-12 14:24 - 2015-07-16 21:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-08-12 14:24 - 2015-07-16 21:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-12 14:24 - 2015-07-16 20:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-12 14:24 - 2015-07-16 20:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-12 14:24 - 2015-07-16 20:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-12 14:24 - 2015-07-16 20:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-08-12 14:24 - 2015-07-15 20:15 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-12 14:24 - 2015-07-15 20:15 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-12 14:24 - 2015-07-15 20:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-12 14:24 - 2015-07-15 20:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-08-12 14:24 - 2015-07-15 20:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-08-12 14:24 - 2015-07-15 20:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-08-12 14:24 - 2015-07-15 20:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-12 14:24 - 2015-07-15 20:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-08-12 14:24 - 2015-07-15 20:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-12 14:24 - 2015-07-15 20:10 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-12 14:24 - 2015-07-15 20:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-12 14:24 - 2015-07-15 20:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-12 14:24 - 2015-07-15 20:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-12 14:24 - 2015-07-15 20:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-08-12 14:24 - 2015-07-15 20:10 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-12 14:24 - 2015-07-15 20:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-12 14:24 - 2015-07-15 20:10 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-12 14:24 - 2015-07-15 20:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-12 14:24 - 2015-07-15 20:10 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-12 14:24 - 2015-07-15 20:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-12 14:24 - 2015-07-15 20:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-12 14:24 - 2015-07-15 20:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-12 14:24 - 2015-07-15 20:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-12 14:24 - 2015-07-15 20:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-12 14:24 - 2015-07-15 20:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-12 14:24 - 2015-07-15 20:10 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-12 14:24 - 2015-07-15 20:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-12 14:24 - 2015-07-15 20:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-12 14:24 - 2015-07-15 20:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-08-12 14:24 - 2015-07-15 20:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-12 14:24 - 2015-07-15 20:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-08-12 14:24 - 2015-07-15 20:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-12 14:24 - 2015-07-15 20:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-12 14:24 - 2015-07-15 20:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-12 14:24 - 2015-07-15 20:00 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-12 14:24 - 2015-07-15 20:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-12 14:24 - 2015-07-15 20:00 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-12 14:24 - 2015-07-15 20:00 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-12 14:24 - 2015-07-15 20:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-12 14:24 - 2015-07-15 20:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-12 14:24 - 2015-07-15 20:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-12 14:24 - 2015-07-15 20:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-12 14:24 - 2015-07-15 20:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-12 14:24 - 2015-07-15 20:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-12 14:24 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-12 14:24 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-12 14:24 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-12 14:24 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-12 14:24 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-12 14:24 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-12 14:24 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-12 14:24 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-12 14:24 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-12 14:24 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-12 14:24 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-12 14:24 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-12 14:24 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-12 14:24 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-12 14:24 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-12 14:24 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-12 14:24 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-12 14:24 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-12 14:24 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-12 14:24 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-12 14:24 - 2015-07-15 19:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-08-12 14:24 - 2015-07-15 19:56 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-12 14:24 - 2015-07-15 19:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-08-12 14:24 - 2015-07-15 19:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-08-12 14:24 - 2015-07-15 19:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-08-12 14:24 - 2015-07-15 19:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-08-12 14:24 - 2015-07-15 19:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-08-12 14:24 - 2015-07-15 19:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-12 14:24 - 2015-07-15 19:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-12 14:24 - 2015-07-15 19:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-08-12 14:24 - 2015-07-15 19:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-08-12 14:24 - 2015-07-15 19:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-08-12 14:24 - 2015-07-15 19:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-08-12 14:24 - 2015-07-15 19:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-08-12 14:24 - 2015-07-15 19:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-08-12 14:24 - 2015-07-15 19:53 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-12 14:24 - 2015-07-15 19:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-08-12 14:24 - 2015-07-15 19:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-08-12 14:24 - 2015-07-15 19:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-08-12 14:24 - 2015-07-15 19:53 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-08-12 14:24 - 2015-07-15 19:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-08-12 14:24 - 2015-07-15 19:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-08-12 14:24 - 2015-07-15 19:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-08-12 14:24 - 2015-07-15 19:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-08-12 14:24 - 2015-07-15 19:44 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-12 14:24 - 2015-07-15 19:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-12 14:24 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-12 14:24 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-12 14:24 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-12 14:24 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-12 14:24 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-12 14:24 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-12 14:24 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-12 14:24 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-12 14:24 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-12 14:24 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-12 14:24 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-12 14:24 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-12 14:24 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-12 14:24 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-12 14:24 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-12 14:24 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-12 14:24 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-12 14:24 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-12 14:24 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-12 14:24 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-12 14:24 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-12 14:24 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-12 14:24 - 2015-07-15 18:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-12 14:24 - 2015-07-15 18:46 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-12 14:24 - 2015-07-15 18:46 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-12 14:24 - 2015-07-15 18:37 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-08-12 14:24 - 2015-07-15 18:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-08-12 14:24 - 2015-07-15 18:34 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-12 14:24 - 2015-07-15 18:34 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-12 14:24 - 2015-07-15 18:34 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-12 14:24 - 2015-07-15 18:34 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-12 14:24 - 2015-07-15 05:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-12 14:24 - 2015-07-10 19:51 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-12 14:24 - 2015-07-10 19:51 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-08-12 14:24 - 2015-07-10 19:51 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-12 14:24 - 2015-07-10 19:34 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-12 14:24 - 2015-07-10 19:34 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-08-12 14:24 - 2015-07-10 19:33 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-08-12 14:23 - 2015-07-30 20:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-12 14:23 - 2015-07-30 20:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-12 14:23 - 2015-07-30 20:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-12 14:23 - 2015-07-30 20:06 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-12 14:23 - 2015-07-30 20:06 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-12 14:23 - 2015-07-30 20:06 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-12 14:23 - 2015-07-30 20:06 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-12 14:23 - 2015-07-30 19:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-12 14:23 - 2015-07-30 19:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-12 14:23 - 2015-07-30 19:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-08-12 14:23 - 2015-07-30 19:57 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-12 14:23 - 2015-07-30 19:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-08-12 14:23 - 2015-07-30 19:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-08-12 14:23 - 2015-07-30 18:56 - 03208192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-12 14:23 - 2015-07-30 18:52 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-12 14:23 - 2015-07-30 18:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-12 14:23 - 2015-07-20 20:12 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-12 14:23 - 2015-07-20 20:12 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-12 14:23 - 2015-07-20 20:12 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-12 14:23 - 2015-07-20 20:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-12 14:23 - 2015-07-20 20:12 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-12 14:23 - 2015-07-20 20:12 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-12 14:23 - 2015-07-20 20:12 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-12 14:23 - 2015-07-20 20:12 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-12 14:23 - 2015-07-20 20:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-12 14:23 - 2015-07-20 20:12 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-12 14:23 - 2015-07-20 20:12 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-12 14:23 - 2015-07-20 19:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-12 14:23 - 2015-07-20 19:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-12 14:23 - 2015-07-20 19:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-12 14:23 - 2015-07-20 19:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-12 14:23 - 2015-07-20 19:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-08-12 14:23 - 2015-07-15 05:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-12 14:23 - 2015-07-15 05:19 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-12 14:23 - 2015-07-15 05:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-12 14:23 - 2015-07-15 05:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-12 14:23 - 2015-07-15 04:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-12 14:23 - 2015-07-15 04:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-12 14:23 - 2015-07-15 04:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-08-12 14:23 - 2015-07-15 04:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-08-12 14:23 - 2015-07-10 19:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-12 14:23 - 2015-07-10 19:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-12 14:23 - 2015-07-09 19:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-12 14:23 - 2015-07-09 19:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-12 14:23 - 2015-07-09 19:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-12 14:23 - 2015-07-01 22:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-12 14:23 - 2015-07-01 22:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-12 14:23 - 2015-07-01 22:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-12 14:23 - 2015-07-01 22:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-12 14:22 - 2015-05-09 20:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-08-09 22:42 - 2015-09-01 16:10 - 00002870 _____ C:\Windows\setupact.log
2015-08-09 22:42 - 2015-08-09 22:42 - 00000000 _____ C:\Windows\setuperr.log
2015-08-09 13:14 - 2015-08-28 09:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-08-09 13:14 - 2015-08-28 09:39 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-08-09 13:14 - 2015-08-09 13:16 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-08-09 13:14 - 2015-08-09 13:14 - 00001403 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-08-09 13:14 - 2015-08-09 13:14 - 00001391 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-08-09 13:14 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-08-09 13:08 - 2015-08-09 13:08 - 01199392 _____ C:\Users\Juli\Downloads\SpyBot Search Destroy - CHIP-Installer.exe
2015-08-06 17:16 - 2015-08-31 21:38 - 00000000 ____D C:\Users\Juli\AppData\Roaming\Apple Computer
2015-08-06 17:16 - 2015-08-06 17:16 - 00000000 ____D C:\Users\Juli\AppData\Local\Apple Computer
2015-08-06 17:16 - 2015-08-06 17:16 - 00000000 ____D C:\ProgramData\Apple Computer
2015-08-06 17:14 - 2015-08-06 17:16 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-08-06 17:14 - 2015-08-06 17:14 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-08-06 17:14 - 2015-08-06 17:14 - 00000000 ____D C:\Users\Juli\AppData\Local\Apple
2015-08-06 17:14 - 2015-08-06 17:14 - 00000000 ____D C:\Program Files\Bonjour
2015-08-06 17:14 - 2015-08-06 17:14 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-08-06 17:14 - 2015-08-06 17:14 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-08-06 17:13 - 2015-08-06 17:14 - 00000000 ____D C:\ProgramData\Apple
2015-08-06 17:11 - 2015-08-06 17:13 - 155875632 _____ (Apple Inc.) C:\Users\Juli\Downloads\iTunes6464Setup.exe
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-09-02 18:06 - 2010-06-20 16:44 - 00000000 ____D C:\Users\Juli
2015-09-02 17:42 - 2012-12-30 16:47 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-02 17:39 - 2010-07-04 12:45 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-02 17:15 - 2009-07-14 06:45 - 00014592 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-02 17:15 - 2009-07-14 06:45 - 00014592 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-02 17:13 - 2010-06-20 16:31 - 01917505 _____ C:\Windows\WindowsUpdate.log
2015-09-02 09:50 - 2010-07-04 12:45 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-01 16:12 - 2010-06-21 02:18 - 00699682 _____ C:\Windows\system32\perfh007.dat
2015-09-01 16:12 - 2010-06-21 02:18 - 00149790 _____ C:\Windows\system32\perfc007.dat
2015-09-01 16:12 - 2009-07-14 07:13 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-01 15:41 - 2011-06-25 13:00 - 00007598 _____ C:\Users\Juli\AppData\Local\resmon.resmoncfg
2015-09-01 10:38 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-31 13:04 - 2014-08-31 18:36 - 00000000 ____D C:\Users\Juli\Desktop\Sonstiges
2015-08-27 20:34 - 2010-07-04 12:45 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-27 20:34 - 2010-07-04 12:45 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-26 18:41 - 2013-07-14 17:03 - 00000000 ____D C:\Users\Juli\AppData\Roaming\Spotify
2015-08-26 18:36 - 2013-07-14 17:07 - 00000000 ____D C:\Users\Juli\AppData\Local\Spotify
2015-08-13 16:33 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-08-13 14:57 - 2009-07-14 06:45 - 00404824 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-13 14:54 - 2015-04-17 09:55 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-13 14:54 - 2014-05-06 23:22 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-12 19:37 - 2014-12-30 00:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-12 19:35 - 2014-12-30 00:11 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-12 19:35 - 2014-12-30 00:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-12 19:32 - 2009-08-28 06:43 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-12 19:23 - 2013-08-15 11:24 - 00000000 ____D C:\Windows\system32\MRT
2015-08-12 19:16 - 2011-11-07 16:00 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-12 16:51 - 2013-01-03 14:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-12 16:51 - 2011-12-07 13:16 - 00001764 _____ C:\Windows\wininit.ini
2015-08-12 16:43 - 2012-12-30 16:47 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-12 16:43 - 2012-12-30 16:47 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-12 16:43 - 2012-12-30 16:47 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-11 15:30 - 2014-11-23 19:19 - 00000000 __SHD C:\Users\Juli\AppData\Local\EmieBrowserModeList
2015-08-11 15:30 - 2014-04-29 21:03 - 00000000 __SHD C:\Users\Juli\AppData\Local\EmieUserList
2015-08-11 15:30 - 2014-04-29 21:03 - 00000000 __SHD C:\Users\Juli\AppData\Local\EmieSiteList
2015-08-09 13:06 - 2013-11-05 00:17 - 00000000 ____D C:\Windows\Minidump
2015-08-07 09:54 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2009-08-28 06:35 - 2008-06-11 17:12 - 0776614 _____ () C:\Program Files (x86)\Common Files\packardbell.ico
2010-08-10 18:56 - 2015-02-25 14:51 - 0010426 _____ () C:\Users\Juli\AppData\Roaming\wklnhst.dat
2012-02-15 19:09 - 2012-02-15 19:09 - 0003584 _____ () C:\Users\Juli\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-06-25 13:00 - 2015-09-01 15:41 - 0007598 _____ () C:\Users\Juli\AppData\Local\resmon.resmoncfg
2009-08-28 06:36 - 2009-07-18 03:57 - 0036136 _____ (Oberon Media) C:\ProgramData\FullRemove.exe
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-316069657-1248085923-330337535-1000\$a27aeda80de6706d5c57228b2534e92f
ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$a27aeda80de6706d5c57228b2534e92f
Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\Juli\vlc-1.1.0-win32.exe
Einige Dateien in TEMP:
====================
C:\Users\Juli\AppData\Local\Temp\AskSLib.dll
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
ACHTUNG: ====> ZeroAccess. Benutzen DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
LastRegBack: 2015-09-01 12:13
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:31-08-2015
durchgeführt von Juli (2015-09-02 18:09:56)
Gestartet von C:\Users\Juli\Downloads
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-316069657-1248085923-330337535-500 - Administrator - Disabled)
Gast (S-1-5-21-316069657-1248085923-330337535-501 - Limited - Disabled)
Juli (S-1-5-21-316069657-1248085923-330337535-1000 - Administrator - Enabled) => C:\Users\Juli
Juni (S-1-5-21-316069657-1248085923-330337535-1001 - Limited - Enabled) => C:\Users\Juni
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
ABI-TOUR (HKLM-x32\...\abitour) (Version: - )
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Acrobat 5.0 (HKLM-x32\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Photoshop Elements 7.0 (HKLM-x32\...\Adobe Photoshop Elements 7) (Version: 7.0.1 - Adobe Systems Incorporated)
Adobe Reader 9.4.1 - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-A94000000001}) (Version: 9.4.1 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Alice Greenfingers (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version: - Oberon Media)
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version: - Oberon Media)
Apple Application Support (32-Bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 12.1.9.2500 - Avira)
Backup Manager Basic (x32 Version: 2.0.0.22 - NewTech Infosystems) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 3.01 - Piriform)
Chicken Invaders 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}) (Version: - Oberon Media)
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
Cisco AnyConnect VPN Client (HKLM-x32\...\{C1EC4E2D-6F63-4806-B88E-7685B6EC186E}) (Version: 2.5.6005 - Cisco Systems, Inc.)
Click to Call with Skype (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8153 - Skype Technologies S.A.)
Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.22 - Cliqz.com)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.3201.50 - CyberLink Corp.)
Dairy Dash (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version: - Oberon Media)
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version: - Oberon Media)
Dropbox (HKU\S-1-5-21-316069657-1248085923-330337535-1000\...\Dropbox) (Version: 3.0.5 - Dropbox, Inc.)
EPSON Copy Utility (HKLM-x32\...\{B69CC1A5-0404-11D6-ABCB-005004C21D30}) (Version: - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
EPSON Smart Panel (HKLM-x32\...\{6C11D561-620B-47DA-A693-4C597F3CDF40}) (Version: - )
Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version: - Oberon Media)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
Granny In Paradise (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}) (Version: - Oberon Media)
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version: - Oberon Media)
ICQ Toolbar (HKLM-x32\...\ICQToolbar) (Version: 3.0.0 - ICQ)
ICQ7.2 (HKLM-x32\...\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}) (Version: 7.2 - ICQ)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3001 - Packard Bell)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)
Junk Mail filter update (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 3.0.03 - Packard Bell)
Merriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version: - Oberon Media)
Metaboli (HKLM-x32\...\Metaboli) (Version: 1.00.0006 - Packard Bell)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Language Pack 2007 - German/Deutsch (HKLM-x32\...\OMUI.de-de) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{62F7DA7E-CCCB-439C-A760-00C3926E761F}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 40.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 40.0 (x86 de)) (Version: 40.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.0.5696 - Mozilla)
MRIcro (remove only) (HKLM-x32\...\MRIcro) (Version: - )
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 9 Essentials (HKLM-x32\...\{62c03d48-3ad9-437c-a33c-a28d8104884b}) (Version: - Nero AG)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5 - Notepad++ Team)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.5 - NVIDIA Corporation)
OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
P2400P Reference Guide (HKLM-x32\...\P2400P Reference Guide) (Version: - )
Packard Bell GameZone Console (HKLM-x32\...\{9242564e-02e9-4ea8-9d2d-351f6f728e1c}_is1) (Version: 5.1.2.3 - Oberon Media, Inc.)
Packard Bell InfoCentre (HKLM-x32\...\Packard Bell InfoCentre) (Version: 3.02.3000 - Packard Bell)
Packard Bell MyBackup (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.22 - NewTech Infosystems)
Packard Bell Power Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3002 - Packard Bell)
Packard Bell Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3003 - Packard Bell)
Packard Bell Registration (HKLM-x32\...\Packard Bell Registration) (Version: 1.02.3004 - Packard Bell)
Packard Bell ScreenSaver (HKLM-x32\...\Packard Bell Screensaver) (Version: 1.4.0730 - Packard Bell Incorporated)
Packard Bell Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3014 - Packard Bell)
Perfect Effects Free 9 (HKLM-x32\...\Perfect Effects Free 9) (Version: 9.5.0 - on1)
QuickTime (HKLM-x32\...\QuickTime) (Version: - )
RasWin (remove only) (HKLM-x32\...\RasWin) (Version: - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30102 - Realtek Semiconductor Corp.)
ScanToWeb (HKLM-x32\...\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}) (Version: - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Spotify (HKU\S-1-5-21-316069657-1248085923-330337535-1000\...\Spotify) (Version: 1.0.12.161.g64b0797c - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Star Defender 4 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114803710}) (Version: - Oberon Media)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.2.0 - Synaptics Incorporated)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VLC media player 1.1.0 (HKLM-x32\...\VLC media player) (Version: 1.1.0 - VideoLAN)
Welcome Center (HKLM-x32\...\Packard Bell Welcome Center) (Version: 1.00.3005 - Packard Bell)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8064.0206 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{ED636101-1959-4360-8BF7-209436E7DEE4}) (Version: 14.0.8064.206 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Winmail Opener 1.4 (HKLM-x32\...\Winmail Opener) (Version: 1.4 - Eolsoft)
XnView 2.13 (HKLM-x32\...\XnView_is1) (Version: 2.13 - Gougelet Pierre-e)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-316069657-1248085923-330337535-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Juli\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-316069657-1248085923-330337535-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Juli\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-316069657-1248085923-330337535-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Juli\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-316069657-1248085923-330337535-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Juli\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-316069657-1248085923-330337535-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Juli\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-316069657-1248085923-330337535-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Juli\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-316069657-1248085923-330337535-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Juli\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-316069657-1248085923-330337535-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Juli\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-316069657-1248085923-330337535-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Juli\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-316069657-1248085923-330337535-1000_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> C:\$Recycle.Bin ()
==================== Wiederherstellungspunkte =========================
31-08-2015 21:41:51 Removed iTunes
==================== Hosts Inhalt: ==========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 04:34 - 2015-08-28 09:32 - 00450709 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
Da befinden sich 1000 zusätzliche Einträge.
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {0F9AB813-58C7-48E0-918B-56DE9D8D910E} - System32\Tasks\{541777F7-8AF9-48F8-86BA-896606CE5043} => pcalua.exe -a C:\Users\Public\Documents\SimpleWebcamRecorder1.0.exe -d C:\Users\Juli\Desktop
Task: {1BC1371D-AB14-4611-875B-6141A76F56C8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12] (Adobe Systems Incorporated)
Task: {AE8EF2D9-3971-465C-8C0F-22A970F308F3} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Packard Bell\Packard Bell Recovery Management\NotificationCenter\Notification.exe [2009-07-09] (Acer)
Task: {B016AAF9-7EC8-4DF0-963A-A78D99E6A82C} - System32\Tasks\{F6379006-F0C0-46E9-891E-B923DBBB8F2A} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {B3CE9D9A-6010-44FD-B40C-292D9C729CB9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {BCC9E9AC-FBC3-4FA0-AF9C-2A82AB8B0137} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {D49AD1E9-7360-4FEF-9A6A-4FF30A8F9AAB} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] ()
Task: {DD2FF97E-D99C-48DD-94C5-8CFB59F59BA8} - System32\Tasks\{BE5CB3E6-6FF6-4249-BACC-2C67F7782A6E} => pcalua.exe -a C:\Users\Juli\Downloads\epson12180.exe -d C:\Users\Juli\Downloads
Task: {E853A914-65CB-4864-A2A2-7A95B3B44178} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {FE11C171-AC5C-4885-89F8-B79A2ED7E3F4} - System32\Tasks\{5CB1ACC6-E1FE-48C2-A637-3985D189F1A1} => Firefox.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/en/abandoninstall?page=tsProgressBar
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-05-15 16:26 - 2015-05-15 16:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-06-20 17:52 - 2010-03-28 16:47 - 00246520 _____ () C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
2015-09-02 18:04 - 2015-09-02 18:04 - 00050477 _____ () C:\Users\Juli\Downloads\Defogger.exe
2015-08-28 09:35 - 2015-08-28 13:23 - 00398288 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2011-01-17 16:19 - 2011-05-29 21:08 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2015-08-09 13:14 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-08-09 13:14 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-08-09 13:14 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2009-02-03 02:33 - 2009-02-03 02:33 - 00460199 _____ () C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\ProgramData\Temp:1D32EC29
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
Da befinden sich 7865 mehr eingeschränkte Seiten.
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-316069657-1248085923-330337535-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Juli\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1 - 192.168.0.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
mpsdrv Firewall Dienst läuft nicht.
