|
Log-Analyse und Auswertung: Windows 7: Interpol-Trojaner ohne SperrschirmWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
18.11.2015, 15:19 | #1 |
| Windows 7: Interpol-Trojaner ohne Sperrschirm Hallo allerseits, ich hab mir heute leider einen Interpol-Trojaner eingefangen, kann aber ganz normal booten. Ich wäre euch wahnsinnig dankbar, wenn ihr mir helfen könntet! Nachfolgend die gewünschten Logs, allerdings ohne FRST, weil Folgendes erscheint, wenn ich es starten will: "Nicht genug Systemressorucen, um den angeforderten Dienst auszuführen." Was hat das zu bedeuten? defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 14:11 on 18/11/2015 (Neagu) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2015-11-18 14:31:48 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000056 WDC_WD25 rev.15.0 232,89GB Running: Gmer-19357.exe; Driver: C:\Users\Neagu\AppData\Local\Temp\pgdoqpod.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[132] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077361401 2 bytes JMP 76cbb21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[132] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077361419 2 bytes JMP 76cbb346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077361431 2 bytes JMP 76d38fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007736144a 2 bytes CALL 76c9489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[132] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000773614dd 2 bytes JMP 76d388c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[132] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000773614f5 2 bytes JMP 76d38aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[132] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007736150d 2 bytes JMP 76d387ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[132] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077361525 2 bytes JMP 76d38b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[132] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007736153d 2 bytes JMP 76cafca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[132] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077361555 2 bytes JMP 76cb68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[132] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007736156d 2 bytes JMP 76d39089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[132] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077361585 2 bytes JMP 76d38bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[132] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007736159d 2 bytes JMP 76d3877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[132] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000773615b5 2 bytes JMP 76cafd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[132] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000773615cd 2 bytes JMP 76cbb2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[132] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000773616b2 2 bytes JMP 76d38f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[132] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000773616bd 2 bytes JMP 76d38713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe[2800] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077361401 2 bytes JMP 76cbb21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe[2800] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077361419 2 bytes JMP 76cbb346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe[2800] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077361431 2 bytes JMP 76d38fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe[2800] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007736144a 2 bytes CALL 76c9489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe[2800] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000773614dd 2 bytes JMP 76d388c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe[2800] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000773614f5 2 bytes JMP 76d38aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe[2800] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007736150d 2 bytes JMP 76d387ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe[2800] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077361525 2 bytes JMP 76d38b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe[2800] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007736153d 2 bytes JMP 76cafca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe[2800] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077361555 2 bytes JMP 76cb68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe[2800] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007736156d 2 bytes JMP 76d39089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe[2800] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077361585 2 bytes JMP 76d38bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe[2800] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007736159d 2 bytes JMP 76d3877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe[2800] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000773615b5 2 bytes JMP 76cafd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe[2800] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000773615cd 2 bytes JMP 76cbb2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe[2800] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000773616b2 2 bytes JMP 76d38f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe[2800] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000773616bd 2 bytes JMP 76d38713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2888] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077361401 2 bytes JMP 76cbb21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2888] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077361419 2 bytes JMP 76cbb346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077361431 2 bytes JMP 76d38fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007736144a 2 bytes CALL 76c9489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2888] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000773614dd 2 bytes JMP 76d388c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2888] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000773614f5 2 bytes JMP 76d38aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2888] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007736150d 2 bytes JMP 76d387ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2888] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077361525 2 bytes JMP 76d38b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2888] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007736153d 2 bytes JMP 76cafca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2888] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077361555 2 bytes JMP 76cb68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2888] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007736156d 2 bytes JMP 76d39089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2888] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077361585 2 bytes JMP 76d38bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2888] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007736159d 2 bytes JMP 76d3877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2888] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000773615b5 2 bytes JMP 76cafd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2888] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000773615cd 2 bytes JMP 76cbb2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2888] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000773616b2 2 bytes JMP 76d38f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2888] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000773616bd 2 bytes JMP 76d38713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe[2984] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077361401 2 bytes JMP 76cbb21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe[2984] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077361419 2 bytes JMP 76cbb346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe[2984] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077361431 2 bytes JMP 76d38fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe[2984] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007736144a 2 bytes CALL 76c9489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe[2984] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000773614dd 2 bytes JMP 76d388c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe[2984] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000773614f5 2 bytes JMP 76d38aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe[2984] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007736150d 2 bytes JMP 76d387ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe[2984] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077361525 2 bytes JMP 76d38b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe[2984] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007736153d 2 bytes JMP 76cafca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe[2984] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077361555 2 bytes JMP 76cb68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe[2984] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007736156d 2 bytes JMP 76d39089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe[2984] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077361585 2 bytes JMP 76d38bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe[2984] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007736159d 2 bytes JMP 76d3877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe[2984] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000773615b5 2 bytes JMP 76cafd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe[2984] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000773615cd 2 bytes JMP 76cbb2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe[2984] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000773616b2 2 bytes JMP 76d38f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe[2984] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000773616bd 2 bytes JMP 76d38713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\sua.exe[3848] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077361401 2 bytes JMP 76cbb21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\sua.exe[3848] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077361419 2 bytes JMP 76cbb346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\sua.exe[3848] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077361431 2 bytes JMP 76d38fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\sua.exe[3848] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007736144a 2 bytes CALL 76c9489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Secunia\PSI\sua.exe[3848] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000773614dd 2 bytes JMP 76d388c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\sua.exe[3848] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000773614f5 2 bytes JMP 76d38aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\sua.exe[3848] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007736150d 2 bytes JMP 76d387ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\sua.exe[3848] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077361525 2 bytes JMP 76d38b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\sua.exe[3848] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007736153d 2 bytes JMP 76cafca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\sua.exe[3848] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077361555 2 bytes JMP 76cb68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\sua.exe[3848] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007736156d 2 bytes JMP 76d39089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\sua.exe[3848] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077361585 2 bytes JMP 76d38bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\sua.exe[3848] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007736159d 2 bytes JMP 76d3877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\sua.exe[3848] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000773615b5 2 bytes JMP 76cafd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\sua.exe[3848] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000773615cd 2 bytes JMP 76cbb2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\sua.exe[3848] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000773616b2 2 bytes JMP 76d38f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\sua.exe[3848] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000773616bd 2 bytes JMP 76d38713 C:\Windows\syswow64\kernel32.dll ---- Threads - GMER 2.1 ---- Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3452:3064] 0000000076427587 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3452:4732] 00000000671b8aa6 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3452:4992] 000000007796c557 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3452:2548] 00000000779827c1 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3452:6016] 00000000779827c1 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3452:3480] 00000000779827c1 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 49563 Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 42451 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters@DhcpNameServer 192.168.2.1 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters@DhcpDomain Speedport_W_303V_Typ_A Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{80667AD8-0D14-484D-A38D-134BE91BA980}@DhcpIPAddress 192.168.2.101 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{80667AD8-0D14-484D-A38D-134BE91BA980}@DhcpSubnetMask 255.255.255.0 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{80667AD8-0D14-484D-A38D-134BE91BA980}@DhcpServer 192.168.2.1 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{80667AD8-0D14-484D-A38D-134BE91BA980}@DhcpNameServer 192.168.2.1 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{80667AD8-0D14-484D-A38D-134BE91BA980}@DhcpDomain Speedport_W_303V_Typ_A Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{80667AD8-0D14-484D-A38D-134BE91BA980}@DhcpDefaultGateway 192.168.2.1? Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{80667AD8-0D14-484D-A38D-134BE91BA980}@DhcpSubnetMaskOpt 255.255.255.0? ---- EOF - GMER 2.1 ---- Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 18.11.2015 Suchlaufzeit: 14:37 Protokolldatei: MBAM.txt Administrator: Ja Version: 2.2.0.1024 Malware-Datenbank: v2015.11.18.04 Rootkit-Datenbank: v2015.11.14.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Neagu Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 358632 Abgelaufene Zeit: 29 Min., 25 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswerte: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 0 (keine bösartigen Elemente erkannt) Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) |