MpsSvc Firewall Dienst läuft nicht.
bfe Firewall Dienst läuft nicht.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Konnte Geräte nicht auflisten. Überprüfen Sie den "winmgmt" Dienst oder reparieren Sie den WMI.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (08/27/2015 03:41:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1186
Error: (08/27/2015 03:41:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1186
Error: (08/27/2015 03:41:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (08/17/2015 07:28:36 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (08/17/2015 01:51:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GWXUX.exe, Version: 6.3.9600.17923, Zeitstempel: 0x55945dbd
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18933, Zeitstempel: 0x55a6a196
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000004ac04
ID des fehlerhaften Prozesses: 0x7d8
Startzeit der fehlerhaften Anwendung: 0xGWXUX.exe0
Pfad der fehlerhaften Anwendung: GWXUX.exe1
Pfad des fehlerhaften Moduls: GWXUX.exe2
Berichtskennung: GWXUX.exe3
Error: (08/04/2015 01:30:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GWXUX.exe, Version: 6.3.9600.17923, Zeitstempel: 0x55945dbd
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18869, Zeitstempel: 0x556366f2
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000004ada4
ID des fehlerhaften Prozesses: 0x3b4
Startzeit der fehlerhaften Anwendung: 0xGWXUX.exe0
Pfad der fehlerhaften Anwendung: GWXUX.exe1
Pfad des fehlerhaften Moduls: GWXUX.exe2
Berichtskennung: GWXUX.exe3
Error: (07/27/2015 02:26:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GWXUX.exe, Version: 6.3.9600.17923, Zeitstempel: 0x55945dbd
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18869, Zeitstempel: 0x556366f2
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000004ada4
ID des fehlerhaften Prozesses: 0x8fc
Startzeit der fehlerhaften Anwendung: 0xGWXUX.exe0
Pfad der fehlerhaften Anwendung: GWXUX.exe1
Pfad des fehlerhaften Moduls: GWXUX.exe2
Berichtskennung: GWXUX.exe3
Error: (07/22/2015 03:22:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GWXUX.exe, Version: 6.3.9600.17923, Zeitstempel: 0x55945dbd
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18869, Zeitstempel: 0x556366f2
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000004ada4
ID des fehlerhaften Prozesses: 0xcd0
Startzeit der fehlerhaften Anwendung: 0xGWXUX.exe0
Pfad der fehlerhaften Anwendung: GWXUX.exe1
Pfad des fehlerhaften Moduls: GWXUX.exe2
Berichtskennung: GWXUX.exe3
Error: (07/22/2015 11:05:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GWXUX.exe, Version: 6.3.9600.17923, Zeitstempel: 0x55945dbd
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18869, Zeitstempel: 0x556366f2
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000004ada4
ID des fehlerhaften Prozesses: 0xe48
Startzeit der fehlerhaften Anwendung: 0xGWXUX.exe0
Pfad der fehlerhaften Anwendung: GWXUX.exe1
Pfad des fehlerhaften Moduls: GWXUX.exe2
Berichtskennung: GWXUX.exe3
Error: (07/21/2015 08:15:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GWXUX.exe, Version: 6.3.9600.17923, Zeitstempel: 0x55945dbd
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18869, Zeitstempel: 0x556366f2
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000004ada4
ID des fehlerhaften Prozesses: 0x4a8
Startzeit der fehlerhaften Anwendung: 0xGWXUX.exe0
Pfad der fehlerhaften Anwendung: GWXUX.exe1
Pfad des fehlerhaften Moduls: GWXUX.exe2
Berichtskennung: GWXUX.exe3
Systemfehler:
=============
Error: (09/01/2015 10:38:46 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "Spybot-S&D 2 Security Center Service" ist von folgendem Dienst abhängig: wscsvc. Dieser Dienst ist eventuell nicht installiert.
Error: (08/31/2015 10:26:58 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "Spybot-S&D 2 Security Center Service" ist von folgendem Dienst abhängig: wscsvc. Dieser Dienst ist eventuell nicht installiert.
Error: (08/28/2015 09:00:46 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "Spybot-S&D 2 Security Center Service" ist von folgendem Dienst abhängig: wscsvc. Dieser Dienst ist eventuell nicht installiert.
Error: (08/28/2015 09:00:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (08/28/2015 09:00:46 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.
Error: (08/27/2015 08:37:17 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "Spybot-S&D 2 Security Center Service" ist von folgendem Dienst abhängig: wscsvc. Dieser Dienst ist eventuell nicht installiert.
Error: (08/27/2015 08:37:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (08/27/2015 08:37:17 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.
Error: (08/26/2015 04:27:26 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "Spybot-S&D 2 Security Center Service" ist von folgendem Dienst abhängig: wscsvc. Dieser Dienst ist eventuell nicht installiert.
Error: (08/26/2015 04:27:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Microsoft Office:
=========================
Error: (08/27/2015 03:41:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1186
Error: (08/27/2015 03:41:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1186
Error: (08/27/2015 03:41:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (08/17/2015 07:28:36 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Juli\Downloads\SoftonicDownloader_fuer_endnote.exe
Error: (08/17/2015 01:51:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GWXUX.exe6.3.9600.1792355945dbdntdll.dll6.1.7601.1893355a6a196c0000005000000000004ac047d801d0d8e3084deadbC:\Windows\System32\GWX\GWXUX.exeC:\Windows\SYSTEM32\ntdll.dll4867cb1b-44d6-11e5-9e92-00235a82e795
Error: (08/04/2015 01:30:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GWXUX.exe6.3.9600.1792355945dbdntdll.dll6.1.7601.18869556366f2c0000005000000000004ada43b401d0cea90247e06cC:\Windows\System32\GWX\GWXUX.exeC:\Windows\SYSTEM32\ntdll.dll42527104-3a9c-11e5-91b5-00235a82e795
Error: (07/27/2015 02:26:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GWXUX.exe6.3.9600.1792355945dbdntdll.dll6.1.7601.18869556366f2c0000005000000000004ada48fc01d0c86780092d65C:\Windows\System32\GWX\GWXUX.exeC:\Windows\SYSTEM32\ntdll.dllbf2b0845-345a-11e5-a224-00235a82e795
Error: (07/22/2015 03:22:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GWXUX.exe6.3.9600.1792355945dbdntdll.dll6.1.7601.18869556366f2c0000005000000000004ada4cd001d0c4817b227b94C:\Windows\System32\GWX\GWXUX.exeC:\Windows\SYSTEM32\ntdll.dllb9a18462-3074-11e5-9f8f-00235a82e795
Error: (07/22/2015 11:05:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: GWXUX.exe6.3.9600.1792355945dbdntdll.dll6.1.7601.18869556366f2c0000005000000000004ada4e4801d0c45d7c65b8fdC:\Windows\System32\GWX\GWXUX.exeC:\Windows\SYSTEM32\ntdll.dllbb8f2009-3050-11e5-9f8f-00235a82e795
Error: (07/21/2015 08:15:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GWXUX.exe6.3.9600.1792355945dbdntdll.dll6.1.7601.18869556366f2c0000005000000000004ada44a801d0c3e13f2fd187C:\Windows\System32\GWX\GWXUX.exeC:\Windows\SYSTEM32\ntdll.dll7e834472-2fd4-11e5-8f0f-00235a82e795
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz
Prozentuale Nutzung des RAM: 48%
Installierter physikalischer RAM: 4093.98 MB
Verfügbarer physikalischer RAM: 2107.13 MB
Summe virtueller Speicher: 8186.16 MB
Verfügbarer virtueller Speicher: 6054.46 MB
==================== Laufwerke ================================
Drive c: (Packard Bell) (Fixed) (Total:97.65 GB) (Free:26.75 GB) NTFS
Drive d: (Daten) (Fixed) (Total:97.65 GB) (Free:26.67 GB) NTFS
Drive e: (Save) (Fixed) (Total:89.01 GB) (Free:20.13 GB) NTFS
Drive g: () (Removable) (Total:1.9 GB) (Free:1.36 GB) FAT
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: E0B68577)
Partition 1: (Not Active) - (Size=13.7 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=186.7 GB) - (Type=OF Extended)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1.9 GB) (Disk ID: E45C2B9C)
Partition 1: (Active) - (Size=1.9 GB) - (Type=06)
==================== Ende von Addition.txt ============================
Die Datei 'C:\Users\Juli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\477f4aa7-109f1395' enthielt einen Virus oder unerwünschtes Programm 'EXP/Java.HLP.CJ' [exploit]. Durchgeführte Aktion(en): Die Datei wurde gelöscht. In der Datei 'C:\Program Files (x86)\Google\Update\1.3.28.13\GOOPDATERES_DE.DLL' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern In der Datei 'C:\Program Files (x86)\Google\Update\1.3.28.13\GOOPDATERES_DE.DLL' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern In der Datei 'C:\Program Files (x86)\Google\Update\1.3.28.13\GOOPDATERES_DE.DLL' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern In der Datei 'C:\Program Files (x86)\Google\Update\1.3.28.13\GOOPDATERES_DE.DLL' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern In der Datei 'C:\PROGRAM FILES (X86)\Google\Update\1.3.28.13\GOOPDATERES_DE.DLL' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern In der Datei 'C:\PROGRAM FILES (X86)\Google\Update\1.3.28.13\GOOPDATERES_DE.DLL' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern In der Datei 'C:\Users\Juli\DOWNLOADS\perfect effects free - chip-installer.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern In der Datei 'C:\PROGRAM FILES (X86)\SPYBOT - SEARCH & DESTROY 2\SDSettings.exe' wurde ein Virus oder unerwünschtes Programm 'TR/ATRAPS.Gen2' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern In der Datei 'C:\PROGRAM FILES (X86)\SPYBOT - SEARCH & DESTROY 2\SDShell.exe' wurde ein Virus oder unerwünschtes Programm 'TR/ATRAPS.Gen2' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern In der Datei 'C:\PROGRAM FILES (X86)\SPYBOT - SEARCH & DESTROY 2\SDOnAccess.exe' wurde ein Virus oder unerwünschtes Programm 'TR/ATRAPS.Gen2' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern In der Datei 'C:\PROGRAM FILES (X86)\SPYBOT - SEARCH & DESTROY 2\SDPhoneScan.exe' wurde ein Virus oder unerwünschtes Programm 'TR/ATRAPS.Gen2' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern In der Datei 'C:\PROGRAM FILES (X86)\SPYBOT - SEARCH & DESTROY 2\SDQuarantine.exe' wurde ein Virus oder unerwünschtes Programm 'TR/ATRAPS.Gen2' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern In der Datei 'C:\PROGRAM FILES (X86)\SPYBOT - SEARCH & DESTROY 2\explorer.exe' wurde ein Virus oder unerwünschtes Programm 'TR/ATRAPS.Gen2' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern In der Datei 'C:\PROGRAM FILES (X86)\SPYBOT - SEARCH & DESTROY 2\SDCleaner.exe' wurde ein Virus oder unerwünschtes Programm 'TR/ATRAPS.Gen2' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern Die Datei 'C:\Program Files (x86)\Spybot - Search & Destroy 2\SDRootAlyzer.exe' enthielt einen Virus oder unerwünschtes Programm 'TR/ATRAPS.Gen2' [trojan]. Durchgeführte Aktion(en): Die Datei wurde gelöscht. Die Datei 'C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe' enthielt einen Virus oder unerwünschtes Programm 'TR/ATRAPS.Gen2' [trojan]. Durchgeführte Aktion(en): Die Datei wurde gelöscht. Die Datei 'C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe' enthielt einen Virus oder unerwünschtes Programm 'TR/ATRAPS.Gen2' [trojan]. Durchgeführte Aktion(en): Die Datei wurde gelöscht. Die Datei 'C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFiles.exe' enthielt einen Virus oder unerwünschtes Programm 'TR/ATRAPS.Gen2' [trojan]. Durchgeführte Aktion(en): Die Datei wurde gelöscht. In der Datei 'C:\Program Files (x86)\Google\Update\1.3.28.13\GOOPDATERES_DE.DLL' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern In der Datei 'C:\Program Files (x86)\Google\Update\1.3.28.13\GOOPDATERES_DE.DLL' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern |
|
02.09.2015, 20:52
| #2 |
| /// the machine /// TB-Ausbilder    | Trojaner von Avira gefunden (EXP/Java.HLP.CJ und TR/ATRAPS.Gen2). Windows 7 64 Bit hi,
__________________Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
03.09.2015, 09:49
| #3 |
| | Trojaner von Avira gefunden (EXP/Java.HLP.CJ und TR/ATRAPS.Gen2). Windows 7 64 Bit Hallo Schrauber,
__________________vielen vielen Dank für deine schnelle Antwort! mbar hat tatsächlich 9 (!) Malwares gefunden und sie entfernt. TDSSKiller hat anschließend nichts gefunden. Bin ich die Dinger jetzt los? Was kann ich tun, dass soetwas nicht nocheinmal passiert? Hast du eine Ahnung, was die Malware auf meinem Pc angerichet hat? Alle Passworte habe ich bereits von einem sauberen System aus geändert und mich seitdem nicht mehr mit dem infizierten Rechner eingeloggt. Liebe Grüße Juli TDSSKiller Code:
ATTFilter 10:38:48.0455 0x0bf4 TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57
10:39:19.0139 0x0bf4 ============================================================
10:39:19.0139 0x0bf4 Current date / time: 2015/09/03 10:39:19.0139
10:39:19.0139 0x0bf4 SystemInfo:
10:39:19.0139 0x0bf4
10:39:19.0139 0x0bf4 OS Version: 6.1.7601 ServicePack: 1.0
10:39:19.0139 0x0bf4 Product type: Workstation
10:39:19.0139 0x0bf4 ComputerName: JULI-PC
10:39:19.0139 0x0bf4 UserName: Juli
10:39:19.0139 0x0bf4 Windows directory: C:\Windows
10:39:19.0140 0x0bf4 System windows directory: C:\Windows
10:39:19.0140 0x0bf4 Running under WOW64
10:39:19.0140 0x0bf4 Processor architecture: Intel x64
10:39:19.0140 0x0bf4 Number of processors: 2
10:39:19.0140 0x0bf4 Page size: 0x1000
10:39:19.0140 0x0bf4 Boot type: Normal boot
10:39:19.0140 0x0bf4 ============================================================
10:39:21.0955 0x0bf4 KLMD registered as C:\Windows\system32\drivers\23267499.sys
10:39:22.0696 0x0bf4 System UUID: {264F9328-3609-473E-A30F-6836C7CCCF1D}
10:39:23.0824 0x0bf4 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:39:23.0830 0x0bf4 Drive \Device\Harddisk1\DR1 - Size: 0x79B00000 ( 1.90 Gb ), SectorSize: 0x200, Cylinders: 0xF8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:39:23.0833 0x0bf4 ============================================================
10:39:23.0833 0x0bf4 \Device\Harddisk0\DR0:
10:39:23.0833 0x0bf4 MBR partitions:
10:39:23.0833 0x0bf4 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B58800, BlocksNum 0x32000
10:39:23.0833 0x0bf4 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1B8A800, BlocksNum 0xC34CB91
10:39:23.0966 0x0bf4 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xDED73D0, BlocksNum 0xC34F28D
10:39:24.0162 0x0bf4 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x1A22669C, BlocksNum 0xB207025
10:39:24.0162 0x0bf4 \Device\Harddisk1\DR1:
10:39:24.0163 0x0bf4 MBR partitions:
10:39:24.0163 0x0bf4 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x3CD7E0
10:39:24.0163 0x0bf4 ============================================================
10:39:24.0221 0x0bf4 C: <-> \Device\Harddisk0\DR0\Partition2
10:39:24.0261 0x0bf4 D: <-> \Device\Harddisk0\DR0\Partition3
10:39:24.0452 0x0bf4 E: <-> \Device\Harddisk0\DR0\Partition4
10:39:24.0453 0x0bf4 ============================================================
10:39:24.0453 0x0bf4 Initialize success
10:39:24.0453 0x0bf4 ============================================================
10:40:30.0473 0x079c ============================================================
10:40:30.0473 0x079c Scan started
10:40:30.0473 0x079c Mode: Manual; SigCheck; TDLFS;
10:40:30.0473 0x079c ============================================================
10:40:30.0473 0x079c KSN ping started
10:40:34.0248 0x079c KSN ping finished: true
10:40:39.0162 0x079c ================ Scan system memory ========================
10:40:39.0162 0x079c System memory - ok
10:40:39.0162 0x079c ================ Scan services =============================
10:40:39.0537 0x079c [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
10:40:39.0818 0x079c 1394ohci - ok
10:40:39.0942 0x079c [ 6C5461EEB3FFA1B1DCF9A07F8C3B3AFE, B3ECBCA1D8F997495491CC1DAFE05AD022A75B679F91BE156B87C01F83288190 ] 75168101 C:\Windows\system32\DRIVERS\75168101.sys
10:40:39.0989 0x079c 75168101 - ok
10:40:40.0052 0x079c [ 3EC7DFDA521B4FB22CE9F76DF15DB099, EDEA178F46B9EBA8724FD09877D53118E3D886C11BE5FD4AC261F32AEAF1769D ] 75168102 C:\Windows\system32\DRIVERS\75168102.sys
10:40:40.0067 0x079c 75168102 - ok
10:40:40.0208 0x079c [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
10:40:40.0254 0x079c ACPI - ok
10:40:40.0317 0x079c [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
10:40:40.0473 0x079c AcpiPmi - ok
10:40:40.0613 0x079c [ D0B11E40EA74A98A5E133DF1F5276240, BAD5885CD8CC271D59DFA95159EFC3AC36D2BA11B6DA593AAED0C45F1C2F280F ] acsock C:\Windows\system32\DRIVERS\acsock64.sys
10:40:40.0660 0x079c acsock - ok
10:40:40.0878 0x079c [ 6D9FC1E7EA3C548F4D3455F0C3FEEF8C, 0CDB4FE838AAE02BAD50F5284E3EEAD53A58366BF2D3B64903B4EE93C8506A98 ] AdobeActiveFileMonitor7.0 c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
10:40:40.0894 0x079c AdobeActiveFileMonitor7.0 - ok
10:40:41.0284 0x079c [ 368290D0A612D62DA6F3D798B1BB8FE7, D573BF8543F37BC51B88A2473EDFD28AFBCCC446E8CADD54A90FA48D8739D222 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:40:41.0315 0x079c AdobeFlashPlayerUpdateSvc - ok
10:40:41.0409 0x079c [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
10:40:41.0456 0x079c adp94xx - ok
10:40:41.0518 0x079c [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
10:40:41.0549 0x079c adpahci - ok
10:40:41.0580 0x079c [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
10:40:41.0612 0x079c adpu320 - ok
10:40:41.0643 0x079c [ 83BFCCAC53795E8A5055A93672D0C46C, B2B03473D950A5BA9DE59D81E7B14C1FAFF17B2A4D8A5808588F5CC21D63B291 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:40:41.0955 0x079c AeLookupSvc - ok
10:40:42.0142 0x079c [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
10:40:42.0298 0x079c AFD - ok
10:40:42.0407 0x079c [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
10:40:42.0423 0x079c agp440 - ok
10:40:42.0454 0x079c [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
10:40:42.0563 0x079c ALG - ok
10:40:42.0610 0x079c [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
10:40:42.0626 0x079c aliide - ok
10:40:42.0672 0x079c [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
10:40:42.0704 0x079c amdide - ok
10:40:42.0797 0x079c [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
10:40:42.0891 0x079c AmdK8 - ok
10:40:42.0922 0x079c [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
10:40:43.0047 0x079c AmdPPM - ok
10:40:43.0265 0x079c [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
10:40:43.0296 0x079c amdsata - ok
10:40:43.0468 0x079c [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
10:40:43.0530 0x079c amdsbs - ok
10:40:43.0640 0x079c [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
10:40:43.0671 0x079c amdxata - ok
10:40:43.0983 0x079c [ 466A0D95960DAD3222C896D2CEA99993, 98B29D5010A1985AA2CFD016C8730AC81BDF1A2BCFF6B2B77ED205A1301F390B ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
10:40:44.0030 0x079c AntiVirSchedulerService - ok
10:40:44.0217 0x079c [ A489BE6BB0AA1FF406B488B60542314B, 511421991E63EFE11A62B5E3BA564F7BBB8A266F7605E0006B80CDF4F261022E ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
10:40:44.0232 0x079c AntiVirService - ok
10:40:44.0482 0x079c [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID C:\Windows\system32\drivers\appid.sys
10:40:44.0810 0x079c AppID - ok
10:40:44.0888 0x079c [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:40:44.0997 0x079c AppIDSvc - ok
10:40:45.0200 0x079c [ 978DC0A1FBE9CC91B21B40AF66CB396A, 90BAFF81D98F5AFD743D8BD65F716666A7A7BD2DA612492E03C79B29E9A0F8C2 ] Appinfo C:\Windows\System32\appinfo.dll
10:40:45.0324 0x079c Appinfo - ok
10:40:45.0543 0x079c [ 6EB87FDB59AABF6D19C927492DEA0D36, 36168F8CC75D16917A30FA1FACF57659BC2ADF870D20DEE93F851D5348E605BB ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:40:45.0558 0x079c Apple Mobile Device Service - ok
10:40:45.0652 0x079c [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
10:40:45.0668 0x079c arc - ok
10:40:45.0714 0x079c [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
10:40:45.0730 0x079c arcsas - ok
10:40:45.0902 0x079c [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
10:40:45.0980 0x079c aspnet_state - ok
10:40:46.0026 0x079c [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:40:46.0182 0x079c AsyncMac - ok
10:40:46.0229 0x079c [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
10:40:46.0245 0x079c atapi - ok
10:40:46.0557 0x079c [ 3EFD964D52221360AF0673CD61C2F4F5, 76D636CAF2E4FEDAAC6B0D958865A901340CF836EE4FCE59F1D5291E3BEC9F1E ] atikmdag C:\Windows\system32\drivers\atikmdag.sys
10:40:46.0947 0x079c atikmdag - ok
10:40:47.0134 0x079c [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:40:47.0228 0x079c AudioEndpointBuilder - ok
10:40:47.0259 0x079c [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv C:\Windows\System32\Audiosrv.dll
10:40:47.0290 0x079c AudioSrv - ok
10:40:47.0337 0x079c [ 26E38B5A58C6C55FAFBC563EEDDB0867, 8830E097F43AA87E9A9AC8F9EB3EBB4ED668B0F7C99D69405844E03CDC25E817 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
10:40:47.0352 0x079c avgntflt - ok
10:40:47.0430 0x079c [ 9D1F00BEFF84CBBF46D7F052BC7E0565, 3EBF9755AF50AC32890628AEA36C3D6AABA2C35A0A5D9908E7CD01F0420E78BB ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
10:40:47.0462 0x079c avipbb - ok
10:40:47.0477 0x079c [ 248DB59FC86DE44D2779F4C7FB1A567D, BE1D2A5A94ECDE11749B2E5DEBFEAB26C26666BE402CC8A8E5633A0075D6F265 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
10:40:47.0493 0x079c avkmgr - ok
10:40:47.0586 0x079c [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:40:47.0836 0x079c AxInstSV - ok
10:40:47.0945 0x079c [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
10:40:48.0086 0x079c b06bdrv - ok
10:40:48.0164 0x079c [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
10:40:48.0257 0x079c b57nd60a - ok
10:40:48.0335 0x079c [ 9E84A931DBEE0292E38ED672F6293A99, 2945EAF0AC091709E0C5508B45EC343EDE507AC2B08A2D7D64F286D38424CBC4 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
10:40:48.0476 0x079c BCM43XX - ok
10:40:48.0632 0x079c [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
10:40:48.0694 0x079c BDESVC - ok
10:40:48.0772 0x079c [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
10:40:48.0834 0x079c Beep - ok
10:40:49.0178 0x079c [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
10:40:49.0334 0x079c BFE - ok