18.11.2015, 15:47 | #2 |
/// the machine /// TB-Ausbilder | Windows 7: Interpol-Trojaner ohne Sperrschirm FRST löschen und neu laden, AV Programm abschalten.
__________________
__________________ |
19.11.2015, 12:52 | #3 |
| Windows 7: Interpol-Trojaner ohne Sperrschirm Danke für deine Hilfe, schrauber!
__________________FRST: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:18-11-2015 durchgeführt von Neagu (Administrator) auf NEAGU-PC (19-11-2015 12:40:25) Gestartet von C:\Users\Neagu\Desktop Geladene Profile: Neagu (Verfügbare Profile: Neagu) Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe (Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Deutsche Telekom AG) C:\Program Files\Netzmanager\netzmanager.exe () C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11580520 2010-11-11] (Realtek Semiconductor) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-29] (Adobe Systems Incorporated) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-05-24] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe [627304 2011-08-11] () HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [782520 2015-10-16] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-10-14] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-2316090547-2145483676-150453018-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2013-11-28] ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) Startup: C:\Users\Neagu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk [2013-08-23] ShortcutTarget: Netzmanager.lnk -> C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{71FF24E1-EF5F-4E55-840A-EF01886EBFC7}: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{80667AD8-0D14-484D-A38D-134BE91BA980}: [DhcpNameServer] 192.168.2.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-2316090547-2145483676-150453018-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.) BHO-x32: AviraBrowserSafety.BrowserSafety -> {c3c77255-42c0-499f-b664-6e981a0b1647} -> C:\Windows\SysWOW64\mscoree.dll [2010-11-21] (Microsoft Corporation) Toolbar: HKU\S-1-5-21-2316090547-2145483676-150453018-1000 -> Kein Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Keine Datei Toolbar: HKU\S-1-5-21-2316090547-2145483676-150453018-1000 -> Kein Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Keine Datei Handler-x32: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - C:\Windows\SysWOW64\mscoree.dll [2010-11-21] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Neagu\AppData\Roaming\Mozilla\Firefox\Profiles\djoya4xo.default-1426496015576 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-13] () FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-13] () FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-15] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.) FF Extension: WOT - C:\Users\Neagu\AppData\Roaming\Mozilla\Firefox\Profiles\djoya4xo.default-1426496015576\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-11-10] Chrome: ======= CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [932912 2015-10-16] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [461672 2015-10-16] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [461672 2015-10-16] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1147720 2015-10-16] (Avira Operations GmbH & Co. KG) R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [243968 2015-10-14] (Avira Operations GmbH & Co. KG) S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [347200 2014-12-17] (WildTangent) R2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [36456 2011-05-30] (Acer Incorporated) R2 Live Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [244624 2011-04-22] (Acer Incorporated) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG) [Datei ist nicht signiert] R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-11-04] (Secunia) R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-11-04] (Secunia) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [163544 2015-10-16] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [141416 2015-08-04] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-03-17] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [74952 2015-10-16] (Avira Operations GmbH & Co. KG) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation) R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-11-04] (Secunia) R3 TelekomNM6; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [45664 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-11-19 12:40 - 2015-11-19 12:41 - 00012794 _____ C:\Users\Neagu\Desktop\FRST.txt 2015-11-19 12:40 - 2015-11-19 12:40 - 00000000 ____D C:\FRST 2015-11-19 12:37 - 2015-11-19 12:37 - 02008576 _____ (Farbar) C:\Users\Neagu\Desktop\FRST64.exe 2015-11-18 15:14 - 2015-11-18 15:14 - 00001210 _____ C:\Users\Neagu\Desktop\MBAM.txt 2015-11-18 14:31 - 2015-11-18 14:31 - 00022230 _____ C:\Users\Neagu\Desktop\GMER.log 2015-11-18 14:14 - 2015-11-18 14:14 - 00380416 _____ C:\Users\Neagu\Desktop\Gmer-19357.exe 2015-11-18 14:11 - 2015-11-18 14:11 - 00000472 _____ C:\Users\Neagu\Desktop\defogger_disable.log 2015-11-18 14:11 - 2015-11-18 14:11 - 00000000 _____ C:\Users\Neagu\defogger_reenable 2015-11-18 14:09 - 2015-11-18 14:09 - 00050477 _____ C:\Users\Neagu\Desktop\Defogger.exe 2015-11-18 10:51 - 2015-11-18 10:51 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.1.2.lnk 2015-11-18 10:51 - 2015-11-18 10:51 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2 2015-11-18 10:43 - 2015-11-18 10:43 - 00000000 ____D C:\Users\Neagu\Desktop\OpenOffice 4.1.2 (de) Installation Files 2015-11-18 10:38 - 2015-11-18 10:42 - 164803434 _____ C:\Users\Neagu\Downloads\Apache_OpenOffice_4.1.2_Win_x86_install_de.exe 2015-11-14 17:55 - 2015-11-03 22:51 - 00342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-11-14 17:55 - 2015-10-31 00:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-11-14 17:55 - 2015-10-31 00:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-11-14 17:55 - 2015-10-31 00:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-11-14 17:55 - 2015-10-31 00:12 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-11-14 17:55 - 2015-10-30 23:45 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-11-14 17:55 - 2015-10-30 23:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-11-14 17:55 - 2015-10-30 23:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-11-14 17:55 - 2015-10-30 23:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-11-14 17:55 - 2015-10-30 23:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2015-11-14 17:55 - 2015-10-30 22:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-11-14 17:55 - 2015-10-29 18:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll 2015-11-14 17:55 - 2015-10-29 18:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll 2015-11-14 17:55 - 2015-10-29 18:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe 2015-11-14 17:55 - 2015-10-29 18:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll 2015-11-14 17:55 - 2015-10-29 18:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll 2015-11-14 17:55 - 2015-10-29 18:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll 2015-11-14 17:55 - 2015-10-29 18:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe 2015-11-14 17:55 - 2015-10-20 19:42 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-11-14 17:55 - 2015-10-20 19:42 - 02608128 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-11-14 17:55 - 2015-10-20 19:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-11-14 17:55 - 2015-10-20 19:42 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-11-14 17:55 - 2015-10-20 19:42 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-11-14 17:55 - 2015-10-20 19:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-11-14 17:55 - 2015-10-20 19:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-11-14 17:55 - 2015-10-20 19:41 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-11-14 17:55 - 2015-10-20 19:41 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-11-14 17:55 - 2015-10-20 19:41 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-11-14 17:55 - 2015-10-20 19:41 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-11-14 17:55 - 2015-10-20 18:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-11-14 17:55 - 2015-10-20 18:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-11-14 17:55 - 2015-10-20 18:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-11-14 17:55 - 2015-10-20 18:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-11-14 17:55 - 2015-10-20 18:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-11-14 17:54 - 2015-11-03 23:10 - 00390344 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-11-14 17:54 - 2015-10-31 00:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-11-14 17:54 - 2015-10-31 00:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-11-14 17:54 - 2015-10-31 00:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-11-14 17:54 - 2015-10-31 00:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-11-14 17:54 - 2015-10-31 00:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-11-14 17:54 - 2015-10-31 00:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-11-14 17:54 - 2015-10-31 00:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-11-14 17:54 - 2015-10-31 00:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-11-14 17:54 - 2015-10-31 00:13 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-11-14 17:54 - 2015-10-31 00:12 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-11-14 17:54 - 2015-10-31 00:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-11-14 17:54 - 2015-10-31 00:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-11-14 17:54 - 2015-10-31 00:11 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-11-14 17:54 - 2015-10-31 00:04 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-11-14 17:54 - 2015-10-31 00:01 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-11-14 17:54 - 2015-10-30 23:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-11-14 17:54 - 2015-10-30 23:53 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-11-14 17:54 - 2015-10-30 23:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-11-14 17:54 - 2015-10-30 23:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-11-14 17:54 - 2015-10-30 23:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-11-14 17:54 - 2015-10-30 23:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-11-14 17:54 - 2015-10-30 23:46 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-11-14 17:54 - 2015-10-30 23:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-11-14 17:54 - 2015-10-30 23:45 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-11-14 17:54 - 2015-10-30 23:44 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2015-11-14 17:54 - 2015-10-30 23:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-11-14 17:54 - 2015-10-30 23:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-11-14 17:54 - 2015-10-30 23:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-11-14 17:54 - 2015-10-30 23:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-11-14 17:54 - 2015-10-30 23:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-11-14 17:54 - 2015-10-30 23:36 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-11-14 17:54 - 2015-10-30 23:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-11-14 17:54 - 2015-10-30 23:34 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-11-14 17:54 - 2015-10-30 23:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-11-14 17:54 - 2015-10-30 23:29 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-11-14 17:54 - 2015-10-30 23:29 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-11-14 17:54 - 2015-10-30 23:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-11-14 17:54 - 2015-10-30 23:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-11-14 17:54 - 2015-10-30 23:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-11-14 17:54 - 2015-10-30 23:21 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-11-14 17:54 - 2015-10-30 23:18 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-11-14 17:54 - 2015-10-30 23:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-11-14 17:54 - 2015-10-30 23:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-11-14 17:54 - 2015-10-30 23:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2015-11-14 17:54 - 2015-10-30 23:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-11-14 17:54 - 2015-10-30 23:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-11-14 17:54 - 2015-10-30 23:09 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-11-14 17:54 - 2015-10-30 23:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-11-14 17:54 - 2015-10-30 23:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-11-14 17:54 - 2015-10-30 22:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-11-14 17:54 - 2015-10-30 22:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-11-14 17:54 - 2015-10-30 22:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-11-14 17:53 - 2015-10-20 02:12 - 05570496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-11-14 17:53 - 2015-10-20 02:12 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-11-14 17:53 - 2015-10-20 02:12 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-11-14 17:53 - 2015-10-20 02:09 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-11-14 17:53 - 2015-10-20 02:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-11-14 17:53 - 2015-10-20 02:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-11-14 17:53 - 2015-10-20 02:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-11-14 17:53 - 2015-10-20 02:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-11-14 17:53 - 2015-10-20 02:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-11-14 17:53 - 2015-10-20 02:05 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2015-11-14 17:53 - 2015-10-20 02:05 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-11-14 17:53 - 2015-10-20 02:05 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-11-14 17:53 - 2015-10-20 02:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-11-14 17:53 - 2015-10-20 02:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-11-14 17:53 - 2015-10-20 02:05 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-11-14 17:53 - 2015-10-20 02:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-11-14 17:53 - 2015-10-20 02:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-11-14 17:53 - 2015-10-20 02:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-11-14 17:53 - 2015-10-20 02:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-11-14 17:53 - 2015-10-20 02:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-11-14 17:53 - 2015-10-20 02:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-11-14 17:53 - 2015-10-20 02:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-11-14 17:53 - 2015-10-20 02:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-11-14 17:53 - 2015-10-20 02:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2015-11-14 17:53 - 2015-10-20 02:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-11-14 17:53 - 2015-10-20 02:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-11-14 17:53 - 2015-10-20 02:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-11-14 17:53 - 2015-10-20 02:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-11-14 17:53 - 2015-10-20 02:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-11-14 17:53 - 2015-10-20 02:04 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-11-14 17:53 - 2015-10-20 02:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-11-14 17:53 - 2015-10-20 02:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-11-14 17:53 - 2015-10-20 02:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-11-14 17:53 - 2015-10-20 01:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-11-14 17:53 - 2015-10-20 01:53 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-11-14 17:53 - 2015-10-20 01:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-11-14 17:53 - 2015-10-20 01:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:53 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-11-14 17:53 - 2015-10-20 01:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-11-14 17:53 - 2015-10-20 01:48 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-11-14 17:53 - 2015-10-20 01:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-11-14 17:53 - 2015-10-20 01:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-11-14 17:53 - 2015-10-20 01:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-11-14 17:53 - 2015-10-20 01:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-11-14 17:53 - 2015-10-20 01:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-11-14 17:53 - 2015-10-20 01:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-11-14 17:53 - 2015-10-20 01:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-11-14 17:53 - 2015-10-20 01:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2015-11-14 17:53 - 2015-10-20 01:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-11-14 17:53 - 2015-10-20 01:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-11-14 17:53 - 2015-10-20 01:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-11-14 17:53 - 2015-10-20 01:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-11-14 17:53 - 2015-10-20 01:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-11-14 17:53 - 2015-10-20 01:44 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2015-11-14 17:53 - 2015-10-20 01:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-11-14 17:53 - 2015-10-20 01:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-11-14 17:53 - 2015-10-20 01:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-11-14 17:53 - 2015-10-20 01:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-11-14 17:53 - 2015-10-20 01:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-11-14 17:53 - 2015-10-20 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-11-14 17:53 - 2015-10-20 01:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-11-14 17:53 - 2015-10-20 01:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-11-14 17:53 - 2015-10-20 01:35 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:35 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 00:41 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2015-11-14 17:53 - 2015-10-20 00:40 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2015-11-14 17:53 - 2015-10-20 00:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2015-11-14 17:53 - 2015-10-20 00:29 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-11-14 17:53 - 2015-10-20 00:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-11-14 17:53 - 2015-10-20 00:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 00:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 00:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 00:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-11-14 17:53 - 2015-09-23 14:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-11-14 17:53 - 2015-09-23 14:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll 2015-11-14 17:53 - 2015-09-23 14:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll 2015-11-14 17:52 - 2015-11-03 18:55 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-11-14 17:52 - 2015-10-13 17:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2015-11-14 17:52 - 2015-10-13 17:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2015-11-14 17:52 - 2015-10-13 05:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys 2015-11-14 17:51 - 2015-10-01 19:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-11-14 17:51 - 2015-10-01 19:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2015-11-14 17:51 - 2015-10-01 18:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2015-11-09 11:07 - 2015-11-10 17:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-11-19 12:29 - 2011-12-19 00:47 - 01241975 _____ C:\Windows\WindowsUpdate.log 2015-11-19 12:27 - 2009-07-14 05:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-11-19 12:27 - 2009-07-14 05:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-11-19 12:11 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-11-19 12:11 - 2009-07-14 05:51 - 00216817 _____ C:\Windows\setupact.log 2015-11-18 20:02 - 2012-06-26 07:33 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-11-18 14:37 - 2014-06-18 14:25 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-11-18 14:36 - 2013-11-28 14:49 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster 2015-11-18 14:36 - 2011-10-24 09:22 - 00000000 ____D C:\ProgramData\Temp 2015-11-18 14:11 - 2012-06-06 14:58 - 00000000 ____D C:\Users\Neagu 2015-11-18 13:57 - 2012-06-06 14:58 - 00067824 _____ C:\Users\Neagu\AppData\Local\GDIPFONTCACHEV1.DAT 2015-11-18 13:54 - 2009-07-14 05:45 - 00301992 _____ C:\Windows\system32\FNTCACHE.DAT 2015-11-18 10:51 - 2014-03-10 16:13 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4 2015-11-18 10:36 - 2011-11-23 19:22 - 00699432 _____ C:\Windows\system32\perfh007.dat 2015-11-18 10:36 - 2011-11-23 19:22 - 00149572 _____ C:\Windows\system32\perfc007.dat 2015-11-18 10:36 - 2009-07-14 06:13 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI 2015-11-15 17:16 - 2013-08-07 13:19 - 00000000 ____D C:\Windows\system32\MRT 2015-11-15 17:04 - 2013-06-04 08:44 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-11-14 19:57 - 2013-11-28 14:33 - 01594028 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2015-11-14 19:56 - 2010-11-21 08:17 - 00000000 ____D C:\Program Files\Windows Journal 2015-11-13 18:02 - 2012-06-26 07:33 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-11-13 18:02 - 2012-06-26 07:32 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-11-13 18:02 - 2011-10-24 09:19 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-11-10 21:18 - 2015-03-20 10:31 - 00000000 ____D C:\ProgramData\Package Cache 2015-11-10 17:30 - 2015-09-05 14:54 - 00001150 _____ C:\Users\Public\Desktop\Avira Launcher.lnk 2015-11-10 17:30 - 2015-03-20 10:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-11-10 17:15 - 2013-05-11 15:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-11-10 17:15 - 2010-11-21 04:47 - 01515860 _____ C:\Windows\PFRO.log 2015-11-09 23:15 - 2013-12-02 12:09 - 00190976 ___SH C:\Users\Neagu\Documents\Thumbs.db 2015-11-09 23:14 - 2012-07-04 18:19 - 00019645 _____ C:\Users\Neagu\Documents\Bewerbung Niki.odt 2015-11-09 22:12 - 2015-08-07 15:31 - 00000506 _____ C:\Windows\wininit.ini 2015-11-01 16:11 - 2012-10-30 18:42 - 00000000 ____D C:\Users\Neagu\Documents\Telekom-Rechnungen 2015-11-01 16:08 - 2015-07-02 14:07 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2015-11-01 16:07 - 2014-12-24 10:39 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2015-10-23 12:44 - 2012-06-06 15:00 - 00000000 ____D C:\Users\Neagu\AppData\Local\Adobe ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2014-07-17 11:40 - 2014-07-17 11:40 - 0004608 _____ () C:\Users\Neagu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini Einige Dateien in TEMP: ==================== C:\Users\Neagu\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2014-01-03 15:59 ==================== Ende von FRST.txt ============================ Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:18-11-2015 durchgeführt von Neagu (2015-11-19 12:42:53) Gestartet von C:\Users\Neagu\Desktop Windows 7 Home Premium Service Pack 1 (X64) (2012-06-06 13:58:20) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-2316090547-2145483676-150453018-500 - Administrator - Disabled) Gast (S-1-5-21-2316090547-2145483676-150453018-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2316090547-2145483676-150453018-1002 - Limited - Enabled) Neagu (S-1-5-21-2316090547-2145483676-150453018-1000 - Administrator - Enabled) => C:\Users\Neagu ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.009.20077 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1380 - Adobe Systems Incorporated) Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.2.1.650 - Adobe Systems Incorporated) Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated) Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated) Adobe Photoshop Elements 9 (HKLM-x32\...\Adobe Photoshop Elements 9) (Version: 9.0 - Adobe Systems Incorporated) Adobe Premiere Elements 9 (HKLM-x32\...\PremElem90) (Version: 9.0 - Adobe Systems Incorporated) Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden ATI AVIVO64 Codecs (Version: 11.6.0.10524 - ATI Technologies Inc.) Hidden ATI Catalyst Install Manager (HKLM\...\{95F2E76E-230E-BB48-3F15-E4A7F6050962}) (Version: 3.0.829.0 - ATI Technologies, Inc.) Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.13.210 - Avira Operations GmbH & Co. KG) Avira Browser Safety (HKLM-x32\...\{9E10EA90-5E97-43B7-A246-FC7B4F5E9493}) (Version: 1.4.5.509 - Avira Operations GmbH & Co KG) Avira Launcher (HKLM-x32\...\{59c4462d-a177-4d44-a95b-deda1be79844}) (Version: 1.1.49.18939 - Avira Operations GmbH & Co. KG) Avira Launcher (x32 Version: 1.1.49.18939 - Avira Operations GmbH & Co. KG) Hidden Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Crazy Chicken Kart 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1720_38230 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden eBay Worldwide (HKLM-x32\...\{D3E5A972-9A15-427D-AE78-8181A5FD943C}) (Version: 2.2.0409 - OEM) ELAN 4.7.3 (HKLM-x32\...\ELAN 4.7.3) (Version: 4.7.3.0 - MPI - The Language Archive) Elements 9 Organizer (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden Elements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 14.3.20130522 - Landesfinanzdirektion Thüringen) Evernote v. 4.5.1 (HKLM-x32\...\{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}) (Version: 4.5.1.5451 - Evernote Corp.) FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden Fooz Kids (HKLM-x32\...\FoozKids) (Version: 3.0.8 - FUHU, Inc.) Fooz Kids (x32 Version: 3.0.8 - FUHU, Inc.) Hidden Fooz Kids Platform (HKLM-x32\...\{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}) (Version: 2.1 - FUHU, Inc.) Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Free YouTube Download version 3.2.54.219 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.54.219 - DVDVideoSoft Ltd.) Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3505 - Packard Bell) Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Packard Bell) Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) Mozilla Firefox 42.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 de)) (Version: 42.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.8.11000.8.100 - Nero AG) Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG) Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10700.5.100 - Nero AG) Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.5.10300 - Nero AG) Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{68AFA3A7-9265-4ABD-994A-ACA413E3715C}) (Version: 10.6.10300 - Nero AG) Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.6.10500.3.100 - Nero AG) Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG) Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.10900.31.0 - Nero AG) Netzmanager (HKLM-x32\...\Netzmanager) (Version: 1.071 - Deutsche Telekom AG) Netzmanager (Version: 1.071 - Deutsche Telekom AG, Marmiko IT-Solutions GmbH) Hidden Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.4.5 - Notepad++ Team) OpenOffice 4.1.2 (HKLM-x32\...\{F5CAB1AF-7B1A-4CEC-B829-A3F699473AE1}) (Version: 4.12.9782 - Apache Software Foundation) Packard Bell Games (HKLM-x32\...\WildTangent packardbell Master Uninstall) (Version: 1.0.2.5 - WildTangent) Packard Bell Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3502 - Packard Bell) Packard Bell Registration (HKLM-x32\...\Packard Bell Registration) (Version: 1.04.3503 - Packard Bell) Packard Bell ScreenSaver (HKLM-x32\...\Packard Bell Screensaver) (Version: 1.1.0225.2011 - Packard Bell ) PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6242 - Realtek Semiconductor Corp.) Secunia PSI (3.0.0.9015) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9015 - Secunia) Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden SpywareBlaster 5.2 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.2.0 - BrightFort LLC) Toolbox 1.6.1 Jun 2013 (HKLM-x32\...