10:40:49.0458 0x079c [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
10:40:49.0833 0x079c BITS - ok
10:40:49.0880 0x079c [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
10:40:49.0926 0x079c blbdrive - ok
10:40:50.0020 0x079c [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:40:50.0051 0x079c Bonjour Service - ok
10:40:50.0098 0x079c [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:40:50.0254 0x079c bowser - ok
10:40:50.0348 0x079c [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:40:50.0410 0x079c BrFiltLo - ok
10:40:50.0441 0x079c [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:40:50.0675 0x079c BrFiltUp - ok
10:40:50.0816 0x079c [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
10:40:50.0940 0x079c Browser - ok
10:40:51.0018 0x079c [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:40:51.0159 0x079c Brserid - ok
10:40:51.0190 0x079c [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:40:51.0237 0x079c BrSerWdm - ok
10:40:51.0284 0x079c [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:40:51.0393 0x079c BrUsbMdm - ok
10:40:51.0424 0x079c [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:40:51.0440 0x079c BrUsbSer - ok
10:40:51.0486 0x079c [ 832B121E4532919CC49F2438F1DCAA21, 70FFDD505A64D3CF03220D6422EDD47CA2E0DF711BBF2ED057F32A688CB2E2E8 ] BthAvrcp C:\Windows\system32\DRIVERS\BthAvrcp.sys
10:40:51.0596 0x079c BthAvrcp - ok
10:40:51.0689 0x079c [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
10:40:51.0798 0x079c BthEnum - ok
10:40:51.0830 0x079c [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
10:40:52.0064 0x079c BTHMODEM - ok
10:40:52.0110 0x079c [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
10:40:52.0204 0x079c BthPan - ok
10:40:52.0376 0x079c [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
10:40:52.0532 0x079c BTHPORT - ok
10:40:52.0578 0x079c [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
10:40:52.0688 0x079c bthserv - ok
10:40:52.0828 0x079c [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
10:40:52.0875 0x079c BTHUSB - ok
10:40:53.0000 0x079c [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:40:53.0093 0x079c cdfs - ok
10:40:53.0343 0x079c [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
10:40:53.0405 0x079c cdrom - ok
10:40:53.0468 0x079c [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
10:40:53.0577 0x079c CertPropSvc - ok
10:40:53.0624 0x079c [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
10:40:53.0717 0x079c circlass - ok
10:40:53.0873 0x079c [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS C:\Windows\system32\CLFS.sys
10:40:53.0920 0x079c CLFS - ok
10:40:54.0029 0x079c [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:40:54.0045 0x079c clr_optimization_v2.0.50727_32 - ok
10:40:54.0185 0x079c [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:40:54.0216 0x079c clr_optimization_v2.0.50727_64 - ok
10:40:54.0435 0x079c [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:40:54.0669 0x079c clr_optimization_v4.0.30319_32 - ok
10:40:54.0794 0x079c [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:40:55.0137 0x079c clr_optimization_v4.0.30319_64 - ok
10:40:55.0199 0x079c [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
10:40:55.0246 0x079c CmBatt - ok
10:40:55.0324 0x079c [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:40:55.0355 0x079c cmdide - ok
10:40:55.0496 0x079c [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG C:\Windows\system32\Drivers\cng.sys
10:40:55.0558 0x079c CNG - ok
10:40:55.0667 0x079c [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
10:40:55.0683 0x079c Compbatt - ok
10:40:55.0792 0x079c [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
10:40:55.0870 0x079c CompositeBus - ok
10:40:55.0901 0x079c COMSysApp - ok
10:40:56.0010 0x079c [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
10:40:56.0042 0x079c crcdisk - ok
10:40:56.0182 0x079c [ 7BC3E861F7E8EB543A630090FAE779E0, 52A538F25C853AAC9706CD0D4EBF80B1963391AA175895CFD9D44C8ABBFCFB74 ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:40:56.0322 0x079c CryptSvc - ok
10:40:56.0432 0x079c [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
10:40:56.0728 0x079c DcomLaunch - ok
10:40:56.0822 0x079c [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
10:40:56.0978 0x079c defragsvc - ok
10:40:57.0134 0x079c [ 8423DB42808E94847EC4E53EFDA6BEE2, 96B84E62F7B5165935C2D4988B8C97E1FAF08734D35FFC4882A1980CA3F39B6D ] de_cleaner_kasperskydrv C:\Windows\system32\DRIVERS\7516810.sys
10:40:57.0196 0x079c de_cleaner_kasperskydrv - ok
10:40:57.0414 0x079c [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:40:57.0539 0x079c DfsC - ok
10:40:57.0773 0x079c [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
10:40:57.0867 0x079c Dhcp - ok
10:40:58.0194 0x079c [ AA5319FA8602676B5D3A2B4A1355896D, 57532E16FF0DDE3D62B6B6DC35E2598DD453140E9277247965A1E835645E588A ] DiagTrack C:\Windows\system32\diagtrack.dll
10:40:58.0506 0x079c DiagTrack - ok
10:40:58.0584 0x079c [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
10:40:58.0740 0x079c discache - ok
10:40:58.0818 0x079c [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys
10:40:58.0834 0x079c Disk - ok
10:40:59.0052 0x079c [ D5BCB77BE83CF99F508943945D46343D, 00C5624CE970A05075A19168643BF6E8FA60C764333ECEC088D7FFCA10547833 ] DKbFltr C:\Windows\SysWOW64\Drivers\DKbFltr.sys
10:40:59.0068 0x079c DKbFltr - ok
10:40:59.0271 0x079c [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:40:59.0333 0x079c Dnscache - ok
10:40:59.0520 0x079c [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
10:40:59.0614 0x079c dot3svc - ok
10:41:00.0222 0x079c [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
10:41:00.0410 0x079c DPS - ok
10:41:00.0456 0x079c [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:41:00.0612 0x079c drmkaud - ok
10:41:00.0737 0x079c [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:41:00.0800 0x079c DXGKrnl - ok
10:41:00.0878 0x079c [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
10:41:01.0112 0x079c EapHost - ok
10:41:01.0268 0x079c [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
10:41:01.0642 0x079c ebdrv - ok
10:41:01.0767 0x079c [ 0D48E93C6BE3143C0198CB252B992D16, AF34A41BAAE967045C8078E80B070E66ED60FDA0945FA752F715E49FD43373A4 ] EFS C:\Windows\System32\lsass.exe
10:41:01.0985 0x079c EFS - ok
10:41:02.0172 0x079c [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:41:02.0313 0x079c ehRecvr - ok
10:41:02.0672 0x079c [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
10:41:03.0233 0x079c ehSched - ok
10:41:03.0358 0x079c [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
10:41:03.0420 0x079c elxstor - ok
10:41:03.0561 0x079c [ 7C35C6865957289D9EFE6CC73F4AB2E1, 2A57CC80CA39A6664DC271F0F159C649CB3EBA210DA4AFE20A7B6EF939ACDE8F ] ePowerSvc C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
10:41:03.0608 0x079c ePowerSvc - ok
10:41:03.0654 0x079c [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:41:03.0826 0x079c ErrDev - ok
10:41:03.0888 0x079c [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
10:41:03.0966 0x079c EventSystem - ok
10:41:04.0013 0x079c [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
10:41:04.0107 0x079c exfat - ok
10:41:04.0138 0x079c [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:41:04.0372 0x079c fastfat - ok
10:41:04.0622 0x079c [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
10:41:04.0762 0x079c Fax - ok
10:41:04.0824 0x079c [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:41:04.0902 0x079c fdc - ok
10:41:04.0949 0x079c [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
10:41:05.0043 0x079c fdPHost - ok
10:41:05.0090 0x079c [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
10:41:05.0152 0x079c FDResPub - ok
10:41:05.0230 0x079c [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:41:05.0246 0x079c FileInfo - ok
10:41:05.0261 0x079c [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:41:05.0339 0x079c Filetrace - ok
10:41:05.0573 0x079c [ F76D04F7413B07DAA029F6520B64B4E8, 3EB13C0EFE737880853FB8952381E7A57723F9472E0E4ED7CDA8A0D7DE8DC90D ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
10:41:05.0682 0x079c FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic ( 1 )
10:41:08.0537 0x079c Detect skipped due to KSN trusted
10:41:08.0537 0x079c FLEXnet Licensing Service - ok
10:41:08.0584 0x079c [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
10:41:08.0631 0x079c flpydisk - ok
10:41:08.0709 0x079c [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:41:08.0787 0x079c FltMgr - ok
10:41:08.0974 0x079c [ D5A775990A7C202A037378FDBCDB6141, 27AD242914FAFB7A27B3045C0F0F6AFE6873FE331A51D8BB29A63B5D84C72EFB ] FontCache C:\Windows\system32\FntCache.dll
10:41:09.0192 0x079c FontCache - ok
10:41:09.0411 0x079c [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:41:09.0442 0x079c FontCache3.0.0.0 - ok
10:41:09.0489 0x079c [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:41:09.0504 0x079c FsDepends - ok
10:41:09.0567 0x079c [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:41:09.0598 0x079c Fs_Rec - ok
10:41:09.0754 0x079c [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:41:09.0785 0x079c fvevol - ok
10:41:09.0879 0x079c [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
10:41:09.0910 0x079c gagp30kx - ok
10:41:10.0066 0x079c [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
10:41:10.0191 0x079c gpsvc - ok
10:41:10.0300 0x079c [ 816FD5A6F3C2F3D600900096632FC60E, D92401C4B56663F8A12B6390562608A125713408B00266C53844129679E48E9C ] Greg_Service C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
10:41:10.0347 0x079c Greg_Service - ok
10:41:10.0690 0x079c [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:41:10.0721 0x079c gupdate - ok
10:41:10.0955 0x079c [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:41:10.0986 0x079c gupdatem - ok
10:41:11.0033 0x079c [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
10:41:11.0142 0x079c hcw85cir - ok
10:41:11.0330 0x079c [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:41:11.0454 0x079c HdAudAddService - ok
10:41:11.0626 0x079c [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
10:41:11.0735 0x079c HDAudBus - ok
10:41:11.0798 0x079c [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
10:41:11.0860 0x079c HidBatt - ok
10:41:11.0969 0x079c [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
10:41:12.0047 0x079c HidBth - ok
10:41:12.0063 0x079c [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
10:41:12.0110 0x079c HidIr - ok
10:41:12.0156 0x079c [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
10:41:12.0297 0x079c hidserv - ok
10:41:12.0422 0x079c [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:41:12.0501 0x079c HidUsb - ok
10:41:12.0610 0x079c [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:41:12.0703 0x079c hkmsvc - ok
10:41:12.0781 0x079c [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:41:12.0937 0x079c HomeGroupListener - ok
10:41:12.0984 0x079c [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:41:13.0093 0x079c HomeGroupProvider - ok
10:41:13.0187 0x079c [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
10:41:13.0203 0x079c HpSAMD - ok
10:41:13.0359 0x079c [ 447256D1C026654C5CD3CC17E7B20631, F89589AC17BC50483E6687963370937E6CD19D6030F30D70577A7DA266116919 ] HsfXAudioService C:\Windows\SysWOW64\XAudio64.dll
10:41:13.0483 0x079c HsfXAudioService - ok
10:41:13.0577 0x079c [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:41:13.0780 0x079c HTTP - ok
10:41:13.0905 0x079c [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:41:13.0936 0x079c hwpolicy - ok
10:41:13.0998 0x079c [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
10:41:14.0029 0x079c i8042prt - ok
10:41:14.0232 0x079c [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
10:41:14.0295 0x079c iaStorV - ok
10:41:14.0451 0x079c [ 86B750CC384F3A8B8C1D12F3188307AE, 222B271B1E958715FF54B63B4533FA24DF13191B99D1A406BF2E9A532E31FF30 ] ICQ Service C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
10:41:14.0482 0x079c ICQ Service - ok
10:41:14.0794 0x079c [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:41:14.0856 0x079c idsvc - ok
10:41:14.0950 0x079c IEEtwCollectorService - ok
10:41:15.0012 0x079c [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
10:41:15.0043 0x079c iirsp - ok
10:41:15.0153 0x079c [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
10:41:15.0277 0x079c IKEEXT - ok
10:41:15.0449 0x079c [ 0C3CF4B3BAE28E121A1689E3538F8712, 1599785D54E8306872A1DDD8546D316C9B193A85C5AEB37CF956B8C4077B8792 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
10:41:15.0574 0x079c IntcAzAudAddService - ok
10:41:15.0621 0x079c [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
10:41:15.0636 0x079c intelide - ok
10:41:15.0714 0x079c [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:41:15.0777 0x079c intelppm - ok
10:41:15.0839 0x079c [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:41:15.0901 0x079c IPBusEnum - ok
10:41:15.0948 0x079c [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:41:16.0042 0x079c IpFilterDriver - ok
10:41:16.0323 0x079c [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:41:16.0463 0x079c iphlpsvc - ok
10:41:16.0542 0x079c [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
10:41:16.0620 0x079c IPMIDRV - ok
10:41:16.0682 0x079c [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:41:16.0760 0x079c IPNAT - ok
10:41:16.0792 0x079c [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:41:16.0916 0x079c IRENUM - ok
10:41:16.0948 0x079c [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:41:16.0963 0x079c isapnp - ok
10:41:17.0166 0x079c [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
10:41:17.0228 0x079c iScsiPrt - ok
10:41:17.0353 0x079c [ 08DD34F74D65E1C8F238565570952630, CD58D4A05AE191A60FC4A1D6D11EF86885A600F42607BFD57895F8611A1F7A23 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
10:41:17.0416 0x079c k57nd60a - ok
10:41:17.0525 0x079c [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
10:41:17.0556 0x079c kbdclass - ok
10:41:17.0696 0x079c [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
10:41:17.0759 0x079c kbdhid - ok
10:41:17.0774 0x079c [ 0D48E93C6BE3143C0198CB252B992D16, AF34A41BAAE967045C8078E80B070E66ED60FDA0945FA752F715E49FD43373A4 ] KeyIso C:\Windows\system32\lsass.exe
10:41:17.0790 0x079c KeyIso - ok
10:41:17.0821 0x079c [ 67A1743377EBB5D9A370A8C2086CFDCC, 2F0FD6C1969B1EEEEFFC1A8F972E1E90F1AD9558FF00EC159BC19ED927FD4BF5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:41:17.0837 0x079c KSecDD - ok
10:41:17.0899 0x079c [ 522A1595D5701800DD41B2D472F5AAED, B62924AE94A5AC454AD6057BC133D717BB1C6445BE36D6BECAB76E1600F60C33 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:41:17.0930 0x079c KSecPkg - ok
10:41:17.0977 0x079c [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
10:41:18.0055 0x079c ksthunk - ok
10:41:18.0133 0x079c [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
10:41:18.0196 0x079c KtmRm - ok
10:41:18.0305 0x079c [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
10:41:18.0445 0x079c LanmanServer - ok
10:41:18.0742 0x079c [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:41:18.0835 0x079c LanmanWorkstation - ok
10:41:18.0898 0x079c [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:41:18.0976 0x079c lltdio - ok
10:41:19.0069 0x079c [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:41:19.0241 0x079c lltdsvc - ok
10:41:19.0272 0x079c [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:41:19.0319 0x079c lmhosts - ok
10:41:19.0397 0x079c [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
10:41:19.0412 0x079c LSI_FC - ok
10:41:19.0522 0x079c [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
10:41:19.0537 0x079c LSI_SAS - ok
10:41:19.0568 0x079c [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:41:19.0584 0x079c LSI_SAS2 - ok
10:41:19.0615 0x079c [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:41:19.0631 0x079c LSI_SCSI - ok
10:41:19.0646 0x079c [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
10:41:19.0709 0x079c luafv - ok
10:41:19.0802 0x079c [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:41:19.0849 0x079c Mcx2Svc - ok
10:41:19.0896 0x079c [ E4F44EC214B3E381E1FC844A02926666, 6EE8C87EFCEFFBEA08B9B9DA036B37564542EE4D31942115CDBF895295DD5FE2 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
10:41:19.0943 0x079c mdmxsdk - ok
10:41:19.0974 0x079c [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
10:41:19.0990 0x079c megasas - ok
10:41:20.0036 0x079c [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
10:41:20.0068 0x079c MegaSR - ok
10:41:20.0114 0x079c [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
10:41:20.0177 0x079c MMCSS - ok
10:41:20.0208 0x079c [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
10:41:20.0255 0x079c Modem - ok
10:41:20.0333 0x079c [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:41:20.0348 0x079c monitor - ok
10:41:20.0426 0x079c [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:41:20.0458 0x079c mouclass - ok
10:41:20.0504 0x079c [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:41:20.0551 0x079c mouhid - ok
10:41:20.0598 0x079c [ 67050452C0118BAF2883928E6FCCFE47, 335FC0AEB7B47DCC7CE0CF3F424EB60ACB1327D2FF6515F04D9AC03A10FF1E31 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:41:20.0614 0x079c mountmgr - ok
10:41:20.0754 0x079c [ D3CD756874E04B311C5341E1AECD12DF, BCEE21019B4750511CABA7D50DE8DB3BCA97FC41006E0347F7E2CC2EE3F1D4D9 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:41:20.0785 0x079c MozillaMaintenance - ok
10:41:20.0848 0x079c [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
10:41:20.0879 0x079c mpio - ok
10:41:20.0910 0x079c [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:41:20.0988 0x079c mpsdrv - ok
10:41:21.0222 0x079c [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
10:41:21.0316 0x079c MpsSvc - ok
10:41:21.0394 0x079c [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:41:21.0487 0x079c MRxDAV - ok
10:41:21.0550 0x079c [ B2081803D510DCE174992BA880EDCA70, 37DB53C9756EC03EB7165DEB58251615D70B7C86DF32A54DE25ADAF30A04D792 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:41:21.0799 0x079c mrxsmb - ok
10:41:21.0908 0x079c [ 552FA62B0EFECD22D8D52499324BCA4F, C3A02C9C30C36928AC7B1025496544967187A05BEF5D100B54F2C0155E47145C ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:41:21.0971 0x079c mrxsmb10 - ok
10:41:22.0049 0x079c [ 97687971F9CB30E2633DE0F1296B9F61, 865DA87523E4C32D65D55D5475A5CDDFA10699780DA500E6D606384FB3BEB1BE ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:41:22.0127 0x079c mrxsmb20 - ok
10:41:22.0189 0x079c [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
10:41:22.0205 0x079c msahci - ok
10:41:22.0236 0x079c [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:41:22.0252 0x079c msdsm - ok
10:41:22.0267 0x079c [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
10:41:22.0330 0x079c MSDTC - ok
10:41:22.0392 0x079c [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:41:22.0501 0x079c Msfs - ok
10:41:22.0564 0x079c [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:41:22.0642 0x079c mshidkmdf - ok
10:41:22.0688 0x079c [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:41:22.0704 0x079c msisadrv - ok
10:41:22.0766 0x079c [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:41:22.0860 0x079c MSiSCSI - ok
10:41:22.0860 0x079c msiserver - ok
10:41:22.0954 0x079c [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:41:23.0063 0x079c MSKSSRV - ok
10:41:23.0094 0x079c [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:41:23.0141 0x079c MSPCLOCK - ok
10:41:23.0172 0x079c [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:41:23.0312 0x079c MSPQM - ok
10:41:23.0390 0x079c [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:41:23.0437 0x079c MsRPC - ok
10:41:23.0531 0x079c [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
10:41:23.0546 0x079c mssmbios - ok
10:41:23.0609 0x079c [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:41:23.0671 0x079c MSTEE - ok
10:41:23.0734 0x079c [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
10:41:23.0749 0x079c MTConfig - ok
10:41:23.0780 0x079c [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
10:41:23.0796 0x079c Mup - ok
10:41:23.0890 0x079c [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
10:41:23.0968 0x079c napagent - ok
10:41:24.0124 0x079c [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:41:24.0248 0x079c NativeWifiP - ok
10:41:24.0436 0x079c [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
10:41:24.0482 0x079c NDIS - ok
10:41:24.0529 0x079c [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:41:24.0670 0x079c NdisCap - ok
10:41:24.0857 0x079c [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:41:24.0904 0x079c NdisTapi - ok
10:41:24.0966 0x079c [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:41:25.0028 0x079c Ndisuio - ok
10:41:25.0091 0x079c [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:41:25.0200 0x079c NdisWan - ok
10:41:25.0262 0x079c [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:41:25.0387 0x079c NDProxy - ok
10:41:25.0528 0x079c [ B90E093E7A7250906F1054418B5339C0, F9A0BAC5B4B29F14B5CACA1047F8928A495EFD56E485492BF71C856B296476D6 ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
10:41:25.0621 0x079c Nero BackItUp Scheduler 4.0 - ok
10:41:25.0684 0x079c [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:41:25.0730 0x079c NetBIOS - ok
10:41:25.0808 0x079c [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:41:25.0902 0x079c NetBT - ok
10:41:25.0918 0x079c [ 0D48E93C6BE3143C0198CB252B992D16, AF34A41BAAE967045C8078E80B070E66ED60FDA0945FA752F715E49FD43373A4 ] Netlogon C:\Windows\system32\lsass.exe
10:41:25.0949 0x079c Netlogon - ok
10:41:26.0027 0x079c [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
10:41:26.0105 0x079c Netman - ok
10:41:26.0198 0x079c [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:41:26.0245 0x079c NetMsmqActivator - ok
10:41:26.0276 0x079c [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:41:26.0292 0x079c NetPipeActivator - ok
10:41:26.0354 0x079c [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
10:41:26.0448 0x079c netprofm - ok