\Toolbox_is1) (Version: - ) Torchlight (x32 Version: 2.2.0.97 - WildTangent) Hidden Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden Welcome Center (HKLM-x32\...\Packard Bell Welcome Center) (Version: 1.02.3504 - Packard Bell) WildTangent Games App (Packard Bell Games) (x32 Version: 4.0.5.14 - WildTangent) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware) Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-2316090547-2145483676-150453018-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Neagu\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => Keine Datei ==================== Wiederherstellungspunkte ========================= 03-11-2015 13:03:54 Windows Update 06-11-2015 17:26:37 Windows Update 10-11-2015 17:24:22 Windows Update 14-11-2015 17:56:03 Windows Update 14-11-2015 19:54:48 Windows Update 15-11-2015 16:53:09 Windows Update 18-11-2015 10:45:19 OpenOffice 4.1.2 wird installiert 18-11-2015 10:47:17 OpenOffice 4.1.2 wird installiert ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2009-07-14 03:34 - 2015-07-04 13:25 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {08C9629D-9B0F-4E9B-80B2-B8008541991A} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2011-05-20] (CyberLink) Task: {0DDB8DDE-D7E5-4CEF-B555-3E1C62FDDBF2} - System32\Tasks\NBAgent => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [2011-07-05] (Nero AG) Task: {2A0DEC04-8035-45E3-A871-56C64540A918} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-13] (Adobe Systems Incorporated) Task: {5972BBC8-C05C-449E-9F0B-BF9F612D56F2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated) Task: {6B5BD2A0-487D-4BF0-8F65-8E56357E8085} - System32\Tasks\{9517AF1B-F0BD-4CDB-8BD7-90D321E52B28} => pcalua.exe -a "C:\Program Files (x86)\ELAN 4.4.0\Uninstall_ELAN 4.6.2\Uninstall ELAN 4.6.2.exe" Task: {9DD60DCE-2C67-4031-A72A-D9BB66747662} - System32\Tasks\{46C65862-DAA3-4681-B3DD-3EB569E94B65} => pcalua.exe -a C:\Users\Neagu\Downloads\ELAN_4-6-2_win_install(1).exe -d C:\Users\Neagu\Downloads (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2010-10-19 08:31 - 2010-10-19 08:31 - 00205312 _____ () C:\Program Files\Netzmanager\NMInfraIS2\driver64\SoftplugLib.DLL 2012-06-18 16:24 - 2012-06-18 16:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll 2011-08-11 04:58 - 2011-08-11 04:58 - 00627304 _____ () C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe 2011-05-24 23:50 - 2011-05-24 23:50 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2011-06-17 13:42 - 2011-06-17 13:42 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2011-08-11 04:57 - 2011-08-11 04:57 - 00151656 _____ () C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyHook.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) AlternateDataStreams: C:\ProgramData\Temp:5C321E34 ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) ==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) IE restricted site: HKU\S-1-5-21-2316090547-2145483676-150453018-1000\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-2316090547-2145483676-150453018-1000\...\008k.com -> 008k.com IE restricted site: HKU\S-1-5-21-2316090547-2145483676-150453018-1000\...\00hq.com -> 00hq.com IE restricted site: HKU\S-1-5-21-2316090547-2145483676-150453018-1000\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-2316090547-2145483676-150453018-1000\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-2316090547-2145483676-150453018-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-2316090547-2145483676-150453018-1000\...\0411dd.com -> 0411dd.com IE restricted site: HKU\S-1-5-21-2316090547-2145483676-150453018-1000\...\0511zfhl.com -> 0511zfhl.com IE restricted site: HKU\S-1-5-21-2316090547-2145483676-150453018-1000\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-2316090547-2145483676-150453018-1000\...\0632qyw.com -> 0632qyw.com IE restricted site: HKU\S-1-5-21-2316090547-2145483676-150453018-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-2316090547-2145483676-150453018-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-2316090547-2145483676-150453018-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-2316090547-2145483676-150453018-1000\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-2316090547-2145483676-150453018-1000\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-2316090547-2145483676-150453018-1000\...\0scan.com -> 0scan.com IE restricted site: HKU\S-1-5-21-2316090547-2145483676-150453018-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com IE restricted site: HKU\S-1-5-21-2316090547-2145483676-150453018-1000\...\1-domains-registrations.com -> 1-domains-registrations.com IE restricted site: HKU\S-1-5-21-2316090547-2145483676-150453018-1000\...\1-se.com -> 1-se.com IE restricted site: HKU\S-1-5-21-2316090547-2145483676-150453018-1000\...\1001movie.com -> 1001movie.com Da befinden sich 6091 mehr Seiten. ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-2316090547-2145483676-150453018-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Neagu\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.2.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist deaktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [{6E427C59-7A9C-43A2-BE3F-AFA019E378C2}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{2B1EB53D-EFF1-4EFA-B780-F005F85FA0A8}] => (Allow) LPort=2869 FirewallRules: [{B32B5A2C-5502-4372-8946-559C6ABDF11D}] => (Allow) LPort=1900 FirewallRules: [{CE16C324-3482-4D50-8776-C9F496CE0585}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{C652498E-4D12-4194-98CD-2742E9BB1203}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe FirewallRules: [{2D1C1181-795E-496D-B690-FDE005B83FF9}] => (Allow) C:\Users\Neagu\AppData\Local\Oxy\Application\bin\oxy-downloader.exe FirewallRules: [{83110DE8-A12C-405C-93F3-89B72FA86738}] => (Allow) C:\Users\Neagu\AppData\Local\Oxy\Application\bin\oxy-downloader.exe FirewallRules: [{574F8DC3-0219-4C17-B49A-4B0FC89AA404}] => (Allow) LPort=9091 FirewallRules: [{D1D560EE-8133-4BD1-B2A9-FD673BC8C436}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{7B9ADDCE-38F9-4753-80ED-A2F472C7A916}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{B5D89ACB-B62E-48FA-9646-9E892122CD9B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{91A856DA-DFB3-499F-BD52-7A2259DB2716}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{F6B426F7-A6B4-44A7-85F7-E2AA5BBE9555}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{8C82664E-B258-45FD-B255-9109A65F0055}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Fehlerhafte Geräte im Gerätemanager ============= ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (11/19/2015 00:13:29 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/18/2015 05:39:40 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/18/2015 03:21:46 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Netzmanager_Service.exe, Version: 1.71.0.301, Zeitstempel: 0x50094873 Name des fehlerhaften Moduls: mscorwks.dll, Version: 2.0.50727.5485, Zeitstempel: 0x53a11d6c Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000001934c8 ID des fehlerhaften Prozesses: 0x%9 Startzeit der fehlerhaften Anwendung: 0xNetzmanager_Service.exe0 Pfad der fehlerhaften Anwendung: Netzmanager_Service.exe1 Pfad des fehlerhaften Moduls: Netzmanager_Service.exe2 Berichtskennung: Netzmanager_Service.exe3 Error: (11/18/2015 03:21:45 PM) (Source: .NET Runtime) (EventID: 1023) (User: ) Description: .NET Runtime version 2.0.50727.5485 - Schwerwiegender Fehler im Ausführungsmodul (000007FEF8C6600A) (80131506). Error: (11/18/2015 01:55:53 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/18/2015 10:46:17 AM) (Source: MsiInstaller) (EventID: 1013) (User: Neagu-PC) Description: Produkt: OpenOffice 4.1.2 -- Bitte beenden Sie OpenOffice 4.1.2 und den OpenOffice 4.1.2-Schnellstarter, bevor Sie fortfahren. Falls Sie ein Mehrbenutzersystem benutzen, stellen Sie sicher, dass kein anderer Nutzer OpenOffice 4.1.2 geöffnet hat. Error: (11/18/2015 10:20:11 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/17/2015 01:22:47 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/16/2015 06:16:12 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/16/2015 10:48:05 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Systemfehler: ============= Error: (11/18/2015 08:04:06 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (11/18/2015 03:21:44 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (11/18/2015 10:35:47 AM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error: (11/18/2015 10:35:46 AM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error: (11/18/2015 10:35:46 AM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error: (11/18/2015 10:35:45 AM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error: (11/17/2015 01:31:00 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (11/17/2015 01:21:56 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Netzmanager Infrastruktur Informationssystem Dienst erreicht. Error: (11/16/2015 07:51:56 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (11/16/2015 11:28:43 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} CodeIntegrity: =================================== Date: 2015-07-04 14:25:00.178 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2015-07-04 14:24:59.960 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2015-07-04 14:24:59.726 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2015-07-04 14:24:59.492 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2015-03-17 10:56:04.643 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2015-03-17 10:56:04.440 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2015-03-17 10:56:04.238 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2015-03-17 10:56:04.050 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2015-03-10 11:15:57.997 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2015-03-10 11:15:56.952 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Speicherinformationen =========================== Prozessor: AMD E-350 Processor Prozentuale Nutzung des RAM: 36% Installierter physikalischer RAM: 3576.26 MB Verfügbarer physikalischer RAM: 2282.4 MB Summe virtueller Speicher: 7150.73 MB Verfügbarer virtueller Speicher: 5126.05 MB ==================== Laufwerke ================================ Drive c: (Packard Bell) (Fixed) (Total:109.46 GB) (Free:18.83 GB) NTFS Drive d: (DATA) (Fixed) (Total:106.33 GB) (Free:106.2 GB) NTFS ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 0BFA26B5) Partition 1: (Not Active) - (Size=17 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=109.5 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=106.3 GB) - (Type=07 NTFS) ==================== Ende von Addition.txt ============================ |
20.11.2015, 16:34 | #4 |
/// the machine /// TB-Ausbilder | Windows 7: Interpol-Trojaner ohne Sperrschirm hi, Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
23.11.2015, 13:53 | #5 |
| Windows 7: Interpol-Trojaner ohne Sperrschirm Sorry für die späte Antwort schrauber, aber dieser PC ist mir leider nicht immer zugänglich. Hier ist die Logfile von TDSSKiller: Code:
ATTFilter 13:48:17.0304 0x0ab8 TDSS rootkit removing tool 3.1.0.6 Nov 16 2015 12:17:23 13:48:22.0671 0x0ab8 ============================================================ 13:48:22.0671 0x0ab8 Current date / time: 2015/11/23 13:48:22.0671 13:48:22.0671 0x0ab8 SystemInfo: 13:48:22.0671 0x0ab8 13:48:22.0671 0x0ab8 OS Version: 6.1.7601 ServicePack: 1.0 13:48:22.0671 0x0ab8 Product type: Workstation 13:48:22.0671 0x0ab8 ComputerName: NEAGU-PC 13:48:22.0671 0x0ab8 UserName: Neagu 13:48:22.0671 0x0ab8 Windows directory: C:\Windows 13:48:22.0671 0x0ab8 System windows directory: C:\Windows 13:48:22.0671 0x0ab8 Running under WOW64 13:48:22.0671 0x0ab8 Processor architecture: Intel x64 13:48:22.0671 0x0ab8 Number of processors: 2 13:48:22.0671 0x0ab8 Page size: 0x1000 13:48:22.0671 0x0ab8 Boot type: Normal boot 13:48:22.0671 0x0ab8 ============================================================ 13:48:23.0014 0x0ab8 KLMD registered as C:\Windows\system32\drivers\65704465.sys 13:48:23.0373 0x0ab8 System UUID: {67EA5236-4BC1-D823-5D20-87041F1CEE11} 13:48:24.0200 0x0ab8 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 13:48:24.0215 0x0ab8 ============================================================ 13:48:24.0215 0x0ab8 \Device\Harddisk0\DR0: 13:48:24.0215 0x0ab8 MBR partitions: 13:48:24.0215 0x0ab8 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2200800, BlocksNum 0x32000 13:48:24.0215 0x0ab8 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2232800, BlocksNum 0xDAE9800 13:48:24.0215 0x0ab8 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xFD1C000, BlocksNum 0xD4A9000 13:48:24.0215 0x0ab8 ============================================================ 13:48:24.0246 0x0ab8 C: <-> \Device\Harddisk0\DR0\Partition2 13:48:24.0309 0x0ab8 D: <-> \Device\Harddisk0\DR0\Partition3 13:48:24.0309 0x0ab8 ============================================================ 13:48:24.0309 0x0ab8 Initialize success 13:48:24.0309 0x0ab8 ============================================================ 13:48:34.0184 0x146c ============================================================ 13:48:34.0184 0x146c Scan started 13:48:34.0184 0x146c Mode: Manual; SigCheck; TDLFS; 13:48:34.0184 0x146c ============================================================ 13:48:34.0184 0x146c KSN ping started 13:48:37.0101 0x146c KSN ping finished: true 13:48:37.0912 0x146c ================ Scan system memory ======================== 13:48:37.0912 0x146c System memory - ok 13:48:37.0912 0x146c ================ Scan services ============================= 13:48:38.0146 0x146c [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 13:48:38.0318 0x146c 1394ohci - ok 13:48:38.0380 0x146c [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys 13:48:38.0427 0x146c ACPI - ok 13:48:38.0442 0x146c [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 13:48:38.0489 0x146c AcpiPmi - ok 13:48:38.0583 0x146c [ 1474F121C3DF1232D3E7239C03691EE6, 26D0F55010CB7C51269D94ECB5C5AA94802607685B9E9791A78B643C6227214F ] AdobeActiveFileMonitor9.0 C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe 13:48:38.0630 0x146c AdobeActiveFileMonitor9.0 - ok 13:48:38.0692 0x146c [ 5DB2C6B908C50767E2EDAA294A7566B5, 13AE4879D679BB0C6B2A5A5B13910359815A9D2E569BC1DE740B5A387A78CF33 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 13:48:38.0723 0x146c AdobeARMservice - ok 13:48:38.0864 0x146c [ 280A526E8111AC6A5BCC1A059E1E0340, FB92DDAE29A097D148AB23D8A0BD2B9E662EC1DBF0DA8B716374D6919B4C646F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 13:48:38.0910 0x146c AdobeFlashPlayerUpdateSvc - ok 13:48:38.0988 0x146c [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 13:48:39.0035 0x146c adp94xx - ok 13:48:39.0082 0x146c [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys 13:48:39.0129 0x146c adpahci - ok 13:48:39.0144 0x146c [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 13:48:39.0176 0x146c adpu320 - ok 13:48:39.0222 0x146c [ 262D7C87D0AC20B96EF9877D3CA478A0, 54F7E5A5F8991C5525500C1ECCF3D3135D13F48866C366E52DF1D052DB2EE15B ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 13:48:39.0285 0x146c AeLookupSvc - ok 13:48:39.0347 0x146c [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD C:\Windows\system32\drivers\afd.sys 13:48:39.0425 0x146c AFD - ok 13:48:39.0456 0x146c [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys 13:48:39.0488 0x146c agp440 - ok 13:48:39.0519 0x146c [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe 13:48:39.0581 0x146c ALG - ok 13:48:39.0628 0x146c [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys 13:48:39.0644 0x146c aliide - ok 13:48:39.0690 0x146c [ 514089CB4A7DF38DC4DD936ADE4114D3, 22941C8FE50C5BEFDDCF4C5A0AB7633DD692D432145738752EA446042B89CFA9 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 13:48:39.0753 0x146c AMD External Events Utility - ok 13:48:39.0784 0x146c [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys 13:48:39.0815 0x146c amdide - ok 13:48:39.0862 0x146c [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 13:48:39.0893 0x146c AmdK8 - ok 13:48:40.0408 0x146c [ 9A4B92150A5E259A7159D914CC3A60D7, 86347094D75B2530B24F00B3ACF9D1F8C330938472D67AC38462742E98762484 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys 13:48:41.0016 0x146c amdkmdag - ok 13:48:41.0079 0x146c [ 9DEB889D152F9C9DBA98BE8986084535, 0125ACA28B1043748DBF555D1935E271A398ACEB07E5C79932E7DC0D1A7028A1 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys 13:48:41.0141 0x146c amdkmdap - ok 13:48:41.0188 0x146c [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 13:48:41.0235 0x146c AmdPPM - ok 13:48:41.0266 0x146c [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys 13:48:41.0282 0x146c amdsata - ok 13:48:41.0313 0x146c [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 13:48:41.0344 0x146c amdsbs - ok 13:48:41.0360 0x146c [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys 13:48:41.0391 0x146c amdxata - ok 13:48:41.0406 0x146c [ 80A508D0C7A21BC13C01D4C671541203, EC9B465B92C87522ED216CECB099AD91833C224E55969E1B3A033EE8A4A4F68D ] amd_sata C:\Windows\system32\DRIVERS\amd_sata.sys 13:48:41.0438 0x146c amd_sata - ok 13:48:41.0469 0x146c [ 2BE940F3A632A1A301B22B096BF221F1, 6D828467CE0D76223C29BDB77E62422014A5842A1FE90E79C179DFDCA8AFDF71 ] amd_xata C:\Windows\system32\DRIVERS\amd_xata.sys 13:48:41.0484 0x146c amd_xata - ok 13:48:41.0765 0x146c [ 6B31C215750CD41567E962D22839EE44, FF0B92807296B88DE37F9F2EB27FF7B73AA998B98074AA54A949A2B79690AFE5 ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe 13:48:41.0843 0x146c AntiVirMailService - ok 13:48:41.0937 0x146c [ 18B0643B3B504E0FDCFCE0C8743B29C7, 1D4C004AD5066F52A4AA039F5364814F8F6B04EC1F704A5A3110172AD465661C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 13:48:41.0984 0x146c AntiVirSchedulerService - ok 13:48:42.0077 0x146c [ 18B0643B3B504E0FDCFCE0C8743B29C7, 1D4C004AD5066F52A4AA039F5364814F8F6B04EC1F704A5A3110172AD465661C ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 13:48:42.0124 0x146c AntiVirService - ok 13:48:42.0249 0x146c [ D84E576299C73B0B1DC477D2B99958C4, D6703C2B63B9FA87C2DA009CC7B6DF76C3603C6A9874B152D685A1B92EE2DF28 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe 13:48:42.0342 0x146c AntiVirWebService - ok 13:48:42.0389 0x146c [ 27DABFB4A6B0140C34DBEC713469592B, A355170D353AFBF0DE4EF53282F8404788FBBD0E2A1B7282B1B2925923E83141 ] AppID C:\Windows\system32\drivers\appid.sys 13:48:42.0436 0x146c AppID - ok 13:48:42.0467 0x146c [ ABC373B9C6275D45F17DB559408FFD1B, 12B355393BEBE2D1D24D7A9DA5E69E03E334899407503BC1CADCF7BE39828223 ] AppIDSvc C:\Windows\System32\appidsvc.dll 13:48:42.0498 0x146c AppIDSvc - ok 13:48:42.0592 0x146c [ 3EA5DA3F459F6ED19E10166965F6892F, F5618A5FA72C5E57BCFA6F2ECB840B1AEC60C72840AF3C1D94D5FCDB5ED2BF5E ] Appinfo C:\Windows\System32\appinfo.dll 13:48:42.0639 0x146c Appinfo - ok 13:48:42.0701 0x146c [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys 13:48:42.0732 0x146c arc - ok 13:48:42.0748 0x146c [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys 13:48:42.0779 0x146c arcsas - ok 13:48:42.0935 0x146c [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 13:48:42.0982 0x146c aspnet_state - ok 13:48:42.0982 0x146c [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 13:48:43.0076 0x146c AsyncMac - ok 13:48:43.0107 0x146c [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys 13:48:43.0138 0x146c atapi - ok 13:48:43.0200 0x146c [ DBB487D09F56C674430AC454FD8BCAB9, CF6413DD5D4876CE1F65E40115994423804AA5EA5CBDEB433DB751B445C17BB8 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys 13:48:43.0232 0x146c AtiHDAudioService - ok 13:48:43.0263 0x146c [ E82E61F46D1336447F4DEFF8C074F13E, 9FC152B33F1D9F5684B687743E943AA26AC17A1093F4C31A43C7012E70BC302E ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie64.sys 13:48:43.0294 0x146c AtiPcie - ok 13:48:43.0372 0x146c [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 13:48:43.0466 0x146c AudioEndpointBuilder - ok 13:48:43.0512 0x146c [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv C:\Windows\System32\Audiosrv.dll 13:48:43.0575 0x146c AudioSrv - ok 13:48:43.0622 0x146c [ 03C6DEB5C74C8140C2167677DBE2F79A, D5C727B007C5B486DECE1A1B83D8155299DD7CB46DC8208CE9185C5BAE5CC33A ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 13:48:43.0668 0x146c avgntflt - ok 13:48:43.0731 0x146c [ 043E5F34C3878C844568658B79B3E55C, D13D8FC5205562E02F252C0EE1AB2236C9212445D6EC3715041EBDF993CB467F ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 13:48:43.0762 0x146c avipbb - ok 13:48:43.0871 0x146c [ 6C4B9A2FF6924405E9ABFB558049D4DD, 9AB314B9ECF41832589726556A93CEAAE2AE774B1738A46A027E833B73A72118 ] Avira.ServiceHost C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe 13:48:43.0934 0x146c Avira.ServiceHost - ok 13:48:43.0980 0x146c [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 13:48:44.0012 0x146c avkmgr - ok 13:48:44.0058 0x146c [ 080860E03F0219AF0A0377A02292741F, F0A151509BFEBFE639CC15388847EB2EDA298CFAE0AC4A1358A1472F42320249 ] avnetflt C:\Windows\system32\DRIVERS\avnetflt.sys 13:48:44.0090 0x146c avnetflt - ok 13:48:44.0152 0x146c [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll 13:48:44.0199 0x146c AxInstSV - ok 13:48:44.0261 0x146c [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 13:48:44.0324 0x146c b06bdrv - ok 13:48:44.0370 0x146c [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 13:48:44.0417 0x146c b57nd60a - ok 13:48:44.0433 0x146c [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll 13:48:44.0480 0x146c BDESVC - ok 13:48:44.0526 0x146c [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys 13:48:44.0604 0x146c Beep - ok 13:48:44.0667 0x146c [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll 13:48:44.0760 0x146c BFE - ok 13:48:44.0838 0x146c [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll 13:48:44.0994 0x146c BITS - ok 13:48:45.0026 0x146c [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 13:48:45.0072 0x146c blbdrive - ok 13:48:45.0088 0x146c [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 13:48:45.0135 0x146c bowser - ok 13:48:45.0166 0x146c [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 13:48:45.0213 0x146c BrFiltLo - ok 13:48:45.0244 0x146c [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 13:48:45.0275 0x146c BrFiltUp - ok 13:48:45.0322 0x146c [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys 13:48:45.0416 0x146c BridgeMP - ok 13:48:45.0447 0x146c [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll 13:48:45.0494 0x146c Browser - ok 13:48:45.0525 0x146c [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys 13:48:45.0572 0x146c Brserid - ok 13:48:45.0587 0x146c [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 13:48:45.0618 0x146c BrSerWdm - ok 13:48:45.0618 0x146c [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 13:48:45.0665 0x146c BrUsbMdm - ok 13:48:45.0681 0x146c [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 13:48:45.0712 0x146c BrUsbSer - ok 13:48:45.0728 0x146c [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 13:48:45.0790 0x146c BTHMODEM - ok 13:48:45.0837 0x146c [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll 13:48:45.0930 0x146c bthserv - ok 13:48:45.0962 0x146c catchme - ok 13:48:45.0993 0x146c [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 13:48:46.0086 0x146c cdfs - ok 13:48:46.0133 0x146c [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 13:48:46.0180 0x146c cdrom - ok 13:48:46.0227 0x146c [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll 13:48:46.0321 0x146c CertPropSvc - ok 13:48:46.0321 0x146c [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys 13:48:46.0367 0x146c circlass - ok 13:48:46.0414 0x146c [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS C:\Windows\system32\CLFS.sys 13:48:46.0461 0x146c CLFS - ok 13:48:46.0555 0x146c [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 13:48:46.0586 0x146c clr_optimization_v2.0.50727_32 - ok 13:48:46.0648 0x146c [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 13:48:46.0679 0x146c clr_optimization_v2.0.50727_64 - ok 13:48:46.0789 0x146c [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 13:48:46.0835 0x146c clr_optimization_v4.0.30319_32 - ok 13:48:46.0867 0x146c [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 13:48:46.0929 0x146c clr_optimization_v4.0.30319_64 - ok 13:48:46.0976 0x146c [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\drivers\CmBatt.sys 13:48:47.0007 0x146c CmBatt - ok 13:48:47.0054 0x146c [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys 13:48:47.0069 0x146c cmdide - ok 13:48:47.0132 0x146c [ EC0511BB85BAA42A9734011685A6732C, 10B52F0860CCB3AA0FC34DDA5C5538BFCF7B6D40738B7756297237FD2D9E01C1 ] CNG C:\Windows\system32\Drivers\cng.sys 13:48:47.0194 0x146c CNG - ok 13:48:47.0194 0x146c [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 13:48:47.0225 0x146c Compbatt - ok 13:48:47.0257 0x146c [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 13:48:47.0303 0x146c CompositeBus - ok 13:48:47.0319 0x146c COMSysApp - ok 13:48:47.0335 0x146c [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 13:48:47.0350 0x146c crcdisk - ok 13:48:47.0397 0x146c [ 7BC3E861F7E8EB543A630090FAE779E0, 52A538F25C853AAC9706CD0D4EBF80B1963391AA175895CFD9D44C8ABBFCFB74 ] CryptSvc C:\Windows\system32\cryptsvc.dll 13:48:47.0444 0x146c CryptSvc - ok 13:48:47.0506 0x146c [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll 13:48:47.0615 0x146c DcomLaunch - ok 13:48:47.0678 0x146c [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll 13:48:47.0787 0x146c defragsvc - ok 13:48:47.0818 0x146c [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys 13:48:47.0896 0x146c DfsC - ok 13:48:47.0927 0x146c [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll 13:48:47.0990 0x146c Dhcp - ok 13:48:48.0161 0x146c [ EC3F433D00365F1A9BC3411BCA7C7140, 0852D747359DE573504EBBDB99DA26D3BFA8B3C7A4836F8E3A5AD94B5571AD5C ] DiagTrack C:\Windows\system32\diagtrack.dll 13:48:48.0286 0x146c DiagTrack - ok 13:48:48.0333 0x146c [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys 13:48:48.0411 0x146c discache - ok 13:48:48.0442 0x146c [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys 13:48:48.0458 0x146c Disk - ok 13:48:48.0505 0x146c [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll 13:48:48.0567 0x146c Dnscache - ok 13:48:48.0598 0x146c [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll 13:48:48.0692 0x146c dot3svc - ok 13:48:48.0707 0x146c [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll 13:48:48.0785 0x146c DPS - ok 13:48:48.0832 0x146c [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 13:48:48.0879 0x146c drmkaud - ok 13:48:48.0957 0x146c [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 13:48:49.0035 0x146c DXGKrnl - ok 13:48:49.0082 0x146c [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll 13:48:49.0175 0x146c EapHost - ok 13:48:49.0378 0x146c [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys 13:48:49.0643 0x146c ebdrv - ok 13:48:49.0690 0x146c [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] EFS C:\Windows\System32\lsass.exe 13:48:49.0721 0x146c EFS - ok 13:48:49.0815 0x146c [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 13:48:49.0909 0x146c ehRecvr - ok 13:48:49.0940 0x146c [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe 13:48:49.0987 0x146c ehSched - ok 13:48:50.0065 0x146c [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys 13:48:50.0111 0x146c elxstor - ok 13:48:50.0127 0x146c [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys 13:48:50.0158 0x146c ErrDev - ok 13:48:50.0236 0x146c [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll 13:48:50.0345 0x146c EventSystem - ok 13:48:50.0377 0x146c [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys 13:48:50.0470 0x146c exfat - ok 13:48:50.0486 0x146c [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys 13:48:50.0564 0x146c fastfat - ok 13:48:50.0626 0x146c [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe 13:48:50.0704 0x146c Fax - ok 13:48:50.0704 0x146c [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys 13:48:50.0782 0x146c fdc - ok 13:48:50.0798 0x146c [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll 13:48:50.0891 0x146c fdPHost - ok 13:48:50.0907 0x146c [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll 13:48:50.0985 0x146c FDResPub - ok 13:48:51.0016 0x146c [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 13:48:51.0032 0x146c FileInfo - ok 13:48:51.0047 0x146c [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 13:48:51.0110 0x146c