10:41:26.0479 0x079c [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:41:26.0510 0x079c NetTcpActivator - ok
10:41:26.0526 0x079c [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:41:26.0542 0x079c NetTcpPortSharing - ok
10:41:26.0885 0x079c [ 705283C02177809CA9FA7CC58A4F1E77, EA723588AA706F3D1E6007B300119AF6A99D1E4FB6B454751F48519191DE26E5 ] NETw5v64 C:\Windows\system32\DRIVERS\NETw5v64.sys
10:41:27.0228 0x079c NETw5v64 - ok
10:41:27.0275 0x079c [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
10:41:27.0290 0x079c nfrd960 - ok
10:41:27.0400 0x079c [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll
10:41:27.0509 0x079c NlaSvc - ok
10:41:27.0556 0x079c [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:41:27.0602 0x079c Npfs - ok
10:41:27.0649 0x079c [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
10:41:27.0727 0x079c nsi - ok
10:41:27.0758 0x079c [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:41:27.0821 0x079c nsiproxy - ok
10:41:27.0946 0x079c [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:41:28.0039 0x079c Ntfs - ok
10:41:28.0117 0x079c [ 70E3EB0CEF795D348F05E5A9B115F491, F62FF02A34416E027BDE57DD54C436CE29CB83758B9DAB24BD6E042BB6A335B8 ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
10:41:28.0133 0x079c NTI IScheduleSvc - ok
10:41:28.0304 0x079c [ 64DDD0DEE976302F4BD93E5EFCC2F013, 19F54B4549999EF96FAE1B2B97973F281304843ADE0CF5823574453AB41E3E9C ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
10:41:28.0320 0x079c NTIDrvr - ok
10:41:28.0320 0x079c [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
10:41:28.0414 0x079c Null - ok
10:41:28.0492 0x079c [ 6E41A4DF26340A07A489B721F9721EC1, C4CF1F9A9B51897FA91113FE41C214D7869D8C3053E8C6C5CC1A8BF3D3452EF0 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
10:41:28.0507 0x079c NVHDA - ok
10:41:29.0053 0x079c [ 24F526274353FF7BB93D99D238E582DA, 050FBD95BC1073EF366577133DF47C77088F5B935E08EE33C2A31F1AD4D41202 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:41:29.0584 0x079c nvlddmkm - ok
10:41:29.0833 0x079c [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:41:29.0849 0x079c nvraid - ok
10:41:29.0896 0x079c [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:41:29.0927 0x079c nvstor - ok
10:41:29.0974 0x079c [ AAD3B6F3E5B9FE1D29BF627904F6120F, 24EE5A642E1C2D3AF3F1A95F634564DED32BAE5EA97DBAC3F9D0CF97DFA9B94B ] nvsvc C:\Windows\system32\nvvsvc.exe
10:41:29.0989 0x079c nvsvc - ok
10:41:30.0317 0x079c [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:41:30.0332 0x079c nv_agp - ok
10:41:30.0364 0x079c [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
10:41:30.0395 0x079c ohci1394 - ok
10:41:30.0535 0x079c [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:41:30.0613 0x079c ose - ok
10:41:31.0393 0x079c [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:41:31.0534 0x079c osppsvc - ok
10:41:31.0627 0x079c [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
10:41:31.0830 0x079c p2pimsvc - ok
10:41:31.0892 0x079c [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
10:41:32.0002 0x079c p2psvc - ok
10:41:32.0064 0x079c [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
10:41:32.0158 0x079c Parport - ok
10:41:32.0204 0x079c [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:41:32.0236 0x079c partmgr - ok
10:41:32.0392 0x079c [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc C:\Windows\System32\pcasvc.dll
10:41:32.0626 0x079c PcaSvc - ok
10:41:32.0688 0x079c [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
10:41:32.0719 0x079c pci - ok
10:41:32.0750 0x079c [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
10:41:32.0782 0x079c pciide - ok
10:41:32.0844 0x079c [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
10:41:32.0860 0x079c pcmcia - ok
10:41:32.0922 0x079c [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
10:41:32.0953 0x079c pcw - ok
10:41:33.0031 0x079c [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:41:33.0109 0x079c PEAUTH - ok
10:41:33.0187 0x079c [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
10:41:33.0218 0x079c PerfHost - ok
10:41:33.0328 0x079c [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
10:41:33.0452 0x079c pla - ok
10:41:33.0530 0x079c [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:41:33.0608 0x079c PlugPlay - ok
10:41:33.0796 0x079c [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
10:41:33.0874 0x079c PNRPAutoReg - ok
10:41:33.0905 0x079c [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
10:41:33.0936 0x079c PNRPsvc - ok
10:41:33.0998 0x079c [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:41:34.0123 0x079c PolicyAgent - ok
10:41:34.0154 0x079c [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
10:41:34.0232 0x079c Power - ok
10:41:34.0264 0x079c [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:41:34.0310 0x079c PptpMiniport - ok
10:41:34.0357 0x079c [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys
10:41:34.0466 0x079c Processor - ok
10:41:34.0591 0x079c [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll
10:41:34.0888 0x079c ProfSvc - ok
10:41:34.0919 0x079c [ 0D48E93C6BE3143C0198CB252B992D16, AF34A41BAAE967045C8078E80B070E66ED60FDA0945FA752F715E49FD43373A4 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:41:34.0934 0x079c ProtectedStorage - ok
10:41:34.0997 0x079c [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
10:41:35.0044 0x079c Psched - ok
10:41:35.0090 0x079c [ FBF4DB6D53585437E41A113300002A2B, A0145CE87A95DA3775B28A00E741660C26ADE34BBCC7FC502ED809931482C8F2 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
10:41:35.0122 0x079c PxHlpa64 - ok
10:41:35.0262 0x079c [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
10:41:35.0356 0x079c ql2300 - ok
10:41:35.0402 0x079c [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
10:41:35.0434 0x079c ql40xx - ok
10:41:35.0480 0x079c [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
10:41:35.0512 0x079c QWAVE - ok
10:41:35.0558 0x079c [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:41:35.0621 0x079c QWAVEdrv - ok
10:41:35.0636 0x079c [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:41:35.0714 0x079c RasAcd - ok
10:41:35.0792 0x079c [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
10:41:35.0839 0x079c RasAgileVpn - ok
10:41:35.0886 0x079c [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
10:41:36.0011 0x079c RasAuto - ok
10:41:36.0104 0x079c [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:41:36.0182 0x079c Rasl2tp - ok
10:41:36.0292 0x079c [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
10:41:36.0416 0x079c RasMan - ok
10:41:36.0510 0x079c [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:41:36.0588 0x079c RasPppoe - ok
10:41:36.0697 0x079c [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:41:36.0853 0x079c RasSstp - ok
10:41:36.0931 0x079c [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:41:37.0040 0x079c rdbss - ok
10:41:37.0072 0x079c [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
10:41:37.0087 0x079c rdpbus - ok
10:41:37.0118 0x079c [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:41:37.0228 0x079c RDPCDD - ok
10:41:37.0274 0x079c [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:41:37.0384 0x079c RDPENCDD - ok
10:41:37.0415 0x079c [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
10:41:37.0446 0x079c RDPREFMP - ok
10:41:37.0508 0x079c [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:41:37.0649 0x079c RDPWD - ok
10:41:37.0742 0x079c [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
10:41:37.0789 0x079c rdyboost - ok
10:41:37.0883 0x079c [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:41:37.0961 0x079c RemoteAccess - ok
10:41:37.0992 0x079c [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:41:38.0132 0x079c RemoteRegistry - ok
10:41:38.0242 0x079c [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
10:41:38.0273 0x079c RFCOMM - ok
10:41:38.0366 0x079c [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
10:41:38.0429 0x079c RpcEptMapper - ok
10:41:38.0507 0x079c [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
10:41:38.0569 0x079c RpcLocator - ok
10:41:38.0741 0x079c [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
10:41:38.0803 0x079c RpcSs - ok
10:41:38.0912 0x079c [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:41:39.0006 0x079c rspndr - ok
10:41:39.0256 0x079c [ FB39AF63D6617F028BA0EBC21B83360D, 0D306DD9C3F64E4CE01F98883C0C1AE945280FD9D2A0E68ACC75273187F77C5E ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
10:41:39.0396 0x079c RSUSBSTOR - ok
10:41:39.0490 0x079c [ 7421A35C45484B95E83B5E9E107CEFC2, 128BB6A7552B9D57284056FB8946A6FE3C620F7B706F709F896828304A6FCD77 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
10:41:39.0521 0x079c RTHDMIAzAudService - ok
10:41:39.0552 0x079c [ 0D48E93C6BE3143C0198CB252B992D16, AF34A41BAAE967045C8078E80B070E66ED60FDA0945FA752F715E49FD43373A4 ] SamSs C:\Windows\system32\lsass.exe
10:41:39.0583 0x079c SamSs - ok
10:41:39.0646 0x079c [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:41:39.0677 0x079c sbp2port - ok
10:41:39.0708 0x079c [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:41:39.0786 0x079c SCardSvr - ok
10:41:39.0848 0x079c [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
10:41:39.0989 0x079c scfilter - ok
10:41:40.0114 0x079c [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
10:41:40.0238 0x079c Schedule - ok
10:41:40.0332 0x079c [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
10:41:40.0394 0x079c SCPolicySvc - ok
10:41:40.0441 0x079c [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:41:40.0628 0x079c SDRSVC - ok
10:41:40.0847 0x079c [ 68D6C7F99BC73B88954D844FCCBEB2A0, F746861B103C8BE8EA234B9FCFBBDD2412C79FB65F2F1E0F5E6EBC0B34905FF1 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
10:41:40.0909 0x079c SDUpdateService - ok
10:41:40.0940 0x079c [ 9B9B368A8FF5CAF91D7A333CF62CD2CC, A4AE7FFBBAF983BFDE15B521ED162CBC4E6FC85BCDB200C75D45878B3FFDFA68 ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
10:41:40.0956 0x079c SDWSCService - ok
10:41:41.0034 0x079c [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:41:41.0159 0x079c secdrv - ok
10:41:41.0190 0x079c [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
10:41:41.0315 0x079c seclogon - ok
10:41:41.0346 0x079c [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
10:41:41.0424 0x079c SENS - ok
10:41:41.0518 0x079c [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
10:41:41.0611 0x079c SensrSvc - ok
10:41:41.0674 0x079c [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
10:41:41.0752 0x079c Serenum - ok
10:41:41.0814 0x079c [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
10:41:41.0861 0x079c Serial - ok
10:41:41.0876 0x079c [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
10:41:41.0908 0x079c sermouse - ok
10:41:42.0017 0x079c [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
10:41:42.0079 0x079c SessionEnv - ok
10:41:42.0126 0x079c [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:41:42.0204 0x079c sffdisk - ok
10:41:42.0220 0x079c [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:41:42.0235 0x079c sffp_mmc - ok
10:41:42.0251 0x079c [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:41:42.0282 0x079c sffp_sd - ok
10:41:42.0344 0x079c [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
10:41:42.0376 0x079c sfloppy - ok
10:41:42.0500 0x079c [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:41:42.0625 0x079c SharedAccess - ok
10:41:42.0750 0x079c [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:41:42.0906 0x079c ShellHWDetection - ok
10:41:42.0984 0x079c [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:41:43.0000 0x079c SiSRaid2 - ok
10:41:43.0124 0x079c [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
10:41:43.0156 0x079c SiSRaid4 - ok
10:41:43.0312 0x079c [ F6EF225A23D336CA30001E5007644C24, B0A4B1256C1074F1B4F73E3BBA16FD4683D6EEA583DEEF8E11EFD29BA7541F2A ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
10:41:43.0390 0x079c SkypeUpdate - ok
10:41:43.0405 0x079c [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:41:43.0452 0x079c Smb - ok
10:41:43.0530 0x079c [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:41:43.0608 0x079c SNMPTRAP - ok
10:41:43.0639 0x079c [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
10:41:43.0655 0x079c spldr - ok
10:41:43.0702 0x079c [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
10:41:43.0873 0x079c Spooler - ok
10:41:44.0170 0x079c [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
10:41:44.0591 0x079c sppsvc - ok
10:41:44.0653 0x079c [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
10:41:44.0731 0x079c sppuinotify - ok
10:41:44.0778 0x079c [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
10:41:44.0965 0x079c srv - ok
10:41:45.0059 0x079c [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:41:45.0277 0x079c srv2 - ok
10:41:45.0340 0x079c [ 0C4540311E11664B245A263E1154CEF8, 63376322BFFAFF2F166AF3FDD3F1A346C21FAE21F406F659F8630779D1D6525D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
10:41:45.0386 0x079c SrvHsfHDA - ok
10:41:45.0527 0x079c [ 02071D207A9858FBE3A48CBFD59C4A04, FEA4DEBAEC3465E0C7C1E8B721805922F6BBCB96A60A193B11688F4252F4B89E ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
10:41:45.0667 0x079c SrvHsfV92 - ok
10:41:45.0776 0x079c [ 18E40C245DBFAF36FD0134A7EF2DF396, 0138A68958112101A5D3BD94114F320CE80B0C9A93E009AC78DE7415FCCC7DE7 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
10:41:45.0839 0x079c SrvHsfWinac - ok
10:41:45.0901 0x079c [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:41:45.0979 0x079c srvnet - ok
10:41:46.0057 0x079c [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:41:46.0151 0x079c SSDPSRV - ok
10:41:46.0166 0x079c [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:41:46.0213 0x079c SstpSvc - ok
10:41:46.0244 0x079c [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
10:41:46.0260 0x079c stexstor - ok
10:41:46.0478 0x079c [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
10:41:46.0572 0x079c stisvc - ok
10:41:46.0650 0x079c [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
10:41:46.0681 0x079c swenum - ok
10:41:46.0728 0x079c [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
10:41:46.0822 0x079c swprv - ok
10:41:46.0884 0x079c [ BCF305959B53B200CEB2AD25AD22F8A7, 74F71313A87C1FDDE2B373EA8D30346D47669CAA7CCE83AB6F8452C268F65787 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
10:41:46.0900 0x079c SynTP - ok
10:41:47.0040 0x079c [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain C:\Windows\system32\sysmain.dll
10:41:47.0212 0x079c SysMain - ok
10:41:47.0336 0x079c [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:41:47.0461 0x079c TabletInputService - ok
10:41:47.0555 0x079c [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
10:41:47.0664 0x079c TapiSrv - ok
10:41:47.0726 0x079c [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
10:41:47.0820 0x079c TBS - ok
10:41:48.0038 0x079c [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:41:48.0148 0x079c Tcpip - ok
10:41:48.0241 0x079c [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
10:41:48.0366 0x079c TCPIP6 - ok
10:41:48.0428 0x079c [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:41:48.0553 0x079c tcpipreg - ok
10:41:48.0647 0x079c [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:41:48.0756 0x079c TDPIPE - ok
10:41:48.0818 0x079c [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:41:48.0912 0x079c TDTCP - ok
10:41:48.0990 0x079c [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:41:49.0068 0x079c tdx - ok
10:41:49.0240 0x079c [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
10:41:49.0271 0x079c TermDD - ok
10:41:49.0364 0x079c [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
10:41:49.0489 0x079c TermService - ok
10:41:49.0598 0x079c [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
10:41:49.0692 0x079c Themes - ok
10:41:49.0817 0x079c [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
10:41:49.0910 0x079c THREADORDER - ok
10:41:49.0957 0x079c [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
10:41:50.0035 0x079c TrkWks - ok
10:41:50.0207 0x079c [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:41:50.0332 0x079c TrustedInstaller - ok
10:41:50.0394 0x079c [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:41:50.0410 0x079c tssecsrv - ok
10:41:50.0534 0x079c [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
10:41:50.0597 0x079c TsUsbFlt - ok
10:41:50.0690 0x079c [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:41:50.0768 0x079c tunnel - ok
10:41:50.0815 0x079c [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
10:41:50.0831 0x079c uagp35 - ok
10:41:50.0862 0x079c [ 2E22C1FD397A5A9FFEF55E9D1FC96C00, 4646712B3F3AF6188DBCE1A95D92261E8B15E9583FE5DD538EC884F48B51759D ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
10:41:50.0878 0x079c UBHelper - ok
10:41:51.0065 0x079c [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:41:51.0158 0x079c udfs - ok
10:41:51.0268 0x079c [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:41:51.0314 0x079c UI0Detect - ok
10:41:51.0392 0x079c [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:41:51.0424 0x079c uliagpkx - ok
10:41:51.0502 0x079c [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\drivers\umbus.sys
10:41:51.0564 0x079c umbus - ok
10:41:51.0642 0x079c [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
10:41:51.0689 0x079c UmPass - ok
10:41:51.0798 0x079c [ 70DDE3A86DBEB1D6C3C30AD687B1877A, 2DAE797240DB8F521F1C9D1171524790052E186B060D58A1B102FBFFC80CE48E ] Updater Service C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
10:41:51.0829 0x079c Updater Service - ok
10:41:51.0892 0x079c [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
10:41:51.0938 0x079c upnphost - ok
10:41:52.0016 0x079c [ F957092C63CD71D85903CA0D8370F473, 4DEC2FC20329F248135DA24CB6694FD972DCCE8B1BBEA8D872FDE41939E96AAF ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
10:41:52.0110 0x079c USBAAPL64 - ok
10:41:52.0235 0x079c [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:41:52.0328 0x079c usbccgp - ok
10:41:52.0438 0x079c [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:41:52.0516 0x079c usbcir - ok
10:41:52.0578 0x079c [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
10:41:52.0609 0x079c usbehci - ok
10:41:52.0718 0x079c [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:41:52.0874 0x079c usbhub - ok
10:41:52.0906 0x079c [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys
10:41:52.0921 0x079c usbohci - ok
10:41:52.0999 0x079c [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
10:41:53.0140 0x079c usbprint - ok
10:41:53.0171 0x079c [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
10:41:53.0264 0x079c usbscan - ok
10:41:53.0296 0x079c [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:41:53.0467 0x079c USBSTOR - ok
10:41:53.0530 0x079c [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
10:41:53.0639 0x079c usbuhci - ok
10:41:53.0717 0x079c [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
10:41:53.0779 0x079c usbvideo - ok
10:41:53.0810 0x079c [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
10:41:53.0888 0x079c UxSms - ok
10:41:53.0920 0x079c [ 0D48E93C6BE3143C0198CB252B992D16, AF34A41BAAE967045C8078E80B070E66ED60FDA0945FA752F715E49FD43373A4 ] VaultSvc C:\Windows\system32\lsass.exe
10:41:53.0935 0x079c VaultSvc - ok
10:41:53.0966 0x079c [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
10:41:53.0998 0x079c vdrvroot - ok
10:41:54.0076 0x079c [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
10:41:54.0216 0x079c vds - ok
10:41:54.0278 0x079c [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:41:54.0310 0x079c vga - ok
10:41:54.0388 0x079c [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
10:41:54.0481 0x079c VgaSave - ok
10:41:54.0544 0x079c [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
10:41:54.0575 0x079c vhdmp - ok
10:41:54.0606 0x079c [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
10:41:54.0622 0x079c viaide - ok
10:41:54.0653 0x079c [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:41:54.0668 0x079c volmgr - ok
10:41:54.0762 0x079c [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:41:54.0840 0x079c volmgrx - ok
10:41:55.0074 0x079c [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:41:55.0105 0x079c volsnap - ok
10:41:55.0464 0x079c [ 4F4125C8E7FB75FED141316E0DFEBE4F, B8F9C2BB192358AAF630A1AC1563E61C584CBF00C25089A0BBD933E3DB1AB8E1 ] vpnagent C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
10:41:55.0495 0x079c vpnagent - ok
10:41:55.0573 0x079c [ 13E6D95E7AC67ABB7A1196557EF8849F, E1305FA88B27C4950A0A4EB9C5F64B1C5A32F1A887CEE712DBBE6E7E2FDC7116 ] vpnva C:\Windows\system32\DRIVERS\vpnva64.sys
10:41:55.0589 0x079c vpnva - ok
10:41:55.0776 0x079c [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
10:41:55.0807 0x079c vsmraid - ok
10:41:55.0963 0x079c [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
10:41:56.0088 0x079c VSS - ok
10:41:56.0166 0x079c [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
10:41:56.0228 0x079c vwifibus - ok
10:41:56.0260 0x079c [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
10:41:56.0306 0x079c vwififlt - ok
10:41:56.0384 0x079c [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
10:41:56.0447 0x079c W32Time - ok
10:41:56.0525 0x079c [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
10:41:56.0540 0x079c WacomPen - ok
10:41:56.0618 0x079c [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
10:41:56.0665 0x079c WANARP - ok
10:41:56.0681 0x079c [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:41:56.0728 0x079c Wanarpv6 - ok
10:41:56.0946 0x079c [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
10:41:57.0086 0x079c wbengine - ok
10:41:57.0149 0x079c [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
10:41:57.0211 0x079c WbioSrvc - ok
10:41:57.0258 0x079c [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:41:57.0305 0x079c wcncsvc - ok
10:41:57.0336 0x079c [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:41:57.0398 0x079c WcsPlugInService - ok
10:41:57.0492 0x079c [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
10:41:57.0508 0x079c Wd - ok
10:41:57.0617 0x079c [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:41:57.0679 0x079c Wdf01000 - ok
10:41:57.0773 0x079c [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:41:57.0835 0x079c WdiServiceHost - ok
10:41:57.0851 0x079c [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:41:57.0866 0x079c WdiSystemHost - ok
10:41:57.0913 0x079c [ 4E89FC53493704BF835F0300DC201C34, FB3080725E144D93512DED81047D21C0582BC3412250EFF37E039108D7351F53 ] WebClient C:\Windows\System32\webclnt.dll
10:41:57.0991 0x079c WebClient - ok
10:41:58.0022 0x079c [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:41:58.0100 0x079c Wecsvc - ok
10:41:58.0132 0x079c [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:41:58.0194 0x079c wercplsupport - ok
10:41:58.0288 0x079c [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
10:41:58.0334 0x079c WerSvc - ok
10:41:58.0397 0x079c [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
10:41:58.0444 0x079c WfpLwf - ok
10:41:58.0490 0x079c [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
10:41:58.0506 0x079c WIMMount - ok
10:41:58.0600 0x079c WinDefend - ok
10:41:58.0631 0x079c WinHttpAutoProxySvc - ok
10:41:58.0724 0x079c [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:41:58.0787 0x079c Winmgmt - ok
10:41:58.0927 0x079c [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\Windows\system32\WsmSvc.dll
10:41:59.0208 0x079c WinRM - ok
10:41:59.0395 0x079c [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
10:41:59.0489 0x079c WinUsb - ok
10:41:59.0536 0x079c [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
10:41:59.0770 0x079c Wlansvc - ok
10:41:59.0879 0x079c [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
10:42:00.0004 0x079c WmiAcpi - ok
10:42:00.0050 0x079c [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:42:00.0144 0x079c wmiApSrv - ok
10:42:00.0238 0x079c WMPNetworkSvc - ok
10:42:00.0300 0x079c [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:42:00.0472 0x079c WPCSvc - ok
10:42:00.0550 0x079c [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:42:00.0628 0x079c WPDBusEnum - ok
10:42:00.0768 0x079c [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:42:00.0815 0x079c ws2ifsl - ok
10:42:01.0158 0x079c [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
10:42:01.0189 0x079c wscsvc - ok
10:42:01.0205 0x079c WSearch - ok
10:42:01.0345 0x079c [ 499034D7F1F6AF49F9EE12F8822793CB, 55D591C4861AF66C6B9201BF78808B2ECE7B79D95C6BB07FF0ED87EFE63DD99E ] wuauserv C:\Windows\system32\wuaueng.dll
10:42:01.0626 0x079c wuauserv - ok
10:42:01.0688 0x079c [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:42:01.0922 0x079c WudfPf - ok
10:42:01.0985 0x079c [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:42:02.0266 0x079c WUDFRd - ok
10:42:02.0344 0x079c [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:42:02.0422 0x079c wudfsvc - ok
10:42:02.0546 0x079c [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
10:42:02.0640 0x079c WwanSvc - ok
10:42:02.0702 0x079c [ E8F3FA126A06F8E7088F63757112A186, FC742ECA6DD823C5B17A514EC4473F65EE290FA6501370675B3628FD881A1C4B ] XAudio C:\Windows\system32\DRIVERS\XAudio64.sys
10:42:02.0921 0x079c XAudio - ok
10:42:03.0139 0x079c [ 74983ADDCA2D9618512C088D856D6615, C4592EFC1206BD813221814FD529AD38ED26E4AE086613EB95D3D5E20448A1F0 ] {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl
10:42:03.0170 0x079c {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} - ok
10:42:03.0186 0x079c ================ Scan global ===============================
10:42:03.0311 0x079c [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
10:42:03.0451 0x079c [ E80CA72FA43BF258E72C408CEF9839BE, 06482E80F43AD91F4B9E5919A0C50219382213D59EACF9FBAE7AFD7A321F30D2 ] C:\Windows\system32\winsrv.dll
10:42:03.0545 0x079c [ E80CA72FA43BF258E72C408CEF9839BE, 06482E80F43AD91F4B9E5919A0C50219382213D59EACF9FBAE7AFD7A321F30D2 ] C:\Windows\system32\winsrv.dll
10:42:03.0670 0x079c [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
10:42:03.0748 0x079c [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
10:42:03.0857 0x079c [ Global ] - ok
10:42:03.0857 0x079c ================ Scan MBR ==================================
10:42:03.0888 0x079c [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:42:06.0446 0x079c \Device\Harddisk0\DR0 - ok
10:42:06.0446 0x079c [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
10:42:06.0836 0x079c \Device\Harddisk1\DR1 - ok
10:42:06.0836 0x079c ================ Scan VBR ==================================
10:42:06.0852 0x079c [ 079879B8503BB267BDEBEE98A248E0A0 ] \Device\Harddisk0\DR0\Partition1
10:42:06.0946 0x079c \Device\Harddisk0\DR0\Partition1 - ok
10:42:06.0977 0x079c [ 7D4FEA96BE11920B629A853F0BFB21BC ] \Device\Harddisk0\DR0\Partition2
10:42:06.0977 0x079c \Device\Harddisk0\DR0\Partition2 - ok
10:42:07.0024 0x079c [ 2B045A3C7BE58396E9277921471FE436 ] \Device\Harddisk0\DR0\Partition3
10:42:07.0429 0x079c \Device\Harddisk0\DR0\Partition3 - ok
10:42:07.0461 0x079c [ C17084998509C0F1993197D1E605A7A2 ] \Device\Harddisk0\DR0\Partition4
10:42:07.0507 0x079c \Device\Harddisk0\DR0\Partition4 - ok
10:42:07.0523 0x079c [ 476705CC50541DDDED766CE1CB66C4D1 ] \Device\Harddisk1\DR1\Partition1
10:42:07.0523 0x079c \Device\Harddisk1\DR1\Partition1 - ok
10:42:07.0523 0x079c ================ Scan generic autorun ======================
10:42:07.0897 0x079c [ 910AFE116ADE17C93E892C38452075F9, E9CBFCF0549CACAC9B40BB67454548F996F1856AAF568D751015A3158F47043A ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
10:42:08.0100 0x079c RtHDVCpl - ok
10:42:08.0256 0x079c [ 0C4F4CFFA3A613D175BB25728514C0C4, 6CE71BF4CDD6F954AABDACD716A7716D28E737D328C88AE53C5501D8BD5191F6 ] C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
10:42:08.0303 0x079c Acer ePower Management - ok
10:42:08.0303 0x079c NvCplDaemon - ok
10:42:08.0303 0x079c SynTPEnh - ok
10:42:08.0459 0x079c [ 20E044420B9A2263E990A2C2DF0983F3, CE306F307ED163FA3E7E2B24678EFB5A17BF7AE66DADDB858340B92C30EB2577 ] C:\Program Files (x86)\Launch Manager\LManager.exe
10:42:08.0506 0x079c LManager - ok
10:42:08.0615 0x079c [ 5AEA1DB5490429EEB0989A0CE2A52D5E, E854757921398BFDE6F2E1F4359CBDFCEEE36B645F435D4D039DF73669E488BF ] C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
10:42:08.0631 0x079c BackupManagerTray - ok
10:42:08.0662 0x079c [ 28FD28A29C637C9AFEFE0A26E27C6DFE, A490ADCD7BC9863B6E8773CADFDE6CA58A0743CD64C39D14AF380B18ABDEC003 ] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
10:42:08.0677 0x079c RemoteControl8 - ok
10:42:08.0755 0x079c [ F8270CFD51F9D6BF42140FA4071C83FE, B7AAF6B13C01CB6B94DEABBDD40249A6D298DD4BCBE2921D8E332F88ED3B754A ] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe
10:42:08.0771 0x079c PDVD8LanguageShortcut - ok
10:42:08.0802 0x079c [ 7202962FCA773830828910E5E9C8B797, 7662618CB14C3DBA8599764A74BA96B267A7A31247978C5258DA150753C3747F ] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
10:42:08.0818 0x079c BDRegion - ok
10:42:08.0958 0x079c [ 12673BCF7B32087DF63F0CFF550EA40B, 5985A7902B39BD08B6F0BD96AF5A98D466E4E54CDDA69CCB56767FA5C78085D1 ] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
10:42:08.0974 0x079c Adobe Reader Speed Launcher - ok
10:42:09.0099 0x079c [ BAD6BEA0DE1F69C82BDB74378CE0C20A, ADA84B75173E9D03C180B527E31475ACA16CB19532C3EDA11357BD37049927E3 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
10:42:09.0177 0x079c Adobe ARM - ok
10:42:09.0208 0x079c [ 93DB1FF92B03D24738A71E6E4992DFD3, 56951284A1BBF201806A1A5610D6316DA33FC92A4E7DA5A989FD7C7FE2F7672C ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
10:42:09.0239 0x079c SunJavaUpdateSched - ok
10:42:09.0442 0x079c NavRegReminder - ok
10:42:09.0551 0x079c [ 76A3A30B58405C2C6D833895253A51A9, 9EC13191F3938E0E63A5594687A7D93E0C5A77FB54BCFEBD3855719EA62262F8 ] C:\Program Files (x86)\QuickTime\qttask.exe
10:42:09.0598 0x079c QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
10:42:12.0593 0x079c Detect skipped due to KSN trusted
10:42:12.0593 0x079c QuickTime Task - ok
10:42:12.0983 0x079c [ 7EE68A122ED08E4AAD8DA551E34D2515, B3C9AB270AF595D3DBAFBF4A312B96CBF00C16F0A03CCC86BE56825CD1EB7143 ] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
10:42:13.0108 0x079c SDTray - ok
10:42:13.0295 0x079c [ 07761DE4451878A20690B5BDD3934123, D8C0FD64B592660AF4994E701E77F16B4DBC9034E2D2EC7A8BA817DF4AE1192E ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
10:42:13.0326 0x079c avgnt - ok
10:42:13.0435 0x079c [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
10:42:13.0623 0x079c Sidebar - ok
10:42:13.0701 0x079c [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
10:42:13.0732 0x079c mctadmin - ok
10:42:13.0810 0x079c [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
10:42:13.0857 0x079c Sidebar - ok
10:42:13.0888 0x079c [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
10:42:13.0903 0x079c mctadmin - ok
10:42:14.0278 0x079c [ EB3FC00CB2703FDA6081B4ED33C943F0, 256D8083ED18F80C9871FC1B4E146E33692989F673F5FE45A9C648BB66218991 ] C:\Users\Juli\AppData\Roaming\Spotify\SpotifyWebHelper.exe
10:42:14.0356 0x079c Spotify Web Helper - ok
10:42:14.0387 0x079c swg - ok
10:42:14.0387 0x079c Waiting for KSN requests completion. In queue: 17
10:42:15.0401 0x079c Waiting for KSN requests completion. In queue: 17
10:42:16.0415 0x079c Waiting for KSN requests completion. In queue: 17
10:42:17.0429 0x079c Waiting for KSN requests completion. In queue: 17
10:42:18.0677 0x079c AV detected via SS2: Avira Desktop, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 12.3.0.15 ), 0x41000 ( enabled : updated )
10:42:18.0864 0x079c Win FW state via NFP2: enabled ( trusted )
10:42:21.0657 0x079c ============================================================
10:42:21.0657 0x079c Scan finished
10:42:21.0657 0x079c ============================================================
10:42:21.0657 0x1268 Detected object count: 0
10:42:21.0657 0x1268 Actual detected object count: 0
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.9.2.1008
www.malwarebytes.org
Database version:
main: v2015.09.03.02
rootkit: v2015.08.16.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17959
Juli :: JULI-PC [administrator]
03.09.2015 08:59:54
mbar-log-2015-09-03 (08-59-54).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 412707
Time elapsed: 35 minute(s), 14 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 1
HKLM\SOFTWARE\CLASSES\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\INPROCSERVER32| (Trojan.0Access) -> Bad: (C:\$Recycle.Bin\S-1-5-18\$a27aeda80de6706d5c57228b2534e92f\n.) Good: (fastprox.dll) -> Replace on reboot. [0e708c9feba0b383478776e7b055b14f]
Folders Detected: 6
C:\$Recycle.Bin\S-1-5-18\$a27aeda80de6706d5c57228b2534e92f\U (Trojan.Siredef.C) -> Delete on reboot. [1965fc2fbbd05adc6fb8a859cb35c838]
C:\$Recycle.Bin\S-1-5-21-316069657-1248085923-330337535-1000\$a27aeda80de6706d5c57228b2534e92f\U (Trojan.Siredef.C) -> Delete on reboot. [38465bd0e3a8d46275b25da47d83da26]
C:\$Recycle.Bin\S-1-5-18\$a27aeda80de6706d5c57228b2534e92f\L (Trojan.Siredef.C) -> Delete on reboot. [7c023bf00c7f6ec8b376e21f649cfd03]
C:\$Recycle.Bin\S-1-5-21-316069657-1248085923-330337535-1000\$a27aeda80de6706d5c57228b2534e92f\L (Trojan.Siredef.C) -> Delete on reboot. [136bcc5fdcaff73fde4b4ab7df21ae52]
C:\$Recycle.Bin\S-1-5-18\$a27aeda80de6706d5c57228b2534e92f (Trojan.Siredef.C) -> Delete on reboot. [df9f49e22665e650ac7ecc35b050b947]
C:\$Recycle.Bin\S-1-5-21-316069657-1248085923-330337535-1000\$a27aeda80de6706d5c57228b2534e92f (Trojan.Siredef.C) -> Delete on reboot. [522c31fa7a11d16543e7837ed52b5da3]
Files Detected: 2
C:\$Recycle.Bin\S-1-5-18\$a27aeda80de6706d5c57228b2534e92f\@ (Trojan.Siredef.C) -> Delete on reboot. [6717b6753d4e979f160e0df4f50b0ff1]
C:\$Recycle.Bin\S-1-5-21-316069657-1248085923-330337535-1000\$a27aeda80de6706d5c57228b2534e92f\@ (Trojan.Siredef.C) -> Delete on reboot. [f48a9b900a81ed49091bb849a957af51]
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.9.2.1008
www.malwarebytes.org
Database version:
main: v2015.09.03.02
rootkit: v2015.08.16.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17959
Juli :: JULI-PC [administrator]
03.09.2015 09:47:14
mbar-log-2015-09-03 (09-47-14).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 411061
Time elapsed: 37 minute(s), 57 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
|
|
03.09.2015, 18:23
| #4 |
| /// the machine /// TB-Ausbilder | Trojaner von Avira gefunden (EXP/Java.HLP.CJ und TR/ATRAPS.Gen2). Windows 7 64 Bit hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
03.09.2015, 21:18
| #5 |
| | Trojaner von Avira gefunden (EXP/Java.HLP.CJ und TR/ATRAPS.Gen2). Windows 7 64 Bit Hi, hier der Logfile von Combofix Code:
ATTFilter ComboFix 15-09-03.01 - Juli 03.09.2015 21:34:53.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4094.1822 [GMT 2:00]
ausgeführt von:: c:\users\Juli\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\packardbell.ico
c:\users\Juli\AppData\Roaming\RasWin
c:\users\Juli\AppData\Roaming\RasWin\RasWin.flg
c:\users\Juli\vlc-1.1.0-win32.exe
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-08-03 bis 2015-09-03 ))))))))))))))))))))))))))))))
.
.
2015-09-03 19:43 . 2015-09-03 19:43 -------- d-----w- c:\users\Juni\AppData\Local\temp
2015-09-03 19:43 . 2015-09-03 19:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-09-03 13:31 . 2015-08-20 02:18 11745192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6474CB54-90EA-43D1-8DA4-A786E64B5CA2}\mpengine.dll
2015-09-03 13:29 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2015-09-03 13:29 . 2013-05-27 05:50 571904 ----a-w- c:\program files\Windows Defender\MpClient.dll
2015-09-03 13:29 . 2013-05-27 05:50 314880 ----a-w- c:\program files\Windows Defender\MpCommu.dll
2015-09-03 13:29 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll
2015-09-03 13:29 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll
2015-09-03 13:29 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll
2015-09-03 13:29 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll
2015-09-03 06:59 . 2015-09-03 06:59 -------- d-----w- c:\programdata\Malwarebytes
2015-09-03 06:59 . 2015-09-03 19:20 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-09-03 06:59 . 2015-09-03 07:46 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-09-03 06:55 . 2015-09-03 07:43 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-09-02 16:08 . 2015-09-02 16:11 -------- d-----w- C:\FRST
2015-08-28 07:36 . 2015-08-28 07:36 -------- d-----w- c:\users\Juli\AppData\Roaming\Avira
2015-08-28 07:35 . 2015-08-28 11:23 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2015-08-28 07:35 . 2015-08-28 11:23 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2015-08-28 07:35 . 2011-10-11 13:00 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2015-08-28 07:35 . 2015-08-28 07:35 -------- d-----w- c:\programdata\Avira
2015-08-28 07:35 . 2015-08-28 07:35 -------- d-----w- c:\program files (x86)\Avira
2015-08-20 19:45 . 2015-08-11 01:20 25191936 ----a-w- c:\windows\system32\mshtml.dll
2015-08-20 19:45 . 2015-08-11 01:14 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2015-08-20 19:45 . 2015-08-11 00:33 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2015-08-20 13:52 . 2015-08-20 13:52 -------- d-----w- C:\usr
2015-08-12 17:37 . 2015-07-30 13:13 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 17:37 . 2015-07-30 13:13 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 16:40 . 2015-08-12 16:40 -------- d-----w- c:\users\Juli\AppData\Local\CEF
2015-08-12 12:25 . 2015-07-28 20:05 774656 ----a-w- c:\windows\system32\invagent.dll
2015-08-12 12:25 . 2015-07-28 20:05 743424 ----a-w- c:\windows\system32\generaltel.dll
2015-08-12 12:25 . 2015-07-28 20:05 437760 ----a-w- c:\windows\system32\devinv.dll
2015-08-12 12:25 . 2015-07-28 20:05 1116672 ----a-w- c:\windows\system32\appraiser.dll
2015-08-12 12:25 . 2015-07-28 20:05 69120 ----a-w- c:\windows\system32\acmigration.dll
2015-08-12 12:25 . 2015-07-28 19:55 1148416 ----a-w- c:\windows\system32\aeinv.dll
2015-08-12 12:25 . 2015-07-28 20:09 17344 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-08-12 12:25 . 2015-07-28 20:05 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-08-12 12:25 . 2015-07-15 18:15 5568960 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-08-12 12:25 . 2015-07-15 18:12 1730496 ----a-w- c:\windows\system32\ntdll.dll
2015-08-12 12:25 . 2015-07-15 18:10 1163264 ----a-w- c:\windows\system32\kernel32.dll
2015-08-12 12:25 . 2015-07-15 17:59 3934656 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-08-12 12:23 . 2015-07-01 20:49 260096 ----a-w- c:\windows\system32\WebClnt.dll
2015-08-12 12:22 . 2015-05-09 18:26 493504 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll
2015-08-09 11:14 . 2013-09-20 08:49 21040 ----a-w- c:\windows\system32\sdnclean64.exe
2015-08-09 11:14 . 2015-08-09 11:16 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2015-08-09 11:14 . 2015-08-28 07:39 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2015-08-06 15:16 . 2015-08-06 15:16 -------- d-----w- c:\users\Juli\AppData\Local\Apple Computer
2015-08-06 15:16 . 2015-08-31 19:38 -------- d-----w- c:\users\Juli\AppData\Roaming\Apple Computer
2015-08-06 15:16 . 2015-08-06 15:16 -------- d-----w- c:\programdata\Apple Computer
2015-08-06 15:14 . 2015-08-06 15:14 -------- d-----w- c:\users\Juli\AppData\Local\Apple
2015-08-06 15:14 . 2015-08-06 15:14 -------- d-----w- c:\program files (x86)\Apple Software Update
2015-08-06 15:14 . 2015-08-06 15:14 -------- d-----w- c:\program files\Bonjour
2015-08-06 15:14 . 2015-08-06 15:14 -------- d-----w- c:\program files (x86)\Bonjour
2015-08-06 15:14 . 2015-08-06 15:16 -------- d-----w- c:\program files\Common Files\Apple
2015-08-06 15:13 . 2015-08-06 15:14 -------- d-----w- c:\programdata\Apple
2015-08-06 15:13 . 2015-08-06 15:14 -------- d-----w- c:\program files (x86)\Common Files\Apple
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-12 17:16 . 2011-11-07 14:00 132483416 ----a-w- c:\windows\system32\MRT.exe
2015-08-12 14:43 . 2012-12-30 14:47 778440 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-08-12 14:43 . 2012-12-30 14:47 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-15 17:54 . 2015-08-12 12:24 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-07-04 18:07 . 2015-07-15 11:59 2087424 ----a-w- c:\windows\system32\ole32.dll
2015-07-04 17:48 . 2015-07-15 11:59 1414656 ----a-w- c:\windows\SysWow64\ole32.dll
2015-06-23 23:29 . 2015-06-23 23:29 1217192 ----a-w- c:\windows\SysWow64\FM20.DLL
2015-06-23 11:30 . 2010-06-20 15:55 300704 ------w- c:\windows\system32\MpSigStub.exe
2015-06-17 17:47 . 2015-07-15 12:00 404992 ----a-w- c:\windows\system32\gdi32.dll
2015-06-17 17:37 . 2015-07-15 12:00 312320 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-06-15 21:50 . 2015-07-15 11:59 112064 ----a-w- c:\windows\system32\consent.exe
2015-06-15 21:45 . 2015-07-15 11:59 3242496 ----a-w- c:\windows\system32\msi.dll
2015-06-15 21:45 . 2015-07-15 11:59 504320 ----a-w- c:\windows\system32\msihnd.dll
2015-06-15 21:45 . 2015-07-15 11:59 70656 ----a-w- c:\windows\system32\appinfo.dll
2015-06-15 21:45 . 2015-07-15 11:59 1941504 ----a-w- c:\windows\system32\authui.dll
2015-06-15 21:44 . 2015-07-15 11:59 128000 ----a-w- c:\windows\system32\msiexec.exe
2015-06-15 21:43 . 2015-07-15 11:59 337408 ----a-w- c:\windows\SysWow64\msihnd.dll
2015-06-15 21:43 . 2015-07-15 11:59 2364416 ----a-w- c:\windows\SysWow64\msi.dll
2015-06-15 21:43 . 2015-07-15 11:59 1805824 ----a-w- c:\windows\SysWow64\authui.dll
2015-06-15 21:42 . 2015-07-15 11:59 73216 ----a-w- c:\windows\SysWow64\msiexec.exe
2015-06-15 21:42 . 2015-07-15 11:59 25088 ----a-w- c:\windows\system32\msimsg.dll
2015-06-15 21:37 . 2015-07-15 11:59 25088 ----a-w- c:\windows\SysWow64\msimsg.dll
2015-06-10 21:08 . 2015-06-10 21:08 6112072 ----a-w- c:\windows\system32\usbaaplrc.dll
2015-06-10 21:08 . 2015-06-10 21:08 54784 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:09 131480 ----a-w- c:\users\Juli\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:09 131480 ----a-w- c:\users\Juli\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:09 131480 ----a-w- c:\users\Juli\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Juli\AppData\Roaming\Spotify\SpotifyWebHelper.exe" [2015-08-25 2018360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-18 1157640]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" [2009-08-21 262912]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2009-07-07 75048]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" [2014-12-12 98304]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2014-06-24 4101576]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2015-08-28 348664]
.
c:\users\Juli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
de_cleaner_kaspersky.lnk - c:\users\Juli\Desktop\Sonstiges\verschiedenes\DE-Cleaner powered by Kaspersky\de_cleaner_kaspersky\startup.exe "c:\users\Juli\Desktop\DE-Cleaner powered by Kaspersky\de_cleaner_kaspersky\de_cleaner_kaspersky.exe" -gui -bl [2011-6-6 72208]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
R3 BthAvrcp;Bluetooth-AVRCP-Profil;c:\windows\system32\DRIVERS\BthAvrcp.sys;c:\windows\SYSNATIVE\DRIVERS\BthAvrcp.sys [x]
R3 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S0 75168102;75168102 Boot Guard Driver;c:\windows\system32\DRIVERS\75168102.sys;c:\windows\SYSNATIVE\DRIVERS\75168102.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 75168101;75168101;c:\windows\system32\DRIVERS\75168101.sys;c:\windows\SYSNATIVE\DRIVERS\75168101.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 de_cleaner_kasperskydrv;de_cleaner_kasperskydrv;c:\windows\system32\DRIVERS\7516810.sys;c:\windows\SYSNATIVE\DRIVERS\7516810.sys [x]
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/06/20 17:05];c:\program files (x86)\CyberLink\PowerDVD8\000.fcl;c:\program files (x86)\CyberLink\PowerDVD8\000.fcl [x]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [x]
S2 Greg_Service;GRegService;c:\program files (x86)\Packard Bell\Registration\GregHSRW.exe;c:\program files (x86)\Packard Bell\Registration\GregHSRW.exe [x]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [x]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5v64.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2015-09-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-30 14:43]
.