Filetrace - ok 13:48:51.0125 0x146c [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 13:48:51.0157 0x146c flpydisk - ok 13:48:51.0188 0x146c [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 13:48:51.0219 0x146c FltMgr - ok 13:48:51.0313 0x146c [ D5A775990A7C202A037378FDBCDB6141, 27AD242914FAFB7A27B3045C0F0F6AFE6873FE331A51D8BB29A63B5D84C72EFB ] FontCache C:\Windows\system32\FntCache.dll 13:48:51.0422 0x146c FontCache - ok 13:48:51.0484 0x146c [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 13:48:51.0500 0x146c FontCache3.0.0.0 - ok 13:48:51.0531 0x146c [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 13:48:51.0547 0x146c FsDepends - ok 13:48:51.0578 0x146c [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 13:48:51.0609 0x146c Fs_Rec - ok 13:48:51.0656 0x146c [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 13:48:51.0703 0x146c fvevol - ok 13:48:51.0734 0x146c [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 13:48:51.0765 0x146c gagp30kx - ok 13:48:51.0905 0x146c [ D289BA51801E162273A8385E3CCE0D0A, 461F3E85EAF33E553B047D5974D8542138E18EFB7EF905EE7E9CDC1A07CA41C7 ] GamesAppIntegrationService C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe 13:48:51.0952 0x146c GamesAppIntegrationService - ok 13:48:52.0030 0x146c [ C23410A44ADDF0E1A9B4BA42A5DD5EA7, 384382D16D09A17E29D8348E1CF8DD7E377607DB3472AB8888EF8E83671B772C ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe 13:48:52.0077 0x146c GamesAppService - ok 13:48:52.0155 0x146c [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll 13:48:52.0264 0x146c gpsvc - ok 13:48:52.0327 0x146c [ C9B2D1D3F86FD3673EF847DEF73B6F9E, 9D3822A6464F685F770F8D02A8AE623A676888F135E8425C3BAF1CC077429A7F ] GREGService C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe 13:48:52.0373 0x146c GREGService - ok 13:48:52.0405 0x146c [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 13:48:52.0436 0x146c hcw85cir - ok 13:48:52.0483 0x146c [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 13:48:52.0545 0x146c HdAudAddService - ok 13:48:52.0576 0x146c [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 13:48:52.0639 0x146c HDAudBus - ok 13:48:52.0639 0x146c [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 13:48:52.0685 0x146c HidBatt - ok 13:48:52.0701 0x146c [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys 13:48:52.0748 0x146c HidBth - ok 13:48:52.0763 0x146c [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys 13:48:52.0810 0x146c HidIr - ok 13:48:52.0841 0x146c [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\System32\hidserv.dll 13:48:52.0904 0x146c hidserv - ok 13:48:52.0951 0x146c [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 13:48:52.0966 0x146c HidUsb - ok 13:48:52.0997 0x146c [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll 13:48:53.0075 0x146c hkmsvc - ok 13:48:53.0107 0x146c [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll 13:48:53.0138 0x146c HomeGroupListener - ok 13:48:53.0169 0x146c [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 13:48:53.0216 0x146c HomeGroupProvider - ok 13:48:53.0231 0x146c [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 13:48:53.0263 0x146c HpSAMD - ok 13:48:53.0356 0x146c [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP C:\Windows\system32\drivers\HTTP.sys 13:48:53.0434 0x146c HTTP - ok 13:48:53.0465 0x146c [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 13:48:53.0497 0x146c hwpolicy - ok 13:48:53.0528 0x146c [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 13:48:53.0559 0x146c i8042prt - ok 13:48:53.0606 0x146c [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 13:48:53.0653 0x146c iaStorV - ok 13:48:53.0731 0x146c [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 13:48:53.0809 0x146c idsvc - ok 13:48:53.0824 0x146c IEEtwCollectorService - ok 13:48:53.0855 0x146c [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys 13:48:53.0871 0x146c iirsp - ok 13:48:53.0949 0x146c [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll 13:48:54.0043 0x146c IKEEXT - ok 13:48:54.0214 0x146c [ 82D0C8C47F6A52B695F405661D1DF50E, 338894EC24CB4D04926DDB2A7E4281D8F0FDBC5E491ACB38132899CA8AA1A608 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 13:48:54.0401 0x146c IntcAzAudAddService - ok 13:48:54.0433 0x146c [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys 13:48:54.0448 0x146c intelide - ok 13:48:54.0495 0x146c [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\drivers\intelppm.sys 13:48:54.0542 0x146c intelppm - ok 13:48:54.0589 0x146c [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll 13:48:54.0682 0x146c IPBusEnum - ok 13:48:54.0698 0x146c [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 13:48:54.0791 0x146c IpFilterDriver - ok 13:48:54.0854 0x146c [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 13:48:54.0916 0x146c iphlpsvc - ok 13:48:54.0932 0x146c [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 13:48:54.0963 0x146c IPMIDRV - ok 13:48:54.0979 0x146c [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys 13:48:55.0072 0x146c IPNAT - ok 13:48:55.0103 0x146c [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys 13:48:55.0150 0x146c IRENUM - ok 13:48:55.0166 0x146c [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys 13:48:55.0181 0x146c isapnp - ok 13:48:55.0228 0x146c [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 13:48:55.0259 0x146c iScsiPrt - ok 13:48:55.0275 0x146c [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 13:48:55.0306 0x146c kbdclass - ok 13:48:55.0322 0x146c [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 13:48:55.0353 0x146c kbdhid - ok 13:48:55.0384 0x146c [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] KeyIso C:\Windows\system32\lsass.exe 13:48:55.0415 0x146c KeyIso - ok 13:48:55.0447 0x146c [ BCC83F22805F560C8A487F2F296A78FE, B6729B9D85CC3B9377E3143FEF920EFAA82D152845A43074417E9266C9F5C1A8 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 13:48:55.0478 0x146c KSecDD - ok 13:48:55.0509 0x146c [ 33D52A96BEEE8AFCE9E07EEC9FE0C9DB, 5367B46A43296792A0E6294906D40511079D5CAA23F08D5A7EDE02C06AD34484 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 13:48:55.0540 0x146c KSecPkg - ok 13:48:55.0540 0x146c [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 13:48:55.0618 0x146c ksthunk - ok 13:48:55.0665 0x146c [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll 13:48:55.0790 0x146c KtmRm - ok 13:48:55.0837 0x146c [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\System32\srvsvc.dll 13:48:55.0930 0x146c LanmanServer - ok 13:48:55.0977 0x146c [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 13:48:56.0055 0x146c LanmanWorkstation - ok 13:48:56.0149 0x146c [ B705C7097F9A0EC941D02DCE7C7D426C, 1A137BEA25BF7BA1EF190212CD6E556B53293D6388E9F7E790BF53F641F3CF89 ] Live Updater Service C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe 13:48:56.0180 0x146c Live Updater Service - ok 13:48:56.0227 0x146c [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 13:48:56.0289 0x146c lltdio - ok 13:48:56.0336 0x146c [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll 13:48:56.0429 0x146c lltdsvc - ok 13:48:56.0461 0x146c [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll 13:48:56.0523 0x146c lmhosts - ok 13:48:56.0570 0x146c [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 13:48:56.0601 0x146c LSI_FC - ok 13:48:56.0617 0x146c [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 13:48:56.0648 0x146c LSI_SAS - ok 13:48:56.0663 0x146c [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 13:48:56.0679 0x146c LSI_SAS2 - ok 13:48:56.0695 0x146c [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 13:48:56.0726 0x146c LSI_SCSI - ok 13:48:56.0757 0x146c [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys 13:48:56.0851 0x146c luafv - ok 13:48:56.0897 0x146c [ CFBC6C6D8A492697CABD1D353EE64933, DDAA844908324740C891EB8F08E2A8BB00457063B31C4A762745C1C2415FC12D ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 13:48:56.0913 0x146c MBAMProtector - ok 13:48:57.0069 0x146c [ 40C126CB15FAB7D6C66490DCA9C1AED2, B32CEE2D2409232C245427D5E9647FDF59AF1D8AB5E8A98EE2D1F1314599FD14 ] MBAMService C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe 13:48:57.0163 0x146c MBAMService - ok 13:48:57.0209 0x146c [ D61070CFAD43038DC56AEAD9BFE9CE2A, BD77AEF60E7FD2015CB14A464799304359547146C14A47F8D25274ACFA2E42D5 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys 13:48:57.0225 0x146c MBAMWebAccessControl - ok 13:48:57.0272 0x146c [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 13:48:57.0303 0x146c Mcx2Svc - ok 13:48:57.0334 0x146c [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys 13:48:57.0350 0x146c megasas - ok 13:48:57.0412 0x146c [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 13:48:57.0459 0x146c MegaSR - ok 13:48:57.0490 0x146c [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll 13:48:57.0584 0x146c MMCSS - ok 13:48:57.0599 0x146c [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys 13:48:57.0677 0x146c Modem - ok 13:48:57.0709 0x146c [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 13:48:57.0755 0x146c monitor - ok 13:48:57.0787 0x146c [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 13:48:57.0802 0x146c mouclass - ok 13:48:57.0818 0x146c [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 13:48:57.0865 0x146c mouhid - ok 13:48:57.0911 0x146c [ 67050452C0118BAF2883928E6FCCFE47, 335FC0AEB7B47DCC7CE0CF3F424EB60ACB1327D2FF6515F04D9AC03A10FF1E31 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 13:48:57.0943 0x146c mountmgr - ok 13:48:58.0005 0x146c [ 0DE2474F316C515482ABAD3B697F8714, 62862AE7432F5350068E96AD466093359C6CF444EB517AE6D09134FAF78C49F5 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 13:48:58.0036 0x146c MozillaMaintenance - ok 13:48:58.0067 0x146c [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys 13:48:58.0099 0x146c mpio - ok 13:48:58.0130 0x146c [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 13:48:58.0192 0x146c mpsdrv - ok 13:48:58.0286 0x146c [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll 13:48:58.0411 0x146c MpsSvc - ok 13:48:58.0457 0x146c [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 13:48:58.0504 0x146c MRxDAV - ok 13:48:58.0535 0x146c [ 73ADDCC406B86E7DA4416691E8E74BDA, 4EC970B9095E6DAA79BF7EFB92DF3F2C0AB0C46739AA36C171A262E05B63CBB5 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 13:48:58.0598 0x146c mrxsmb - ok 13:48:58.0645 0x146c [ 7C81098FBAF2EAF5B54B939F832B0F61, 999435DF4638ECB136D5BF1B84305A84B215BAB542E4D5301E57D28D507E11B3 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 13:48:58.0691 0x146c mrxsmb10 - ok 13:48:58.0738 0x146c [ ACB763673BCCE6C7B3B8F858C9FE4F1F, CCD49558F8A01A225AEAE60BF299BCA6E9399E39F4F553FABC36CADB164BBBC0 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 13:48:58.0769 0x146c mrxsmb20 - ok 13:48:58.0816 0x146c [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys 13:48:58.0847 0x146c msahci - ok 13:48:58.0879 0x146c [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys 13:48:58.0910 0x146c msdsm - ok 13:48:58.0941 0x146c [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe 13:48:58.0988 0x146c MSDTC - ok 13:48:59.0035 0x146c [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys 13:48:59.0113 0x146c Msfs - ok 13:48:59.0128 0x146c [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 13:48:59.0191 0x146c mshidkmdf - ok 13:48:59.0206 0x146c [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 13:48:59.0237 0x146c msisadrv - ok 13:48:59.0284 0x146c [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 13:48:59.0378 0x146c MSiSCSI - ok 13:48:59.0378 0x146c msiserver - ok 13:48:59.0425 0x146c [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 13:48:59.0518 0x146c MSKSSRV - ok 13:48:59.0518 0x146c [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 13:48:59.0596 0x146c MSPCLOCK - ok 13:48:59.0612 0x146c [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 13:48:59.0690 0x146c MSPQM - ok 13:48:59.0721 0x146c [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 13:48:59.0768 0x146c MsRPC - ok 13:48:59.0783 0x146c [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 13:48:59.0799 0x146c mssmbios - ok 13:48:59.0815 0x146c [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 13:48:59.0908 0x146c MSTEE - ok 13:48:59.0908 0x146c [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 13:48:59.0939 0x146c MTConfig - ok 13:48:59.0955 0x146c [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys 13:48:59.0986 0x146c Mup - ok 13:49:00.0033 0x146c [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll 13:49:00.0158 0x146c napagent - ok 13:49:00.0220 0x146c [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 13:49:00.0283 0x146c NativeWifiP - ok 13:49:00.0392 0x146c [ 13AA2130F2A104DD775EAD0F0EE5417B, EBA07599FC2D10750CE6372EA6BA94EDDAFFF732223A1135F1971B958A6B57A2 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe 13:49:00.0454 0x146c NAUpdate - ok 13:49:00.0532 0x146c [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS C:\Windows\system32\drivers\ndis.sys 13:49:00.0610 0x146c NDIS - ok 13:49:00.0641 0x146c [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 13:49:00.0719 0x146c NdisCap - ok 13:49:00.0782 0x146c [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 13:49:00.0860 0x146c NdisTapi - ok 13:49:00.0891 0x146c [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 13:49:00.0985 0x146c Ndisuio - ok 13:49:01.0000 0x146c [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 13:49:01.0063 0x146c NdisWan - ok 13:49:01.0078 0x146c [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 13:49:01.0187 0x146c NDProxy - ok 13:49:01.0187 0x146c [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 13:49:01.0265 0x146c NetBIOS - ok 13:49:01.0281 0x146c [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 13:49:01.0375 0x146c NetBT - ok 13:49:01.0390 0x146c [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] Netlogon C:\Windows\system32\lsass.exe 13:49:01.0421 0x146c Netlogon - ok 13:49:01.0484 0x146c [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll 13:49:01.0577 0x146c Netman - ok 13:49:01.0671 0x146c [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 13:49:01.0702 0x146c NetMsmqActivator - ok 13:49:01.0733 0x146c [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 13:49:01.0780 0x146c NetPipeActivator - ok 13:49:01.0811 0x146c [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll 13:49:01.0905 0x146c netprofm - ok 13:49:01.0983 0x146c [ AF5F224A600F50B7D2B77F4AE59C1ABE, 73FDAE8E630BB6BF2C4D92CB80E477914D489482D9DF0B1F932025C9DDFF0C57 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys 13:49:02.0061 0x146c netr28x - ok 13:49:02.0077 0x146c [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 13:49:02.0123 0x146c NetTcpActivator - ok 13:49:02.0139 0x146c [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 13:49:02.0170 0x146c NetTcpPortSharing - ok 13:49:02.0389 0x146c [ 82FFC84EC3AFC2F2D38DB880F50157C0, 4D37A44A5BBD3ECA2B29FE8565FC5840093E5BB41D197BEDA406BCE4A7C3479A ] Netzmanager Service C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe 13:49:02.0576 0x146c Netzmanager Service - detected UnsignedFile.Multi.Generic ( 1 ) 13:49:05.0431 0x146c Detect skipped due to KSN trusted 13:49:05.0431 0x146c Netzmanager Service - ok 13:49:05.0477 0x146c [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 13:49:05.0509 0x146c nfrd960 - ok 13:49:05.0555 0x146c [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll 13:49:05.0602 0x146c NlaSvc - ok 13:49:05.0633 0x146c [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys 13:49:05.0711 0x146c Npfs - ok 13:49:05.0743 0x146c [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll 13:49:05.0821 0x146c nsi - ok 13:49:05.0821 0x146c [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 13:49:05.0914 0x146c nsiproxy - ok 13:49:06.0070 0x146c [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 13:49:06.0195 0x146c Ntfs - ok 13:49:06.0242 0x146c [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys 13:49:06.0304 0x146c Null - ok 13:49:06.0351 0x146c [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys 13:49:06.0382 0x146c nvraid - ok 13:49:06.0398 0x146c [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys 13:49:06.0429 0x146c nvstor - ok 13:49:06.0445 0x146c [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 13:49:06.0476 0x146c nv_agp - ok 13:49:06.0491 0x146c [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 13:49:06.0538 0x146c ohci1394 - ok 13:49:06.0585 0x146c [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 13:49:06.0632 0x146c p2pimsvc - ok 13:49:06.0694 0x146c [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll 13:49:06.0772 0x146c p2psvc - ok 13:49:06.0803 0x146c [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys 13:49:06.0850 0x146c Parport - ok 13:49:06.0897 0x146c [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys 13:49:06.0928 0x146c partmgr - ok 13:49:06.0944 0x146c [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc C:\Windows\System32\pcasvc.dll 13:49:06.0991 0x146c PcaSvc - ok 13:49:07.0037 0x146c [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys 13:49:07.0069 0x146c pci - ok 13:49:07.0100 0x146c [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys 13:49:07.0115 0x146c pciide - ok 13:49:07.0147 0x146c [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 13:49:07.0178 0x146c pcmcia - ok 13:49:07.0193 0x146c [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys 13:49:07.0225 0x146c pcw - ok 13:49:07.0271 0x146c [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH C:\Windows\system32\drivers\peauth.sys 13:49:07.0334 0x146c PEAUTH - ok 13:49:07.0427 0x146c [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe 13:49:07.0474 0x0910 Object required for P2P: [ 6C4B9A2FF6924405E9ABFB558049D4DD ] Avira.ServiceHost 13:49:07.0474 0x146c PerfHost - ok 13:49:07.0599 0x146c [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll 13:49:07.0771 0x146c pla - ok 13:49:07.0849 0x146c [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 13:49:07.0895 0x146c PlugPlay - ok 13:49:07.0911 0x146c [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 13:49:07.0958 0x146c PNRPAutoReg - ok 13:49:07.0989 0x146c [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 13:49:08.0020 0x146c PNRPsvc - ok 13:49:08.0083 0x146c [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 13:49:08.0192 0x146c PolicyAgent - ok 13:49:08.0207 0x146c [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll 13:49:08.0301 0x146c Power - ok 13:49:08.0363 0x146c [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 13:49:08.0441 0x146c PptpMiniport - ok 13:49:08.0488 0x146c [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys 13:49:08.0519 0x146c Processor - ok 13:49:08.0582 0x146c [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll 13:49:08.0644 0x146c ProfSvc - ok 13:49:08.0691 0x146c [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] ProtectedStorage C:\Windows\system32\lsass.exe 13:49:08.0722 0x146c ProtectedStorage - ok 13:49:08.0738 0x146c [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys 13:49:08.0831 0x146c Psched - ok 13:49:08.0894 0x146c [ DD3FD48D69F5FBBB21D46D1514C1C2DB, 2B188E3AC4BD9B608D375DD550507717852C2AF7C0F99FFED90098999B9D4F01 ] PSI C:\Windows\system32\DRIVERS\psi_mf_amd64.sys 13:49:08.0925 0x146c PSI - ok 13:49:08.0956 0x146c [ 87B04878A6D59D6C79251DC960C674C1, 3EB8DB0624E646F0A65D0381408D35CF9FDC5ABFC30DF6431F4070A8EB68447C ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys 13:49:08.0987 0x146c PxHlpa64 - ok 13:49:09.0097 0x146c [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 13:49:09.0221 0x146c ql2300 - ok 13:49:09.0253 0x146c [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 13:49:09.0284 0x146c ql40xx - ok 13:49:09.0331 0x146c [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll 13:49:09.0393 0x146c QWAVE - ok 13:49:09.0424 0x146c [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 13:49:09.0471 0x146c QWAVEdrv - ok 13:49:09.0487 0x146c [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 13:49:09.0549 0x146c RasAcd - ok 13:49:09.0596 0x146c [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 13:49:09.0674 0x146c RasAgileVpn - ok 13:49:09.0705 0x146c [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll 13:49:09.0799 0x146c RasAuto - ok 13:49:09.0845 0x146c [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 13:49:09.0955 0x146c Rasl2tp - ok 13:49:09.0986 0x146c [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll 13:49:10.0064 0x146c RasMan - ok 13:49:10.0095 0x146c [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 13:49:10.0173 0x146c RasPppoe - ok 13:49:10.0204 0x146c [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 13:49:10.0282 0x146c RasSstp - ok 13:49:10.0313 0x146c [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 13:49:10.0407 0x146c rdbss - ok 13:49:10.0438 0x146c [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\drivers\rdpbus.sys 13:49:10.0469 0x146c rdpbus - ok 13:49:10.0485 0x146c [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 13:49:10.0579 0x146c RDPCDD - ok 13:49:10.0594 0x146c [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 13:49:10.0672 0x146c RDPENCDD - ok 13:49:10.0672 0x146c [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 13:49:10.0766 0x146c RDPREFMP - ok 13:49:10.0844 0x146c [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys 13:49:10.0891 0x146c RdpVideoMiniport - ok 13:49:10.0937 0x146c [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 13:49:10.0984 0x146c RDPWD - ok 13:49:11.0015 0x146c [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 13:49:11.0047 0x146c rdyboost - ok 13:49:11.0078 0x146c [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll 13:49:11.0171 0x146c RemoteAccess - ok 13:49:11.0203 0x146c [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll 13:49:11.0296 0x146c RemoteRegistry - ok 13:49:11.0327 0x146c [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 13:49:11.0437 0x146c RpcEptMapper - ok 13:49:11.0468 0x146c [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe 13:49:11.0499 0x146c RpcLocator - ok 13:49:11.0515 0x0910 Object send P2P result: true 13:49:11.0546 0x146c [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll 13:49:11.0655 0x146c RpcSs - ok 13:49:11.0702 0x146c [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 13:49:11.0780 0x146c rspndr - ok 13:49:11.0858 0x146c [ E50CFB92986DCAB49DE93788FD695813, EAE103008B967B0F064EDDA551AA553EE7C22D39D14FA0BBFEF41C4D1B6C99E5 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 13:49:11.0905 0x146c RTL8167 - ok 13:49:11.0936 0x146c [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] SamSs C:\Windows\system32\lsass.exe 13:49:11.0951 0x146c SamSs - ok 13:49:11.0983 0x146c [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 13:49:12.0014 0x146c sbp2port - ok 13:49:12.0061 0x146c [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll 13:49:12.0139 0x146c SCardSvr - ok 13:49:12.0154 0x146c [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 13:49:12.0232 0x146c scfilter - ok 13:49:12.0326 0x146c [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule C:\Windows\system32\schedsvc.dll 13:49:12.0435 0x146c Schedule - ok 13:49:12.0482 0x146c [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll 13:49:12.0544 0x146c SCPolicySvc - ok 13:49:12.0591 0x146c [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll 13:49:12.0638 0x146c SDRSVC - ok 13:49:12.0685 0x146c [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys 13:49:12.0716 0x146c secdrv - ok 13:49:12.0716 0x146c [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll 13:49:12.0794 0x146c seclogon - ok 13:49:12.0981 0x146c [ DA6C0E0B15CD0B135FD385AEABAE3A4C, 1DBED093D4BD1E800828D8E0EB19EDA7FD1E963AABD4F71D61F1AD04F669290F ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe 13:49:13.0059 0x146c Secunia PSI Agent - ok 13:49:13.0153 0x146c [ 71761EDC432A0E39CF621105884E738E, 935133326B794F6DEAA97B9B6B6295AC6A884C3B73ABCD5662A79CEAD8EEA5EE ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe 13:49:13.0215 0x146c Secunia Update Agent - ok 13:49:13.0231 0x146c [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\system32\sens.dll 13:49:13.0324 0x146c SENS - ok 13:49:13.0355 0x146c [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll 13:49:13.0387 0x146c SensrSvc - ok 13:49:13.0433 0x146c [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\drivers\serenum.sys 13:49:13.0480 0x146c Serenum - ok 13:49:13.0496 0x146c [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\drivers\serial.sys 13:49:13.0543 0x146c Serial - ok 13:49:13.0558 0x146c [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys 13:49:13.0589 0x146c sermouse - ok 13:49:13.0652 0x146c [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll 13:49:13.0730 0x146c SessionEnv - ok 13:49:13.0745 0x146c [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 13:49:13.0777 0x146c sffdisk - ok 13:49:13.0777 0x146c [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 13:49:13.0823 0x146c sffp_mmc - ok 13:49:13.0823 0x146c [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 13:49:13.0870 0x146c sffp_sd - ok 13:49:13.0886 0x146c [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 13:49:13.0901 0x146c sfloppy - ok 13:49:13.0964 0x146c [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll 13:49:14.0073 0x146c SharedAccess - ok 13:49:14.0104 0x146c [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 13:49:14.0229 0x146c ShellHWDetection - ok 13:49:14.0260 0x146c [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 13:49:14.0291 0x146c SiSRaid2 - ok 13:49:14.0291 0x146c [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 13:49:14.0323 0x146c SiSRaid4 - ok 13:49:14.0338 0x146c [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys 13:49:14.0432 0x146c Smb - ok 13:49:14.0463 0x146c [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 13:49:14.0510 0x146c SNMPTRAP - ok 13:49:14.0541 0x146c [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys 13:49:14.0557 0x146c spldr - ok 13:49:14.0619 0x146c [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe 13:49:14.0697 0x146c Spooler - ok 13:49:14.0900 0x146c [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe 13:49:15.0212 0x146c sppsvc - ok 13:49:15.0243 0x146c [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll 13:49:15.0321 0x146c sppuinotify - ok 13:49:15.0368 0x146c [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys 13:49:15.0415 0x146c srv - ok 13:49:15.0461 0x146c [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 13:49:15.0524 0x146c srv2 - ok 13:49:15.0539 0x146c [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 13:49:15.0571 0x146c srvnet - ok 13:49:15.0633 0x146c [ ED161B91FDF7EAA39469D72D463D5F4E, FC793E378FB709313D0AC44F59BF5C9488D73235AA2B1A21C50C3DED91C6BE62 ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys 13:49:15.0649 0x146c sscdbus - ok 13:49:15.0695 0x146c [ 4CB09E77593DBD8D7AF33B37375CA715, 7B14851A8EDAA996D28335FD4DA812C6114DD5012E1E929F4813797CDC77E5BC ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys 13:49:15.0711 0x146c sscdmdfl - ok 13:49:15.0758 0x146c [ C7B4CF53497A6E5363F3439427663882, 993278ADAAC18F12FE00CCF76681461451DA335F67BB581FC7326045048EC085 ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys 13:49:15.0789 0x146c sscdmdm - ok 13:49:15.0820 0x146c [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 13:49:15.0898 0x146c SSDPSRV - ok 13:49:15.0914 0x146c [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll 13:49:15.0992 0x146c SstpSvc - ok 13:49:16.0007 0x146c [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys 13:49:16.0039 0x146c stexstor - ok 13:49:16.0117 0x146c [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll 13:49:16.0195 0x146c stisvc - ok 13:49:16.0226 0x146c [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys 13:49:16.0257 0x146c swenum - ok 13:49:16.0288 0x146c [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll 13:49:16.0397 0x146c swprv - ok 13:49:16.0507 0x146c [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain C:\Windows\system32\sysmain.dll 13:49:16.0647 0x146c SysMain - ok 13:49:16.0678 0x146c [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll 13:49:16.0741 0x146c TabletInputService - ok 13:49:16.0756 0x146c [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll 13:49:16.0865 0x146c TapiSrv - ok 13:49:16.0897 0x146c [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll 13:49:16.0959 0x146c TBS - ok 13:49:17.0115 0x146c [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 13:49:17.0271 0x146c Tcpip - ok 13:49:17.0380 0x146c [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 