2015-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-20 18:34]
.
2015-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-20 18:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\Juli\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\Juli\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\Juli\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\Juli\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2009-08-06 828960]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-28 16334880]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1 192.168.0.2
TCP: Interfaces\{53EE9F0E-DC76-4C0D-A8FB-271F8A83D394}: NameServer = 192.168.178.1
FF - ProfilePath - c:\users\Juli\AppData\Roaming\Mozilla\Firefox\Profiles\be74m3z6.default\
FF - ExtSQL: !HIDDEN! 2014-10-01 19:34; cliqz@cliqz.com; c:\users\Juli\AppData\Roaming\Mozilla\Firefox\Profiles\be74m3z6.default\extensions\cliqz@cliqz.com
.
.
------- Dateityp-Verknüpfung -------
.
.scr=RasWin.Script
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-NavRegReminder - c:\windows\temp\NavBrowser.exe
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-abitour - f:\abitour\Uninstal.exe
AddRemove-Adobe Acrobat 5.0 - c:\windows\ISUN0407.EXE
AddRemove-Perfect Effects Free 9 - c:\windows\sysnative\wscript.exe
AddRemove-{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1 - c:\users\Juli\AppData\Roaming\Mozilla\Firefox\Profiles\be74m3z6.default\extensions\cliqz@cliqz.com\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD8\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.18"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-09-03 21:47:45
ComboFix-quarantined-files.txt 2015-09-03 19:47
.
Vor Suchlauf: 16 Verzeichnis(se), 29.050.040.320 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 28.821.041.152 Bytes frei
.
- - End Of File - - 6EBC0BAFCD06DF2AA183CDD0438E9CD6
A36C5E4F47E84449FF07ED3517B43A31
|
|
04.09.2015, 17:47
| #6 |
| /// the machine /// TB-Ausbilder | Trojaner von Avira gefunden (EXP/Java.HLP.CJ und TR/ATRAPS.Gen2). Windows 7 64 Bit Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Trojaner von Avira gefunden (EXP/Java.HLP.CJ und TR/ATRAPS.Gen2). Windows 7 64 Bit |
|
06.09.2015, 11:33
| #7 |
| | Trojaner von Avira gefunden (EXP/Java.HLP.CJ und TR/ATRAPS.Gen2). Windows 7 64 Bit Hi, hier die Logfiles: MBAM Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 05.09.2015 Suchlaufzeit: 12:16 Protokolldatei: mbamlog.txt Administrator: Ja Version: 2.1.8.1057 Malware-Datenbank: v2015.09.05.03 Rootkit-Datenbank: v2015.08.16.01 Lizenz: Testversion Malware-Schutz: Aktiviert Schutz vor bösartigen Websites: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Juli Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 424197 Abgelaufene Zeit: 24 Min., 58 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswerte: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 0 (keine bösartigen Elemente erkannt) Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v5.005 - Bericht erstellt am 05/09/2015 um 13:06:53
# Aktualisiert am 31/08/2015 von Xplode
# Datenbank : 2015-09-04.4 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Juli - JULI-PC
# Gestartet von : C:\Users\Juli\Downloads\AdwCleaner_5.005(1).exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum
***** [ Dienste ] *****
[-] Dienst Gelöscht : 75168101
[-] Dienst Gelöscht : 75168102
***** [ Ordner ] *****
[-] Ordner Gelöscht : C:\ProgramData\Partner
***** [ Dateien ] *****
***** [ Verknüpfungen ] *****
***** [ Geplante Tasks ] *****
***** [ Registrierungsdatenbank ] *****
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
[-] Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
[-] Schlüssel Gelöscht : HKCU\Software\ICQ\ICQToolbar
[-] Schlüssel Gelöscht : HKCU\Software\OCS
[-] Schlüssel Gelöscht : HKCU\Software\Softonic
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\ICQ\ICQToolbar
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
[!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\ICQ\ICQToolbar
[!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\OCS
[!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\Softonic
[!] Daten Nicht Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
[!] Daten Nicht Wiederhergestellt : HKU\S-1-5-21-316069657-1248085923-330337535-1000\Software\Microsoft\Internet Explorer\Main [ICQ Search]
***** [ Internetbrowser ] *****
*************************
:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2073 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.0 (08.31.2015:1)
OS: Windows 7 Home Premium x64
Ran by Juli on 05.09.2015 at 19:48:20,44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Juli\AppData\Roaming\mozilla\firefox\profiles\be74m3z6.default\minidumps [1199 files]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05.09.2015 at 19:54:46,95
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:31-08-2015 durchgeführt von Juli (Administrator) auf JULI-PC (06-09-2015 12:23:12) Gestartet von C:\Users\Juli\Downloads Geladene Profile: Juli (Verfügbare Profile: Juli & Juni) Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe (Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Acer) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Spotify Ltd) C:\Users\Juli\AppData\Roaming\Spotify\SpotifyWebHelper.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Computer, Inc.) C:\Program Files (x86)\QuickTime\qttask.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor) HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [828960 2009-08-06] (Acer Incorporated) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated) HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1157640 2009-08-18] (Dritek System Inc.) HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe [262912 2009-08-21] (NewTech Infosystems, Inc.) HKLM-x32\...\Run: [RemoteControl8] => C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.) HKLM-x32\...\Run: [PDVD8LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.) HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2009-07-07] (cyberlink) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2010-09-23] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-09-20] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\qttask.exe [98304 2014-12-12] (Apple Computer, Inc.) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [348664 2015-08-28] (Avira Operations GmbH & Co. KG) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-316069657-1248085923-330337535-1000\...\Run: [Spotify Web Helper] => C:\Users\Juli\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-08-25] (Spotify Ltd) Startup: C:\Users\Juli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\de_cleaner_kaspersky.lnk [2011-06-06] ShortcutTarget: de_cleaner_kaspersky.lnk -> C:\Users\Juli\Desktop\Sonstiges\verschiedenes\DE-Cleaner powered by Kaspersky\de_cleaner_kaspersky\startup.exe () Startup: C:\Users\Juli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2011-05-29] ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2 Tcpip\..\Interfaces\{53EE9F0E-DC76-4C0D-A8FB-271F8A83D394}: [NameServer] 192.168.178.1 Tcpip\..\Interfaces\{EDEDC91C-66CE-4780-8FCD-F6E838488141}: [DhcpNameServer] 192.168.0.1 192.168.0.2 Internet Explorer: ================== HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-316069657-1248085923-330337535-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-316069657-1248085923-330337535-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch URLSearchHook: HKU\S-1-5-21-316069657-1248085923-330337535-1000 -> Standard = {855F3B16-6D32-4fe6-8A56-BBB695989046} SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW SearchScopes: HKU\S-1-5-21-316069657-1248085923-330337535-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_deDE384 SearchScopes: HKU\S-1-5-21-316069657-1248085923-330337535-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_deDE384 BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-09-22] (Adobe Systems Incorporated) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22] (Adobe Systems Incorporated) BHO-x32: Kein Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> Keine Datei BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation) BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-08-16] (Skype Technologies S.A.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-05-29] (Sun Microsystems, Inc.) DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll [2009-02-06] (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll [2009-02-06] (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-08-16] (Skype Technologies S.A.) FireFox: ======== FF ProfilePath: C:\Users\Juli\AppData\Roaming\Mozilla\Firefox\Profiles\be74m3z6.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-12] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-05-29] (Sun Microsystems, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8064.0206 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-02-06] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-27] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-27] (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-12-12] (Apple Computer, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-12-12] (Apple Computer, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-12-12] (Apple Computer, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-12-12] (Apple Computer, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-12-12] (Apple Computer, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2014-12-12] (Apple Computer, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2014-12-12] (Apple Computer, Inc.) FF SearchPlugin: C:\Users\Juli\AppData\Roaming\Mozilla\Firefox\Profiles\be74m3z6.default\searchplugins\duckduckgo.xml [2014-07-22] FF Extension: Ghostery - C:\Users\Juli\AppData\Roaming\Mozilla\Firefox\Profiles\be74m3z6.default\Extensions\firefox@ghostery.com.xpi [2013-10-15] FF Extension: Adblock Plus - C:\Users\Juli\AppData\Roaming\Mozilla\Firefox\Profiles\be74m3z6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-01-04] FF Extension: Click to call with Skype - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-08-12] FF HKU\S-1-5-21-316069657-1248085923-330337535-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Juli\AppData\Roaming\Mozilla\Firefox\Profiles\be74m3z6.default\extensions\cliqz@cliqz.com ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2015-08-28] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2015-08-28] (Avira Operations GmbH & Co. KG) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.) R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [844320 2009-08-06] (Acer Incorporated) S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2010-06-20] (Macrovision Europe Ltd.) [Datei ist nicht signiert] R2 Greg_Service; C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe [1150496 2009-06-04] (Acer Incorporated) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) S3 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [62720 2009-08-21] (NewTech Infosystems, Inc.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) R2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [240160 2009-07-04] (Acer) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2015-08-28] (Avira GmbH) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2015-08-28] (Avira GmbH) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2011-10-11] (Avira GmbH) S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (CSR, plc) R1 de_cleaner_kasperskydrv; C:\Windows\System32\DRIVERS\7516810.sys [352784 2009-10-09] (Kaspersky Lab) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-06] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation) R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [146928 2009-07-07] (CyberLink Corp.) S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-09-06 11:42 - 2015-09-06 11:59 - 00000000 ____D C:\Users\Juli\Desktop\Neuer Ordner 2015-09-06 11:17 - 2015-09-06 11:17 - 00000000 ___RD C:\Users\Juli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8 2015-09-05 20:23 - 2015-09-05 20:23 - 00000841 _____ C:\Users\Juli\Desktop\JRT2.txt 2015-09-05 19:54 - 2015-09-05 19:54 - 00000841 _____ C:\Users\Juli\Desktop\JRT.txt 2015-09-05 19:47 - 2015-09-05 19:47 - 01799392 _____ (Malwarebytes Corporation) C:\Users\Juli\Downloads\JRT_7600(2).exe 2015-09-05 19:46 - 2015-09-05 19:46 - 01799392 _____ (Malwarebytes Corporation) C:\Users\Juli\Downloads\JRT_7600(1).exe 2015-09-05 13:16 - 2015-09-06 11:54 - 00000000 ____D C:\Users\Juli\Desktop\Pferdis, 03.09.15 2015-09-05 13:13 - 2015-09-05 13:13 - 01799392 _____ (Malwarebytes Corporation) C:\Users\Juli\Downloads\JRT_7600.exe 2015-09-05 13:12 - 2015-09-05 13:12 - 00002164 _____ C:\Users\Juli\Desktop\AdwCleaner[C1].txt 2015-09-05 13:05 - 2015-09-05 13:05 - 01654272 _____ C:\Users\Juli\Downloads\AdwCleaner_5.005(1).exe 2015-09-05 13:02 - 2015-09-05 13:06 - 00000000 ____D C:\AdwCleaner 2015-09-05 13:00 - 2015-09-05 13:00 - 01654272 _____ C:\Users\Juli\Downloads\AdwCleaner_5.005.exe 2015-09-05 12:13 - 2015-09-05 12:13 - 00001114 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-09-05 12:13 - 2015-09-05 12:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-09-05 12:13 - 2015-09-05 12:13 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-09-05 12:13 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-09-05 12:13 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-09-05 12:11 - 2015-09-05 12:11 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Juli\Downloads\mbam-setup-2.1.8.1057.exe 2015-09-03 23:16 - 2015-09-03 23:16 - 00026467 _____ C:\Users\Juli\Desktop\combofix.txt 2015-09-03 21:47 - 2015-09-03 21:47 - 00026467 _____ C:\ComboFix.txt 2015-09-03 21:31 - 2015-09-03 21:47 - 00000000 ____D C:\Qoobox 2015-09-03 21:31 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe 2015-09-03 21:31 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe 2015-09-03 21:31 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-09-03 21:31 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-09-03 21:31 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-09-03 21:31 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe 2015-09-03 21:31 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe 2015-09-03 21:31 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe 2015-09-03 21:30 - 2015-09-03 21:45 - 00000000 ____D C:\Windows\erdnt 2015-09-03 21:27 - 2015-09-03 21:28 - 05635231 ____R (Swearware) C:\Users\Juli\Downloads\ComboFix.exe 2015-09-03 10:38 - 2015-09-03 10:38 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Juli\Downloads\tdsskiller.exe 2015-09-03 08:59 - 2015-09-06 12:22 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-09-03 08:59 - 2015-09-05 12:50 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-09-03 08:59 - 2015-09-05 12:13 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-09-03 08:55 - 2015-09-03 10:34 - 00000000 ____D C:\Users\Juli\Desktop\mbar 2015-09-03 08:55 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-09-03 08:50 - 2015-09-03 08:51 - 16563304 _____ (Malwarebytes Corp.) C:\Users\Juli\Desktop\mbar-1.09.2.1008.exe 2015-09-02 22:45 - 2015-09-02 22:45 - 586310020 _____ C:\Windows\MEMORY.DMP 2015-09-02 22:45 - 2015-09-02 22:45 - 00471832 _____ C:\Windows\Minidump\090215-21044-01.dmp 2015-09-02 18:22 - 2015-09-02 18:22 - 00005772 _____ C:\Users\Juli\Downloads\GMER.txt 2015-09-02 18:14 - 2015-09-02 18:14 - 00058536 _____ C:\Users\Juli\Desktop\FRST.txt 2015-09-02 18:14 - 2015-09-02 18:14 - 00037908 _____ C:\Users\Juli\Desktop\Addition.txt 2015-09-02 18:13 - 2015-09-02 18:13 - 00380416 _____ C:\Users\Juli\Downloads\Gmer-19357.exe 2015-09-02 18:09 - 2015-09-02 18:11 - 00037908 _____ C:\Users\Juli\Downloads\Addition.txt 2015-09-02 18:08 - 2015-09-06 12:23 - 00018259 _____ C:\Users\Juli\Downloads\FRST.txt 2015-09-02 18:08 - 2015-09-06 12:23 - 00000000 ____D C:\FRST 2015-09-02 18:07 - 2015-09-02 18:08 - 02188800 _____ (Farbar) C:\Users\Juli\Downloads\FRST64.exe 2015-09-02 18:06 - 2015-09-02 18:06 - 00000470 _____ C:\Users\Juli\Downloads\defogger_disable.log 2015-09-02 18:06 - 2015-09-02 18:06 - 00000000 _____ C:\Users\Juli\defogger_reenable 2015-09-02 18:04 - 2015-09-02 18:04 - 00050477 _____ C:\Users\Juli\Downloads\Defogger.exe 2015-09-02 17:18 - 2015-09-02 17:19 - 00000000 ____D C:\Users\Juli\Desktop\PraktikumPflanze1 2015-08-31 22:47 - 2015-08-31 22:50 - 155835672 _____ (Apple Inc.) C:\Users\Juli\Downloads\iTunes6464Setup(1).exe 2015-08-28 09:36 - 2015-08-28 09:36 - 00000000 ____D C:\Users\Juli\AppData\Roaming\Avira 2015-08-28 09:35 - 2015-08-28 13:23 - 00132832 _____ (Avira GmbH) C:\Windows\system32\Drivers\avipbb.sys 2015-08-28 09:35 - 2015-08-28 13:23 - 00098848 _____ (Avira GmbH) C:\Windows\system32\Drivers\avgntflt.sys 2015-08-28 09:35 - 2015-08-28 09:35 - 00002078 _____ C:\Users\Public\Desktop\Avira Control Center.lnk 2015-08-28 09:35 - 2015-08-28 09:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-08-28 09:35 - 2015-08-28 09:35 - 00000000 ____D C:\ProgramData\Avira 2015-08-28 09:35 - 2015-08-28 09:35 - 00000000 ____D C:\Program Files (x86)\Avira 2015-08-28 09:35 - 2011-10-11 15:00 - 00027760 _____ (Avira GmbH) C:\Windows\system32\Drivers\avkmgr.sys 2015-08-28 09:32 - 2009-06-10 23:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20150828-093233.backup 2015-08-26 10:56 - 2015-08-26 10:56 - 00002984 _____ C:\Users\Juli\Downloads\Wandervorschläge.html 2015-08-20 21:45 - 2015-08-11 03:20 - 25191936 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-08-20 21:45 - 2015-08-11 03:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-08-20 21:45 - 2015-08-11 02:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-08-20 21:45 - 2015-08-11 02:20 - 19871232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-08-20 15:52 - 2015-08-20 15:52 - 00000000 ____D C:\usr 2015-08-13 14:54 - 2015-09-05 13:09 - 00099108 _____ C:\Windows\PFRO.log 2015-08-12 19:37 - 2015-07-30 15:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-08-12 19:37 - 2015-07-30 15:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-08-12 18:40 - 2015-08-12 18:40 - 00000000 ____D C:\Users\Juli\AppData\Local\CEF 2015-08-12 16:11 - 2015-08-12 16:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-08-12 14:25 - 2015-07-28 22:09 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2015-08-12 14:25 - 2015-07-28 22:05 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-08-12 14:25 - 2015-07-28 22:05 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-08-12 14:25 - 2015-07-28 22:05 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-08-12 14:25 - 2015-07-28 22:05 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-08-12 14:25 - 2015-07-28 22:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-08-12 14:25 - 2015-07-28 22:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-08-12 14:25 - 2015-07-28 21:55 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-08-12 14:25 - 2015-07-15 20:15 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-08-12 14:25 - 2015-07-15 20:12 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-08-12 14:25 - 2015-07-15 20:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-08-12 14:25 - 2015-07-15 19:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-08-12 14:24 - 2015-07-21 02:39 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-08-12 14:24 - 2015-07-21 02:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-08-12 14:24 - 2015-07-16 22:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-08-12 14:24 - 2015-07-16 22:37 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-08-12 14:24 - 2015-07-16 22:36 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-08-12 14:24 - 2015-07-16 22:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-08-12 14:24 - 2015-07-16 22:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-08-12 14:24 - 2015-07-16 22:35 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-08-12 14:24 - 2015-07-16 22:35 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-08-12 14:24 - 2015-07-16 22:27 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-08-12 14:24 - 2015-07-16 22:26 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-08-12 14:24 - 2015-07-16 22:26 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-08-12 14:24 - 2015-07-16 22:23 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-08-12 14:24 - 2015-07-16 22:21 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-08-12 14:24 - 2015-07-16 22:21 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-08-12 14:24 - 2015-07-16 22:21 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-08-12 14:24 - 2015-07-16 22:21 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-08-12 14:24 - 2015-07-16 22:12 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-08-12 14:24 - 2015-07-16 22:08 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-08-12 14:24 - 2015-07-16 22:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-08-12 14:24 - 2015-07-16 21:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-08-12 14:24 - 2015-07-16 21:54 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-08-12 14:24 - 2015-07-16 21:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-08-12 14:24 - 2015-07-16 21:51 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-08-12 14:24 - 2015-07-16 21:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-08-12 14:24 - 2015-07-16 21:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-08-12 14:24 - 2015-07-16 21:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-08-12 14:24 - 2015-07-16 21:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-08-12 14:24 - 2015-07-16 21:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-08-12 14:24 - 2015-07-16 21:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-08-12 14:24 - 2015-07-16 21:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-08-12 14:24 - 2015-07-16 21:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-08-12 14:24 - 2015-07-16 21:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-08-12 14:24 - 2015-07-16 21:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-08-12 14:24 - 2015-07-16 21:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-08-12 14:24 - 2015-07-16 21:36 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-08-12 14:24 - 2015-07-16 21:35 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-08-12 14:24 - 2015-07-16 21:34 - 14451200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-08-12 14:24 - 2015-07-16 21:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-08-12 14:24 - 2015-07-16 21:32 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-08-12 14:24 - 2015-07-16 21:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-08-12 14:24 - 2015-07-16 21:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-08-12 14:24 - 2015-07-16 21:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-08-12 14:24 - 2015-07-16 21:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-08-12 14:24 - 2015-07-16 21:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-08-12 14:24 - 2015-07-16 21:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-08-12 14:24 - 2015-07-16 21:12 - 02427904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-08-12 14:24 - 2015-07-16 21:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-08-12 14:24 - 2015-07-16 21:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-08-12 14:24 - 2015-07-16 21:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-08-12 14:24 - 2015-07-16 21:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-08-12 14:24 - 2015-07-16 21:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-08-12 14:24 - 2015-07-16 20:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-08-12 14:24 - 2015-07-16 20:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-08-12 14:24 - 2015-07-16 20:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-08-12 14:24 - 2015-07-16 20:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-08-12 14:24 - 2015-07-15 20:15 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-08-12 14:24 - 2015-07-15 20:15 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-08-12 14:24 - 2015-07-15 20:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2015-08-12 14:24 - 2015-07-15 20:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-08-12 14:24 - 2015-07-15 20:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-08-12 14:24 - 2015-07-15 20:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-08-12 14:24 - 2015-07-15 20:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-08-12 14:24 - 2015-07-15 20:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-08-12 14:24 - 2015-07-15 20:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll 2015-08-12 14:24 - 2015-07-15 20:10 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-08-12 14:24 - 2015-07-15 20:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2015-08-12 14:24 - 2015-07-15 20:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-08-12 14:24 - 2015-07-15 20:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-08-12 14:24 - 2015-07-15 20:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-08-12 14:24 - 2015-07-15 20:10 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-08-12 14:24 - 2015-07-15 20:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-08-12 14:24 - 2015-07-15 20:10 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-08-12 14:24 - 2015-07-15 20:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-08-12 14:24 - 2015-07-15 20:10 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-08-12 14:24 - 2015-07-15 20:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-08-12 14:24 - 2015-07-15 20:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-08-12 14:24 - 2015-07-15 20:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-08-12 14:24 - 2015-07-15 20:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2015-08-12 14:24 - 2015-07-15 20:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-08-12 14:24 - 2015-07-15 20:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-08-12 14:24 - 2015-07-15 20:10 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-08-12 14:24 - 2015-07-15 20:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-08-12 14:24 - 2015-07-15 20:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-08-12 14:24 - 2015-07-15 20:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-08-12 14:24 - 2015-07-15 20:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll 2015-08-12 14:24 - 2015-07-15 20:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-08-12 14:24 - 2015-07-15 20:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-08-12 14:24 - 2015-07-15 20:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-08-12 14:24 - 2015-07-15 20:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-08-12 14:24 - 2015-07-15 20:00 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-08-12 14:24 - 2015-07-15 20:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-08-12 14:24 - 2015-07-15 20:00 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-08-12 14:24 - 2015-07-15 20:00 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-08-12 14:24 - 2015-07-15 20:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-08-12 14:24 - 2015-07-15 20:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-08-12 14:24 - 2015-07-15 20:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-08-12 14:24 - 2015-07-15 20:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-08-12 14:24 - 2015-07-15 20:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-08-12 14:24 - 2015-07-15 20:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-08-12 14:24 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-08-12 14:24 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-08-12 14:24 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-08-12 14:24 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-08-12 14:24 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-08-12 14:24 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-08-12 14:24 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-08-12 14:24 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-08-12 14:24 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-08-12 14:24 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-08-12 14:24 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-08-12 14:24 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-08-12 14:24 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-08-12 14:24 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-08-12 14:24 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-08-12 14:24 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-08-12 14:24 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-08-12 14:24 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-08-12 14:24 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-08-12 14:24 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-08-12 14:24 - 2015-07-15 19:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-08-12 14:24 - 2015-07-15 19:56 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-08-12 14:24 - 2015-07-15 19:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-08-12 14:24 - 2015-07-15 19:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-08-12 14:24 - 2015-07-15 19:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-08-12 14:24 - 2015-07-15 19:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-08-12 14:24 - 2015-07-15 19:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-08-12 14:24 - 2015-07-15 19:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-08-12 14:24 - 2015-07-15 19:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-08-12 14:24 - 2015-07-15 19:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-08-12 14:24 - 2015-07-15 19:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2015-08-12 14:24 - 2015-07-15 19:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-08-12 14:24 - 2015-07-15 19:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-08-12 14:24 - 2015-07-15 19:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-08-12 14:24 - 2015-07-15 19:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-08-12 14:24 - 2015-07-15 19:53 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2015-08-12 14:24 - 2015-07-15 19:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-08-12 14:24 - 2015-07-15 19:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-08-12 14:24 - 2015-07-15 19:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-08-12 14:24 - 2015-07-15 19:53 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-08-12 14:24 - 2015-07-15 19:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-08-12 14:24 - 2015-07-15 19:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-08-12 14:24 - 2015-07-15 19:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-08-12 14:24 - 2015-07-15 19:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-08-12 14:24 - 2015-07-15 19:44 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-08-12 14:24 - 2015-07-15 19:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-08-12 14:24 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-08-12 14:24 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-08-12 14:24 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-08-12 14:24 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-08-12 14:24 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-08-12 14:24 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-08-12 14:24 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-08-12 14:24 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-08-12 14:24 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-08-12 14:24 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-08-12 14:24 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-08-12 14:24 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-08-12 14:24 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-08-12 14:24 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-08-12 14:24 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-08-12 14:24 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-08-12 14:24 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-08-12 14:24 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-08-12 14:24 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-08-12 14:24 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-08-12 14:24 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-08-12 14:24 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-08-12 14:24 - 2015-07-15 18:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2015-08-12 14:24 - 2015-07-15 18:46 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2015-08-12 14:24 - 2015-07-15 18:46 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2015-08-12 14:24 - 2015-07-15 18:37 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-08-12 14:24 - 2015-07-15 18:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-08-12 14:24 - 2015-07-15 18:34 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-08-12 14:24 - 2015-07-15 18:34 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-08-12 14:24 - 2015-07-15 18:34 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-08-12 14:24 - 2015-07-15 18:34 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-08-12 14:24 - 2015-07-15 05:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll 2015-08-12 14:24 - 2015-07-10 19:51 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2015-08-12 14:24 - 2015-07-10 19:51 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll 2015-08-12 14:24 - 2015-07-10 19:51 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2015-08-12 14:24 - 2015-07-10 19:34 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2015-08-12 14:24 - 2015-07-10 19:34 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2015-08-12 14:24 - 2015-07-10 19:33 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll 2015-08-12 14:23 - 2015-07-30 20:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2015-08-12 14:23 - 2015-07-30 20:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-08-12 14:23 - 2015-07-30 20:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-08-12 14:23 - 2015-07-30 20:06 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2015-08-12 14:23 - 2015-07-30 20:06 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-08-12 14:23 - 2015-07-30 20:06 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2015-08-12 14:23 - 2015-07-30 20:06 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2015-08-12 14:23 - 2015-07-30 19:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2015-08-12 14:23 - 2015-07-30 19:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-08-12 14:23 - 2015-07-30 19:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2015-08-12 14:23 - 2015-07-30 19:57 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-08-12 14:23 - 2015-07-30 19:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2015-08-12 14:23 - 2015-07-30 19:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2015-08-12 14:23 - 2015-07-30 18:56 - 03208192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-08-12 14:23 - 2015-07-30 18:52 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-08-12 14:23 - 2015-07-30 18:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-08-12 14:23 - 2015-07-20 20:12 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-08-12 14:23 - 2015-07-20 20:12 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-08-12 14:23 - 2015-07-20 20:12 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-08-12 14:23 - 2015-07-20 20:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-08-12 14:23 - 2015-07-20 20:12 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-08-12 14:23 - 2015-07-20 20:12 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-08-12 14:23 - 2015-07-20 20:12 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-08-12 14:23 - 2015-07-20 20:12 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-08-12 14:23 - 2015-07-20 20:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-08-12 14:23 - 2015-07-20 20:12 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-08-12 14:23 - 2015-07-20 20:12 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-08-12 14:23 - 2015-07-20 19:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-08-12 14:23 - 2015-07-20 19:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-08-12 14:23 - 2015-07-20 19:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-08-12 14:23 - 2015-07-20 19:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-08-12 14:23 - 2015-07-20 19:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-08-12 14:23 - 2015-07-15 05:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2015-08-12 14:23 - 2015-07-15 05:19 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-08-12 14:23 - 2015-07-15 05:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll 2015-08-12 14:23 - 2015-07-15 05:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2015-08-12 14:23 - 2015-07-15 04:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2015-08-12 14:23 - 2015-07-15 04:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2015-08-12 14:23 - 2015-07-15 04:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll 2015-08-12 14:23 - 2015-07-15 04:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2015-08-12 14:23 - 2015-07-10 19:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-08-12 14:23 - 2015-07-10 19:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2015-08-12 14:23 - 2015-07-09 19:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe 2015-08-12 14:23 - 2015-07-09 19:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe 2015-08-12 14:23 - 2015-07-09 19:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe 2015-08-12 14:23 - 2015-07-01 22:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2015-08-12 14:23 - 2015-07-01 22:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2015-08-12 14:23 - 2015-07-01 22:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll 2015-08-12 14:23 - 2015-07-01 22:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll 2015-08-12 14:22 - 2015-05-09 20:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll 2015-08-09 22:42 - 2015-09-06 11:08 - 00004225 _____ C:\Windows\setupact.log 2015-08-09 22:42 - 2015-08-09 22:42 - 00000000 _____ C:\Windows\setuperr.log 2015-08-09 13:14 - 2015-08-28 09:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2015-08-09 13:14 - 2015-08-28 09:39 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2015-08-09 13:14 - 2015-08-09 13:16 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2015-08-09 13:14 - 2015-08-09 13:14 - 00001403 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2015-08-09 13:14 - 2015-08-09 13:14 - 00001391 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2015-08-09 13:14 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe 2015-08-09 13:08 - 2015-08-09 13:08 - 01199392 _____ C:\Users\Juli\Downloads\SpyBot Search Destroy - CHIP-Installer.exe ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-09-06 11:42 - 2012-12-30 16:47 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-09-06 11:39 - 2010-07-04 12:45 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-09-06 11:23 - 2009-07-14 06:45 - 00014592 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-09-06 11:23 - 2009-07-14 06:45 - 00014592 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-09-06 11:17 - 2010-07-04 12:45 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-09-06 11:08 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-09-05 20:23 - 2010-06-20 16:31 - 01154409 _____ C:\Windows\WindowsUpdate.log 2015-09-05 19:50 - 2010-06-20 16:44 - 00000000 ____D C:\Users\Juli 2015-09-05 13:19 - 2010-06-21 02:18 - 00699682 _____ C:\Windows\system32\perfh007.dat 2015-09-05 13:19 - 2010-06-21 02:18 - 00149790 _____ C:\Windows\system32\perfc007.dat 2015-09-05 13:19 - 2009-07-14 07:13 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI 2015-09-05 12:43 - 2012-10-25 19:50 - 00000000 ____D C:\Windows\PCHEALTH 2015-09-05 12:43 - 2010-06-20 17:52 - 00000000 ____D C:\ProgramData\ICQ 2015-09-03 21:47 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default 2015-09-03 21:44 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini 2015-09-03 21:20 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender 2015-09-03 21:20 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2015-09-03 09:40 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Cursors 2015-09-02 22:45 - 2013-11-05 00:17 - 00000000 ____D C:\Windows\Minidump 2015-09-01 15:41 - 2011-06-25 13:00 - 00007598 _____ C:\Users\Juli\AppData\Local\resmon.resmoncfg 2015-08-31 21:38 - 2015-08-06 17:16 - 00000000 ____D C:\Users\Juli\AppData\Roaming\Apple Computer 2015-08-31 13:04 - 2014-08-31 18:36 - 00000000 ____D C:\Users\Juli\Desktop\Sonstiges 2015-08-27 20:34 - 2010-07-04 12:45 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-08-27 20:34 - 2010-07-04 12:45 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-08-26 18:41 - 2013-07-14 17:03 - 00000000 ____D C:\Users\Juli\AppData\Roaming\Spotify 2015-08-26 18:36 - 2013-07-14 17:07 - 00000000 ____D C:\Users\Juli\AppData\Local\Spotify 2015-08-13 16:33 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2015-08-13 14:57 - 2009-07-14 06:45 - 00404824 _____ C:\Windows\system32\FNTCACHE.DAT 2015-08-13 14:54 - 2015-04-17 09:55 - 00000000 ____D C:\Windows\system32\appraiser 2015-08-13 14:54 - 2014-05-06 23:22 - 00000000 ___SD C:\Windows\system32\CompatTel 2015-08-12 19:37 - 2014-12-30 00:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-08-12 19:35 - 2014-12-30 00:11 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-08-12 19:35 - 2014-12-30 00:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2015-08-12 19:32 - 2009-08-28 06:43 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-08-12 19:23 - 2013-08-15 11:24 - 00000000 ____D C:\Windows\system32\MRT 2015-08-12 19:16 - 2011-11-07 16:00 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-08-12 16:51 - 2013-01-03 14:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-08-12 16:51 - 2011-12-07 13:16 - 00001764 _____ C:\Windows\wininit.ini 2015-08-12 16:43 - 2012-12-30 16:47 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-08-12 16:43 - 2012-12-30 16:47 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-08-12 16:43 - 2012-12-30 16:47 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-08-11 15:30 - 2014-11-23 19:19 - 00000000 __SHD C:\Users\Juli\AppData\Local\EmieBrowserModeList 2015-08-11 15:30 - 2014-04-29 21:03 - 00000000 __SHD C:\Users\Juli\AppData\Local\EmieUserList 2015-08-11 15:30 - 2014-04-29 21:03 - 00000000 __SHD C:\Users\Juli\AppData\Local\EmieSiteList 2015-08-07 09:54 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2010-08-10 18:56 - 2015-02-25 14:51 - 0010426 _____ () C:\Users\Juli\AppData\Roaming\wklnhst.dat 2012-02-15 19:09 - 2012-02-15 19:09 - 0003584 _____ () C:\Users\Juli\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2011-06-25 13:00 - 2015-09-01 15:41 - 0007598 _____ () C:\Users\Juli\AppData\Local\resmon.resmoncfg 2009-08-28 06:36 - 2009-07-18 03:57 - 0036136 _____ (Oberon Media) C:\ProgramData\FullRemove.exe Einige Dateien in TEMP: ==================== C:\Users\Juli\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-09-01 12:13 ==================== Ende von FRST.txt ============================ |
|
07.09.2015, 07:27
| #8 |
| /// the machine /// TB-Ausbilder | Trojaner von Avira gefunden (EXP/Java.HLP.CJ und TR/ATRAPS.Gen2). Windows 7 64 BitESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
13.09.2015, 15:10
| #9 |
| | Trojaner von Avira gefunden (EXP/Java.HLP.CJ und TR/ATRAPS.Gen2). Windows 7 64 Bit Hi, hat etwas gedauert, weil ich die ESET Textdatei nach dem Durchlauf nie gefunden habe. Ich hoffe das passt jetzt alles soweit? Probleme habe ich keine mehr. Auf alle Fälle schonmal ein herzliches Dankeschön für schnelle und kompetente Hilfe!! Liebe Grüße ESET Code:
ATTFilter C:\Users\Juli\Downloads\7 Zip 32 Bit - CHIP-Installer.exe Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung
C:\Users\Juli\Downloads\Perfect Effects Free - CHIP-Installer.exe Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung
C:\Users\Juli\Downloads\SpyBot Search Destroy - CHIP-Installer.exe Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung
SecurityCheck Code:
ATTFilter Results of screen317's Security Check version 1.008 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus out of date! `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Java(TM) 6 Update 22 Java version 32-bit out of Date! Adobe Flash Player 18.0.0.232 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (40.0) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Spybot Teatimer.exe is disabled! Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:13-09-2015 durchgeführt von Juli (Administrator) auf JULI-PC (13-09-2015 16:02:08) Gestartet von C:\Users\Juli\Downloads Geladene Profile: Juli (Verfügbare Profile: Juli & Juni) Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe (Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Acer) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Spotify Ltd) C:\Users\Juli\AppData\Roaming\Spotify\SpotifyWebHelper.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Computer, Inc.) C:\Program Files (x86)\QuickTime\qttask.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor) HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [828960 2009-08-06] (Acer Incorporated) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated) HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1157640 2009-08-18] (Dritek System Inc.) HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe [262912 2009-08-21] (NewTech Infosystems, Inc.) HKLM-x32\...\Run: [RemoteControl8] => C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.) HKLM-x32\...\Run: [PDVD8LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.) HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2009-07-07] (cyberlink) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2010-09-23] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-09-20] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\qttask.exe [98304 2014-12-12] (Apple Computer, Inc.) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [348664 2015-08-28] (Avira Operations GmbH & Co. KG) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-316069657-1248085923-330337535-1000\...\Run: [Spotify Web Helper] => C:\Users\Juli\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-08-25] (Spotify Ltd) Startup: C:\Users\Juli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\de_cleaner_kaspersky.lnk [2011-06-06] ShortcutTarget: de_cleaner_kaspersky.lnk -> C:\Users\Juli\Desktop\Sonstiges\verschiedenes\DE-Cleaner powered by Kaspersky\de_cleaner_kaspersky\startup.exe () Startup: C:\Users\Juli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2011-05-29] ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2 Tcpip\..\Interfaces\{53EE9F0E-DC76-4C0D-A8FB-271F8A83D394}: [NameServer] 192.168.178.1 Tcpip\..\Interfaces\{EDEDC91C-66CE-4780-8FCD-F6E838488141}: [DhcpNameServer] 192.168.0.1 192.168.0.2 Internet Explorer: ================== HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-316069657-1248085923-330337535-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-316069657-1248085923-330337535-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch URLSearchHook: HKU\S-1-5-21-316069657-1248085923-330337535-1000 -> Standard = {855F3B16-6D32-4fe6-8A56-BBB695989046} SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW SearchScopes: HKU\S-1-5-21-316069657-1248085923-330337535-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_deDE384 SearchScopes: HKU\S-1-5-21-316069657-1248085923-330337535-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_deDE384 BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-09-22] (Adobe Systems Incorporated) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22] (Adobe Systems Incorporated) BHO-x32: Kein Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> Keine Datei BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation) BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-08-16] (Skype Technologies S.A.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-05-29] (Sun Microsystems, Inc.) DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll [2009-02-06] (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll [2009-02-06] (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-08-16] (Skype Technologies S.A.) FireFox: ======== FF ProfilePath: C:\Users\Juli\AppData\Roaming\Mozilla\Firefox\Profiles\be74m3z6.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-12] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-05-29] (Sun Microsystems, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8064.0206 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-02-06] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-27] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-27] (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-12-12] (Apple Computer, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-12-12] (Apple Computer, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-12-12] (Apple Computer, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-12-12] (Apple Computer, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-12-12] (Apple Computer, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2014-12-12] (Apple Computer, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2014-12-12] (Apple Computer, Inc.) FF SearchPlugin: C:\Users\Juli\AppData\Roaming\Mozilla\Firefox\Profiles\be74m3z6.default\searchplugins\duckduckgo.xml [2014-07-22] FF Extension: Ghostery - C:\Users\Juli\AppData\Roaming\Mozilla\Firefox\Profiles\be74m3z6.default\Extensions\firefox@ghostery.com.xpi [2013-10-15] FF Extension: Adblock Plus - C:\Users\Juli\AppData\Roaming\Mozilla\Firefox\Profiles\be74m3z6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-01-04] FF Extension: Click to call with Skype - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-09-13] FF HKU\S-1-5-21-316069657-1248085923-330337535-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Juli\AppData\Roaming\Mozilla\Firefox\Profiles\be74m3z6.default\extensions\cliqz@cliqz.com ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2015-08-28] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2015-08-28] (Avira Operations GmbH & Co. KG) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.) R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [844320 2009-08-06] (Acer Incorporated) S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2010-06-20] (Macrovision Europe Ltd.) [Datei ist nicht signiert] R2 Greg_Service; C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe [1150496 2009-06-04] (Acer Incorporated) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) S3 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [62720 2009-08-21] (NewTech Infosystems, Inc.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) R2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [240160 2009-07-04] (Acer) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2015-08-28] (Avira GmbH) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2015-08-28] (Avira GmbH) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2011-10-11] (Avira GmbH) S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (CSR, plc) R1 de_cleaner_kasperskydrv; C:\Windows\System32\DRIVERS\7516810.sys [352784 2009-10-09] (Kaspersky Lab) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-13] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation) R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [146928 2009-07-07] (CyberLink Corp.) S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-09-13 16:02 - 2015-09-13 16:02 - 00000000 ____D C:\Users\Juli\Downloads\FRST-OlderVersion 2015-09-13 16:01 - 2015-09-13 16:01 - 00000786 _____ C:\Users\Juli\Downloads\ESET.txt 2015-09-13 13:54 - 2015-09-13 14:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-09-13 13:40 - 2015-09-13 13:41 - 00000000 ___RD C:\Users\Juli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8 2015-09-09 18:31 - 2015-09-09 18:31 - 02870984 _____ (ESET) C:\Users\Juli\Downloads\esetsmartinstaller_deu(2).exe 2015-09-08 22:42 - 2015-08-05 19:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll 2015-09-08 22:42 - 2015-08-05 19:56 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-09-08 22:42 - 2015-08-05 19:56 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2015-09-08 22:42 - 2015-08-05 19:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2015-09-08 22:42 - 2015-07-09 19:58 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll 2015-09-08 22:42 - 2015-07-09 19:58 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll 2015-09-08 22:42 - 2015-07-09 19:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll 2015-09-08 22:42 - 2015-07-09 19:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll 2015-09-08 22:41 - 2015-08-18 03:42 - 00393304 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-09-08 22:41 - 2015-08-18 03:14 - 00344168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-09-08 22:41 - 2015-08-15 08:48 - 25190400 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-09-08 22:41 - 2015-08-15 08:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-09-08 22:41 - 2015-08-15 08:33 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-09-08 22:41 - 2015-08-15 08:18 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-09-08 22:41 - 2015-08-15 08:18 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-09-08 22:41 - 2015-08-15 08:17 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-09-08 22:41 - 2015-08-15 08:17 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-09-08 22:41 - 2015-08-15 08:17 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-09-08 22:41 - 2015-08-15 08:17 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-09-08 22:41 - 2015-08-15 08:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-09-08 22:41 - 2015-08-15 08:09 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-09-08 22:41 - 2015-08-15 08:06 - 19856896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-09-08 22:41 - 2015-08-15 08:06 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-09-08 22:41 - 2015-08-15 08:04 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-09-08 22:41 - 2015-08-15 08:04 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-09-08 22:41 - 2015-08-15 08:04 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-09-08 22:41 - 2015-08-15 08:04 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-09-08 22:41 - 2015-08-15 08:00 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-09-08 22:41 - 2015-08-15 07:57 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-09-08 22:41 - 2015-08-15 07:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-09-08 22:41 - 2015-08-15 07:53 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-09-08 22:41 - 2015-08-15 07:46 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-09-08 22:41 - 2015-08-15 07:42 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-09-08 22:41 - 2015-08-15 07:41 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-09-08 22:41 - 2015-08-15 07:40 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-09-08 22:41 - 2015-08-15 07:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-09-08 22:41 - 2015-08-15 07:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-09-08 22:41 - 2015-08-15 07:39 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-09-08 22:41 - 2015-08-15 07:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-09-08 22:41 - 2015-08-15 07:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-09-08 22:41 - 2015-08-15 07:35 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-09-08 22:41 - 2015-08-15 07:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-09-08 22:41 - 2015-08-15 07:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-09-08 22:41 - 2015-08-15 07:30 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-09-08 22:41 - 2015-08-15 07:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-09-08 22:41 - 2015-08-15 07:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-09-08 22:41 - 2015-08-15 07:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-09-08 22:41 - 2015-08-15 07:24 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-09-08 22:41 - 2015-08-15 07:23 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-09-08 22:41 - 2015-08-15 07:22 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-09-08 22:41 - 2015-08-15 07:22 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-09-08 22:41 - 2015-08-15 07:21 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-09-08 22:41 - 2015-08-15 07:16 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-09-08 22:41 - 2015-08-15 07:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-09-08 22:41 - 2015-08-15 07:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-09-08 22:41 - 2015-08-15 07:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-09-08 22:41 - 2015-08-15 07:11 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-09-08 22:41 - 2015-08-15 07:10 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-09-08 22:41 - 2015-08-15 07:07 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-09-08 22:41 - 2015-08-15 07:04 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-09-08 22:41 - 2015-08-15 07:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-09-08 22:41 - 2015-08-15 07:01 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-09-08 22:41 - 2015-08-15 07:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-09-08 22:41 - 2015-08-15 06:55 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-09-08 22:41 - 2015-08-15 06:43 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-09-08 22:41 - 2015-08-15 06:43 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-09-08 22:41 - 2015-08-15 06:39 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-09-08 22:41 - 2015-08-15 06:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-09-08 22:41 - 2015-07-15 05:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2015-09-08 22:41 - 2015-07-15 04:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2015-09-08 22:40 - 2015-07-23 02:06 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-09-08 22:40 - 2015-07-23 02:06 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-09-08 22:40 - 2015-07-23 02:06 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-09-08 22:40 - 2015-07-23 02:03 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-09-08 22:40 - 2015-07-23 02:03 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-09-08 22:40 - 2015-07-23 02:03 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-09-08 22:40 - 2015-07-23 02:03 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-09-08 22:40 - 2015-07-23 02:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-09-08 22:40 - 2015-07-23 02:02 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-09-08 22:40 - 2015-07-23 02:02 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2015-09-08 22:40 - 2015-07-23 02:02 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2015-09-08 22:40 - 2015-07-23 02:02 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-09-08 22:40 - 2015-07-23 02:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2015-09-08 22:40 - 2015-07-23 02:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2015-09-08 22:40 - 2015-07-23 02:02 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-09-08 22:40 - 2015-07-23 02:02 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-09-08 22:40 - 2015-07-23 02:02 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-09-08 22:40 - 2015-07-23 02:02 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-09-08 22:40 - 2015-07-23 02:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-09-08 22:40 - 2015-07-23 02:02 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-09-08 22:40 - 2015-07-23 02:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-09-08 22:40 - 2015-07-23 02:02 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-09-08 22:40 - 2015-07-23 02:02 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-09-08 22:40 - 2015-07-23 02:02 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-09-08 22:40 - 2015-07-23 02:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-09-08 22:40 - 2015-07-23 02:02 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-09-08 22:40 - 2015-07-23 02:02 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2015-09-08 22:40 - 2015-07-23 02:02 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-09-08 22:40 - 2015-07-23 02:02 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-09-08 22:40 - 2015-07-23 02:02 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-09-08 22:40 - 2015-07-23 02:02 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-09-08 22:40 - 2015-07-23 02:02 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-09-08 22:40 - 2015-07-23 02:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-09-08 22:40 - 2015-07-23 02:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-09-08 22:40 - 2015-07-23 02:01 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-09-08 22:40 - 2015-07-23 01:58 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-09-08 22:40 - 2015-07-23 01:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-09-08 22:40 - 2015-07-23 01:52 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-09-08 22:40 - 2015-07-23 01:52 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-09-08 22:40 - 2015-07-23 01:52 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-09-08 22:40 - 2015-07-23 01:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-09-08 22:40 - 2015-07-23 01:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-09-08 22:40 - 2015-07-23 01:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-09-08 22:40 - 2015-07-23 01:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-09-08 22:40 - 2015-07-23 01:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-09-08 22:40 - 2015-07-23 01:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-09-08 22:40 - 2015-07-23 01:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-09-08 22:40 - 2015-07-23 01:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-09-08 22:40 - 2015-07-23 01:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-09-08 22:40 - 2015-07-23 01:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-09-08 22:40 - 2015-07-23 01:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-09-08 22:40 - 2015-07-23 01:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-09-08 22:40 - 2015-07-23 01:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-09-08 22:40 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-09-08 22:40 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-09-08 22:40 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-09-08 22:40 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-09-08 22:40 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-09-08 22:40 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-09-08 22:40 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-09-08 22:40 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-09-08 22:40 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-09-08 22:40 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-09-08 22:40 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-09-08 22:40 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-09-08 22:40 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-09-08 22:40 - 2015-07-23 01:51 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-09-08 22:40 - 2015-07-22 19:57 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-09-08 22:40 - 2015-07-22 19:57 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-09-08 22:40 - 2015-07-22 19:54 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-09-08 22:40 - 2015-07-22 19:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2015-09-08 22:40 - 2015-07-22 19:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2015-09-08 22:40 - 2015-07-22 19:53 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-09-08 22:40 - 2015-07-22 19:53 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-09-08 22:40 - 2015-07-22 19:53 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-09-08 22:40 - 2015-07-22 19:53 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-09-08 22:40 - 2015-07-22 19:53 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-09-08 22:40 - 2015-07-22 19:53 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-09-08 22:40 - 2015-07-22 19:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-09-08 22:40 - 2015-07-22 19:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2015-09-08 22:40 - 2015-07-22 19:53 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-09-08 22:40 - 2015-07-22 19:53 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-09-08 22:40 - 2015-07-22 19:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-09-08 22:40 - 2015-07-22 19:52 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-09-08 22:40 - 2015-07-22 19:52 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2015-09-08 22:40 - 2015-07-22 19:52 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-09-08 22:40 - 2015-07-22 19:52 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-09-08 22:40 - 2015-07-22 19:52 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-09-08 22:40 - 2015-07-22 19:52 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-09-08 22:40 - 2015-07-22 19:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-09-08 22:40 - 2015-07-22 19:47 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-09-08 22:40 - 2015-07-22 19:46 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-09-08 22:40 - 2015-07-22 19:42 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-09-08 22:40 - 2015-07-22 19:42 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-09-08 22:40 - 2015-07-22 19:42 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-09-08 22:40 - 2015-07-22 19:42 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-09-08 22:40 - 2015-07-22 19:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-09-08 22:40 - 2015-07-22 19:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-09-08 22:40 - 2015-07-22 19:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-09-08 22:40 - 2015-07-22 19:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-09-08 22:40 - 2015-07-22 19:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-09-08 22:40 - 2015-07-22 19:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-09-08 22:40 - 2015-07-22 19:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-09-08 22:40 - 2015-07-22 19:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-09-08 22:40 - 2015-07-22 19:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-09-08 22:40 - 2015-07-22 19:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-09-08 22:40 - 2015-07-22 19:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-09-08 22:40 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-09-08 22:40 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-09-08 22:40 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-09-08 22:40 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-09-08 22:40 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-09-08 22:40 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-09-08 22:40 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-09-08 22:40 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-09-08 22:40 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-09-08 22:40 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-09-08 22:40 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-09-08 22:40 - 2015-07-22 18:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll 2015-09-08 22:40 - 2015-07-22 18:45 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2015-09-08 22:40 - 2015-07-22 18:44 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2015-09-08 22:40 - 2015-07-22 18:44 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2015-09-08 22:40 - 2015-07-22 18:34 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-09-08 22:40 - 2015-07-22 18:34 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-09-08 22:40 - 2015-07-22 18:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-09-08 22:40 - 2015-07-22 18:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-09-08 22:40 - 2015-07-22 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-09-08 22:40 - 2015-07-22 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-09-08 22:38 - 2015-08-27 20:18 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2015-09-08 22:38 - 2015-08-27 20:18 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-09-08 22:38 - 2015-08-27 20:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll 2015-09-08 22:38 - 2015-08-27 20:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2015-09-08 22:38 - 2015-08-27 19:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2015-09-08 22:38 - 2015-08-27 19:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2015-09-08 22:38 - 2015-08-27 19:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll 2015-09-08 22:38 - 2015-08-27 19:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2015-09-08 22:38 - 2015-06-25 12:06 - 00115136 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2015-09-08 22:38 - 2015-06-25 12:01 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2015-09-08 22:38 - 2015-06-25 12:01 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll 2015-09-08 22:38 - 2015-06-25 11:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2015-09-08 22:37 - 2015-08-04 20:03 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2015-09-08 22:37 - 2015-08-04 20:00 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2015-09-08 22:37 - 2015-08-04 19:56 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2015-09-08 22:37 - 2015-08-04 19:56 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2015-09-08 22:37 - 2015-08-04 19:56 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2015-09-08 22:37 - 2015-08-04 19:55 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2015-09-08 22:37 - 2015-08-04 19:55 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2015-09-08 22:37 - 2015-08-04 19:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2015-09-08 22:37 - 2015-08-04 18:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2015-09-08 22:36 - 2015-09-02 05:04 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-09-08 22:36 - 2015-09-02 05:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2015-09-08 22:36 - 2015-09-02 05:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2015-09-08 22:36 - 2015-09-02 04:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-09-08 22:36 - 2015-09-02 03:51 - 03209216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-09-08 22:36 - 2015-09-02 03:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-09-08 22:36 - 2015-09-02 03:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-09-08 22:35 - 2015-09-02 05:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2015-09-08 22:35 - 2015-09-02 04:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2015-09-08 22:35 - 2015-09-02 04:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2015-09-08 22:35 - 2015-09-02 04:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2015-09-08 22:34 - 2015-08-26 20:07 - 03165696 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-09-08 22:34 - 2015-08-26 20:07 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-09-08 22:34 - 2015-08-26 20:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-09-08 22:34 - 2015-08-26 20:07 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-09-08 22:34 - 2015-08-26 20:07 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-09-08 22:34 - 2015-08-26 20:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-09-08 22:34 - 2015-08-26 20:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-09-08 22:34 - 2015-08-26 20:06 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-09-08 22:34 - 2015-08-26 20:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-09-08 22:34 - 2015-08-26 20:06 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-09-08 22:34 - 2015-08-26 20:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-09-08 22:34 - 2015-08-26 19:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-09-08 22:34 - 2015-08-26 19:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-09-08 22:34 - 2015-08-26 19:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-09-08 22:34 - 2015-08-26 19:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-09-08 22:34 - 2015-08-26 19:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-09-08 21:28 - 2015-09-08 21:28 - 02870984 _____ (ESET) C:\Users\Juli\Downloads\esetsmartinstaller_deu(1).exe 2015-09-07 21:26 - 2015-09-07 21:26 - 00001086 _____ C:\Users\Juli\Desktop\checkup.txt 2015-09-07 21:20 - 2015-09-07 21:20 - 00852704 _____ C:\Users\Juli\Downloads\SecurityCheck.exe 2015-09-07 18:57 - 2015-09-07 18:57 - 00000000 ____D C:\Program Files (x86)\ESET 2015-09-07 18:55 - 2015-09-07 18:55 - 02870984 _____ (ESET) C:\Users\Juli\Downloads\esetsmartinstaller_deu.exe 2015-09-06 17:11 - 2015-09-06 17:11 - 00003003 _____ C:\Users\Juli\Desktop\career_20141114_clinical_trial_associate_CTA.txt 2015-09-06 11:42 - 2015-09-06 15:38 - 00000000 ____D C:\Users\Juli\Desktop\Neuer Ordner 2015-09-05 20:23 - 2015-09-05 20:23 - 00000841 _____ C:\Users\Juli\Desktop\JRT2.txt 2015-09-05 19:54 - 2015-09-05 19:54 - 00000841 _____ C:\Users\Juli\Desktop\JRT.txt 2015-09-05 19:47 - 2015-09-05 19:47 - 01799392 _____ (Malwarebytes Corporation) C:\Users\Juli\Downloads\JRT_7600(2).exe 2015-09-05 19:46 - 2015-09-05 19:46 - 01799392 _____ (Malwarebytes Corporation) C:\Users\Juli\Downloads\JRT_7600(1).exe 2015-09-05 13:16 - 2015-09-06 13:24 - 00000000 ____D C:\Users\Juli\Desktop\Pferdis, 03.09.15 2015-09-05 13:13 - 2015-09-05 13:13 - 01799392 _____ (Malwarebytes Corporation) C:\Users\Juli\Downloads\JRT_7600.exe 2015-09-05 13:12 - 2015-09-05 13:12 - 00002164 _____ C:\Users\Juli\Desktop\AdwCleaner[C1].txt 2015-09-05 13:05 - 2015-09-05 13:05 - 01654272 _____ C:\Users\Juli\Downloads\AdwCleaner_5.005(1).exe 2015-09-05 13:02 - 2015-09-05 13:06 - 00000000 ____D C:\AdwCleaner 2015-09-05 13:00 - 2015-09-05 13:00 - 01654272 _____ C:\Users\Juli\Downloads\AdwCleaner_5.005.exe 2015-09-05 12:13 - 2015-09-05 12:13 - 00001114 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-09-05 12:13 - 2015-09-05 12:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-09-05 12:13 - 2015-09-05 12:13 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-09-05 12:13 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-09-05 12:13 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-09-05 12:11 - 2015-09-05 12:11 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Juli\Downloads\mbam-setup-2.1.8.1057.exe 2015-09-03 23:16 - 2015-09-03 23:16 - 00026467 _____ C:\Users\Juli\Desktop\combofix.txt 2015-09-03 21:47 - 2015-09-03 21:47 - 00026467 _____ C:\ComboFix.txt 2015-09-03 21:31 - 2015-09-03 21:47 - 00000000 ____D C:\Qoobox 2015-09-03 21:31 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe 2015-09-03 21:31 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe 2015-09-03 21:31 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-09-03 21:31 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-09-03 21:31 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-09-03 21:31 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe 2015-09-03 21:31 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe 2015-09-03 21:31 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe 2015-09-03 21:30 - 2015-09-03 21:45 - 00000000 ____D C:\Windows\erdnt 2015-09-03 21:27 - 2015-09-03 21:28 - 05635231 ____R (Swearware) C:\Users\Juli\Downloads\ComboFix.exe 2015-09-03 10:38 - 2015-09-03 10:38 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Juli\Downloads\tdsskiller.exe 2015-09-03 08:59 - 2015-09-13 15:00 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-09-03 08:59 - 2015-09-05 12:50 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-09-03 08:59 - 2015-09-05 12:13 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-09-03 08:55 - 2015-09-03 10:34 - 00000000 ____D C:\Users\Juli\Desktop\mbar 2015-09-03 08:55 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-09-03 08:50 - 2015-09-03 08:51 - 16563304 _____ (Malwarebytes Corp.) C:\Users\Juli\Desktop\mbar-1.09.2.1008.exe 2015-09-02 22:45 - 2015-09-02 22:45 - 586310020 _____ C:\Windows\MEMORY.DMP 2015-09-02 22:45 - 2015-09-02 22:45 - 00471832 _____ C:\Windows\Minidump\090215-21044-01.dmp 2015-09-02 18:22 - 2015-09-02 18:22 - 00005772 _____ C:\Users\Juli\Downloads\GMER.txt 2015-09-02 18:14 - 2015-09-02 18:14 - 00058536 _____ C:\Users\Juli\Desktop\FRST.txt 2015-09-02 18:14 - 2015-09-02 18:14 - 00037908 _____ C:\Users\Juli\Desktop\Addition.txt 2015-09-02 18:13 - 2015-09-02 18:13 - 00380416 _____ C:\Users\Juli\Downloads\Gmer-19357.exe 2015-09-02 18:09 - 2015-09-02 18:11 - 00037908 _____ C:\Users\Juli\Downloads\Addition.txt 2015-09-02 18:08 - 2015-09-13 16:02 - 00018258 _____ C:\Users\Juli\Downloads\FRST.txt 2015-09-02 18:08 - 2015-09-13 16:02 - 00000000 ____D C:\FRST 2015-09-02 18:07 - 2015-09-13 16:02 - 02190336 _____ (Farbar) C:\Users\Juli\Downloads\FRST64.exe 2015-09-02 18:06 - 2015-09-02 18:06 - 00000470 _____ C:\Users\Juli\Downloads\defogger_disable.log 2015-09-02 18:06 - 2015-09-02 18:06 - 00000000 _____ C:\Users\Juli\defogger_reenable 2015-09-02 18:04 - 2015-09-02 18:04 - 00050477 _____ C:\Users\Juli\Downloads\Defogger.exe 2015-09-02 17:18 - 2015-09-07 19:59 - 00000000 ____D C:\Users\Juli\Desktop\PraktikumPflanze1 2015-08-31 22:47 - 2015-08-31 22:50 - 155835672 _____ (Apple Inc.) C:\Users\Juli\Downloads\iTunes6464Setup(1).exe 2015-08-28 09:36 - 2015-08-28 09:36 - 00000000 ____D C:\Users\Juli\AppData\Roaming\Avira 2015-08-28 09:35 - 2015-08-28 13:23 - 00132832 _____ (Avira GmbH) C:\Windows\system32\Drivers\avipbb.sys 2015-08-28 09:35 - 2015-08-28 13:23 - 00098848 _____ (Avira GmbH) C:\Windows\system32\Drivers\avgntflt.sys 2015-08-28 09:35 - 2015-08-28 09:35 - 00002078 _____ C:\Users\Public\Desktop\Avira Control Center.lnk 2015-08-28 09:35 - 2015-08-28 09:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-08-28 09:35 - 2015-08-28 09:35 - 00000000 ____D C:\ProgramData\Avira 2015-08-28 09:35 - 2015-08-28 09:35 - 00000000 ____D C:\Program Files (x86)\Avira 2015-08-28 09:35 - 2011-10-11 15:00 - 00027760 _____ (Avira GmbH) C:\Windows\system32\Drivers\avkmgr.sys 2015-08-28 09:32 - 2009-06-10 23:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20150828-093233.backup 2015-08-26 10:56 - 2015-08-26 10:56 - 00002984 _____ C:\Users\Juli\Downloads\Wandervorschläge.html 2015-08-20 15:52 - 2015-08-20 15:52 - 00000000 ____D C:\usr ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-09-13 15:42 - 2012-12-30 16:47 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-09-13 15:39 - 2010-07-04 12:45 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-09-13 14:10 - 2009-07-14 06:45 - 00014592 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-09-13 14:10 - 2009-07-14 06:45 - 00014592 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-09-13 14:02 - 2013-01-03 14:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-09-13 14:02 - 2011-12-07 13:16 - 00001847 _____ C:\Windows\wininit.ini 2015-09-13 13:50 - 2010-06-20 16:31 - 01472414 _____ C:\Windows\WindowsUpdate.log 2015-09-13 13:39 - 2015-08-09 22:42 - 00004561 _____ C:\Windows\setupact.log 2015-09-13 13:39 - 2010-07-04 12:45 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-09-13 13:39 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-09-09 19:22 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2015-09-09 18:28 - 2010-06-21 02:18 - 00699682 _____ C:\Windows\system32\perfh007.dat 2015-09-09 18:28 - 2010-06-21 02:18 - 00149790 _____ C:\Windows\system32\perfc007.dat 2015-09-09 18:28 - 2009-07-14 07:13 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI 2015-09-09 18:20 - 2009-07-14 06:45 - 00404824 _____ C:\Windows\system32\FNTCACHE.DAT 2015-09-09 18:18 - 2009-07-14 09:45 - 00000000 ____D C:\Program Files\Windows Journal 2015-09-09 18:18 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2015-09-08 23:45 - 2009-08-28 06:43 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-09-08 23:41 - 2013-08-15 11:24 - 00000000 ____D C:\Windows\system32\MRT 2015-09-06 15:39 - 2015-04-18 17:32 - 00000000 ____D C:\Users\Juli\Desktop\Bilder 2015-09-05 19:50 - 2010-06-20 16:44 - 00000000 ____D C:\Users\Juli 2015-09-05 13:09 - 2015-08-13 14:54 - 00099108 _____ C:\Windows\PFRO.log 2015-09-05 12:45 - 2012-10-25 19:50 - 00000000 ____D C:\Windows\PCHEALTH 2015-09-05 12:43 - 2010-06-20 17:52 - 00000000 ____D C:\ProgramData\ICQ 2015-09-03 21:47 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default 2015-09-03 21:44 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini 2015-09-03 21:20 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender 2015-09-03 21:20 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2015-09-03 09:40 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Cursors 2015-09-02 22:45 - 2013-11-05 00:17 - 00000000 ____D C:\Windows\Minidump 2015-09-01 15:41 - 2011-06-25 13:00 - 00007598 _____ C:\Users\Juli\AppData\Local\resmon.resmoncfg 2015-08-31 21:38 - 2015-08-06 17:16 - 00000000 ____D C:\Users\Juli\AppData\Roaming\Apple Computer 2015-08-31 13:04 - 2014-08-31 18:36 - 00000000 ____D C:\Users\Juli\Desktop\Sonstiges 2015-08-28 09:39 - 2015-08-09 13:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2015-08-28 09:39 - 2015-08-09 13:14 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2015-08-27 20:34 - 2010-07-04 12:45 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-08-27 20:34 - 2010-07-04 12:45 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-08-26 18:41 - 2013-07-14 17:03 - 00000000 ____D C:\Users\Juli\AppData\Roaming\Spotify 2015-08-26 18:37 - 2011-11-07 16:00 - 134753440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-08-26 18:36 - 2013-07-14 17:07 - 00000000 ____D C:\Users\Juli\AppData\Local\Spotify ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2010-08-10 18:56 - 2015-02-25 14:51 - 0010426 _____ () C:\Users\Juli\AppData\Roaming\wklnhst.dat 2012-02-15 19:09 - 2012-02-15 19:09 - 0003584 _____ () C:\Users\Juli\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2011-06-25 13:00 - 2015-09-01 15:41 - 0007598 _____ () C:\Users\Juli\AppData\Local\resmon.resmoncfg 2009-08-28 06:36 - 2009-07-18 03:57 - 0036136 _____ (Oberon Media) C:\ProgramData\FullRemove.exe Einige Dateien in TEMP: ==================== C:\Users\Juli\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-09-12 13:47 ==================== Ende von FRST.txt ============================ |
|
14.09.2015, 06:21
| #10 |
| /// the machine /// TB-Ausbilder | Trojaner von Avira gefunden (EXP/Java.HLP.CJ und TR/ATRAPS.Gen2). Windows 7 64 Bit Java und Adobe updaten. Von ESET angemeckerte Downloads löschen. Downloadverhalten überdenken: CHIP-Installer - was ist das? - Anleitungen Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde:  Combofix deinstallieren .
Alle Logs gepostet? Dann lade Dir bitte  DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...  und/oder das Forum mit einer kleinen Spende  unterstützen.   Absicherung:Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. Meine Empfehlung:  Emsisoft Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional:  NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.Lade Software von einem sauberen Portal wie  .Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwarecleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Trojaner von Avira gefunden (EXP/Java.HLP.CJ und TR/ATRAPS.Gen2). Windows 7 64 Bit |
| antivirus, atraps.gen, computer, device driver, dnsapi.dll, exp/java.hlp.cj, flash player, java.hlp.cj, launch, prozesse, registry, safer networking, software, super, svchost.exe, tr/atraps.gen2, tr/atraps.gen2)., tr/crypt.xpack.gen, tr/crypt.xpack.gen3, tr/dropper.gen, trojan.0access, trojan.siredef.c, trojaner, windows xp |
WARNUNG an die MITLESER: 
+ R Taste und schreibe Combofix /Uninstall in das 
Linear-Darstellung