13:49:17.0505 0x146c TCPIP6 - ok 13:49:17.0552 0x146c [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 13:49:17.0583 0x146c tcpipreg - ok 13:49:17.0630 0x146c [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 13:49:17.0661 0x146c TDPIPE - ok 13:49:17.0708 0x146c [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 13:49:17.0739 0x146c TDTCP - ok 13:49:17.0786 0x146c [ AA77EB517D2F07A947294F260E3ACA83, B7A5DF3066830C0C2302B059778A67419792058A0D300C471DE40AB245EA7E58 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 13:49:17.0817 0x146c tdx - ok 13:49:17.0895 0x146c [ 4283D7125BA4BD0CB50BB0F78B54257A, A9DBFC45CDF7444BA7AD92734E66E3E4F844BF036AC19FD43F915151191F12C5 ] TelekomNM6 C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys 13:49:17.0926 0x146c TelekomNM6 - ok 13:49:17.0942 0x146c [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys 13:49:17.0973 0x146c TermDD - ok 13:49:18.0051 0x146c [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll 13:49:18.0113 0x146c TermService - ok 13:49:18.0160 0x146c [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll 13:49:18.0223 0x146c Themes - ok 13:49:18.0254 0x146c [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll 13:49:18.0332 0x146c THREADORDER - ok 13:49:18.0379 0x146c [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll 13:49:18.0457 0x146c TrkWks - ok 13:49:18.0535 0x146c [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 13:49:18.0628 0x146c TrustedInstaller - ok 13:49:18.0659 0x146c [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 13:49:18.0691 0x146c tssecsrv - ok 13:49:18.0737 0x146c [ 17C6B51CBCCDED95B3CC14E22791F85E, EE417C19E9B2C258D62A74F1F2421AFFBAC67ACD62481CAA08F5B6A3439C1D7C ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 13:49:18.0784 0x146c TsUsbFlt - ok 13:49:18.0831 0x146c [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 13:49:18.0862 0x146c TsUsbGD - ok 13:49:18.0925 0x146c [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 13:49:19.0018 0x146c tunnel - ok 13:49:19.0049 0x146c [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 13:49:19.0081 0x146c uagp35 - ok 13:49:19.0112 0x146c [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 13:49:19.0205 0x146c udfs - ok 13:49:19.0268 0x146c [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe 13:49:19.0315 0x146c UI0Detect - ok 13:49:19.0330 0x146c [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 13:49:19.0377 0x146c uliagpkx - ok 13:49:19.0393 0x146c [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys 13:49:19.0424 0x146c umbus - ok 13:49:19.0424 0x146c [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys 13:49:19.0471 0x146c UmPass - ok 13:49:19.0517 0x146c [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll 13:49:19.0611 0x146c upnphost - ok 13:49:19.0658 0x146c [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 13:49:19.0705 0x146c usbaudio - ok 13:49:19.0736 0x146c [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 13:49:19.0767 0x146c usbccgp - ok 13:49:19.0814 0x146c [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys 13:49:19.0845 0x146c usbcir - ok 13:49:19.0876 0x146c [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 13:49:19.0907 0x146c usbehci - ok 13:49:19.0954 0x146c [ 76E2FFAD301490BA27B947C6507752FB, A4C6FC5C3BF428C624D0792873CB01C8F16F49B0E8B36422025A1094F0AAE231 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys 13:49:19.0970 0x146c usbfilter - ok 13:49:20.0017 0x146c [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 13:49:20.0048 0x146c usbhub - ok 13:49:20.0079 0x146c [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 13:49:20.0110 0x146c usbohci - ok 13:49:20.0141 0x146c [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 13:49:20.0188 0x146c usbprint - ok 13:49:20.0219 0x146c [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\Windows\system32\drivers\usbscan.sys 13:49:20.0266 0x146c usbscan - ok 13:49:20.0297 0x146c [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 13:49:20.0329 0x146c USBSTOR - ok 13:49:20.0344 0x146c [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 13:49:20.0375 0x146c usbuhci - ok 13:49:20.0407 0x146c [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll 13:49:20.0500 0x146c UxSms - ok 13:49:20.0516 0x146c [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] VaultSvc C:\Windows\system32\lsass.exe 13:49:20.0547 0x146c VaultSvc - ok 13:49:20.0578 0x146c [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 13:49:20.0609 0x146c vdrvroot - ok 13:49:20.0656 0x146c [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe 13:49:20.0750 0x146c vds - ok 13:49:20.0765 0x146c [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 13:49:20.0797 0x146c vga - ok 13:49:20.0812 0x146c [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys 13:49:20.0890 0x146c VgaSave - ok 13:49:20.0906 0x146c [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 13:49:20.0937 0x146c vhdmp - ok 13:49:20.0968 0x146c [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys 13:49:20.0984 0x146c viaide - ok 13:49:20.0999 0x146c [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys 13:49:21.0031 0x146c volmgr - ok 13:49:21.0062 0x146c [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 13:49:21.0093 0x146c volmgrx - ok 13:49:21.0124 0x146c [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys 13:49:21.0155 0x146c volsnap - ok 13:49:21.0187 0x146c [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 13:49:21.0218 0x146c vsmraid - ok 13:49:21.0327 0x146c [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe 13:49:21.0499 0x146c VSS - ok 13:49:21.0514 0x146c [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 13:49:21.0561 0x146c vwifibus - ok 13:49:21.0577 0x146c [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 13:49:21.0623 0x146c vwififlt - ok 13:49:21.0639 0x146c [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 13:49:21.0701 0x146c vwifimp - ok 13:49:21.0748 0x146c [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll 13:49:21.0857 0x146c W32Time - ok 13:49:21.0873 0x146c [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 13:49:21.0904 0x146c WacomPen - ok 13:49:21.0935 0x146c [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 13:49:21.0998 0x146c WANARP - ok 13:49:22.0013 0x146c [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 13:49:22.0091 0x146c Wanarpv6 - ok 13:49:22.0216 0x146c [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 13:49:22.0310 0x146c WatAdminSvc - ok 13:49:22.0435 0x146c [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe 13:49:22.0559 0x146c wbengine - ok 13:49:22.0591 0x146c [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 13:49:22.0653 0x146c WbioSrvc - ok 13:49:22.0669 0x146c [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll 13:49:22.0747 0x146c wcncsvc - ok 13:49:22.0747 0x146c [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 13:49:22.0793 0x146c WcsPlugInService - ok 13:49:22.0840 0x146c [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys 13:49:22.0871 0x146c Wd - ok 13:49:22.0934 0x146c [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 13:49:23.0012 0x146c Wdf01000 - ok 13:49:23.0059 0x146c [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost C:\Windows\system32\wdi.dll 13:49:23.0090 0x146c WdiServiceHost - ok 13:49:23.0105 0x146c [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost C:\Windows\system32\wdi.dll 13:49:23.0137 0x146c WdiSystemHost - ok 13:49:23.0183 0x146c [ 4E89FC53493704BF835F0300DC201C34, FB3080725E144D93512DED81047D21C0582BC3412250EFF37E039108D7351F53 ] WebClient C:\Windows\System32\webclnt.dll 13:49:23.0246 0x146c WebClient - ok 13:49:23.0261 0x146c [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll 13:49:23.0355 0x146c Wecsvc - ok 13:49:23.0371 0x146c [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll 13:49:23.0449 0x146c wercplsupport - ok 13:49:23.0480 0x146c [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll 13:49:23.0573 0x146c WerSvc - ok 13:49:23.0605 0x146c [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 13:49:23.0698 0x146c WfpLwf - ok 13:49:23.0729 0x146c [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys 13:49:23.0761 0x146c WIMMount - ok 13:49:23.0792 0x146c WinDefend - ok 13:49:23.0807 0x146c WinHttpAutoProxySvc - ok 13:49:23.0885 0x146c [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 13:49:23.0979 0x146c Winmgmt - ok 13:49:24.0104 0x146c [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\Windows\system32\WsmSvc.dll 13:49:24.0275 0x146c WinRM - ok 13:49:24.0353 0x146c [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\drivers\WinUsb.sys 13:49:24.0400 0x146c WinUsb - ok 13:49:24.0478 0x146c [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll 13:49:24.0556 0x146c Wlansvc - ok 13:49:24.0619 0x146c [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 13:49:24.0650 0x146c wlcrasvc - ok 13:49:24.0821 0x146c [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 13:49:24.0977 0x146c wlidsvc - ok 13:49:25.0024 0x146c [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 13:49:25.0071 0x146c WmiAcpi - ok 13:49:25.0118 0x146c [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 13:49:25.0149 0x146c wmiApSrv - ok 13:49:25.0180 0x146c WMPNetworkSvc - ok 13:49:25.0211 0x146c [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll 13:49:25.0243 0x146c WPCSvc - ok 13:49:25.0243 0x146c [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 13:49:25.0289 0x146c WPDBusEnum - ok 13:49:25.0305 0x146c [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 13:49:25.0367 0x146c ws2ifsl - ok 13:49:25.0383 0x146c [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\system32\wscsvc.dll 13:49:25.0445 0x146c wscsvc - ok 13:49:25.0461 0x146c WSearch - ok 13:49:25.0633 0x146c [ 361845875ED8ED13086E7F37265C45DA, A0931DC1E35712036E93BBC3600530C0DA12E94E0D898787C818C526DFF240C2 ] wuauserv C:\Windows\system32\wuaueng.dll 13:49:25.0835 0x146c wuauserv - ok 13:49:25.0867 0x146c [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 13:49:25.0913 0x146c WudfPf - ok 13:49:25.0960 0x146c [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 13:49:25.0991 0x146c WUDFRd - ok 13:49:26.0023 0x146c [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 13:49:26.0069 0x146c wudfsvc - ok 13:49:26.0116 0x146c [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll 13:49:26.0163 0x146c WwanSvc - ok 13:49:26.0194 0x146c ================ Scan global =============================== 13:49:26.0225 0x146c [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll 13:49:26.0272 0x146c [ FF41063E45C6238CAF48CBE6D0D6FC4B, 9B755EA23E7D2554E3AC3ADFFC4AFF7EB4F4A0F5CD3E6F2300BC98B21474CBC6 ] C:\Windows\system32\winsrv.dll 13:49:26.0303 0x146c [ FF41063E45C6238CAF48CBE6D0D6FC4B, 9B755EA23E7D2554E3AC3ADFFC4AFF7EB4F4A0F5CD3E6F2300BC98B21474CBC6 ] C:\Windows\system32\winsrv.dll 13:49:26.0350 0x146c [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll 13:49:26.0381 0x146c [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe 13:49:26.0413 0x146c [ Global ] - ok 13:49:26.0413 0x146c ================ Scan MBR ================================== 13:49:26.0428 0x146c [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 13:49:26.0881 0x146c \Device\Harddisk0\DR0 - ok 13:49:26.0881 0x146c ================ Scan VBR ================================== 13:49:26.0896 0x146c [ B429AB437F07FD06CB6687A65FCBB52A ] \Device\Harddisk0\DR0\Partition1 13:49:26.0896 0x146c \Device\Harddisk0\DR0\Partition1 - ok 13:49:26.0912 0x146c [ B21C11041AF2E8846E1AA579FAAFE700 ] \Device\Harddisk0\DR0\Partition2 13:49:26.0927 0x146c \Device\Harddisk0\DR0\Partition2 - ok 13:49:26.0927 0x146c [ E8527014C9416DC6C0AAAC4E218ABA17 ] \Device\Harddisk0\DR0\Partition3 13:49:26.0943 0x146c \Device\Harddisk0\DR0\Partition3 - ok 13:49:26.0943 0x146c ================ Scan generic autorun ====================== 13:49:27.0614 0x146c [ B70154747BEB45DAAB358C802F7A9142, 00AD5A8EE5FEDF8D97D6D623362282AEAF8684776D370705659E8526D1E7B57C ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe 13:49:28.0207 0x146c RtHDVCpl - ok 13:49:28.0347 0x146c [ BB7481A1306823D1B6592263F1AB8DD7, 2D48A5DD217D81E99D134580721A1BC65EEFFB22FE9D2C03EAA3D9879F86A5D5 ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe 13:49:28.0394 0x146c AdobeAAMUpdater-1.0 - ok 13:49:28.0487 0x146c [ 7C3218CE118044136BF3FFD00755A70C, 1A0E428314787442D82B6255BEFE63EBC35AAF793CE753BA876A58AA0D4C0AB6 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe 13:49:28.0519 0x146c StartCCC - detected UnsignedFile.Multi.Generic ( 1 ) 13:49:31.0373 0x146c Detect skipped due to KSN trusted 13:49:31.0373 0x146c StartCCC - ok 13:49:31.0483 0x146c [ 278C64B644C224B28E601381103811A6, FF80C2DCDBB6954C84223B01B430A3A250A3937E6A77AD63627C1BDD94E86C6B ] C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe 13:49:31.0545 0x146c Hotkey Utility - ok 13:49:31.0623 0x146c [ 2199723879C9F75A709680E2935C052F, DDD5B5CC86463284D9137372CB8541D1258AC020EA811F1AD3735809F314B086 ] C:\Program Files (x86)\PDF24\pdf24.exe 13:49:31.0654 0x146c PDFPrint - ok 13:49:31.0935 0x146c [ C1A86A6D6847DEFF009EAE85BA0C1F20, 7DC2A823FA281117B335B74876469C788A5C81534251179BE86F3FB35F1B6D67 ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe 13:49:31.0997 0x146c avgnt - ok 13:49:32.0075 0x146c [ A8E69DA21AEEB9DAA55D90E87AC1A549, 175AF750A1DF53555D0CB6C61312CEE37E2CB182873041A8AE38C57EA01DC2F5 ] C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe 13:49:32.0122 0x146c Avira SystrayStartTrigger - ok 13:49:32.0309 0x146c [ 059C2F55E82C8EDB20E8F26B2A7D2B19, BC323A8B8E0C3A5C2ABF23EDA0314A6117B9C2BC417A66CA5D6B25773E84E8F1 ] C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe 13:49:32.0372 0x146c WinPatrol - ok 13:49:32.0387 0x146c Waiting for KSN requests completion. In queue: 196 13:49:33.0401 0x146c Waiting for KSN requests completion. In queue: 196 13:49:34.0415 0x146c Waiting for KSN requests completion. In queue: 5 13:49:35.0523 0x146c AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 15.0.13.202 ), 0x41000 ( enabled : updated ) 13:49:35.0554 0x146c Win FW state via NFP2: enabled ( trusted ) 13:49:38.0503 0x146c ============================================================ 13:49:38.0503 0x146c Scan finished 13:49:38.0503 0x146c ============================================================ 13:49:38.0534 0x14bc Detected object count: 0 13:49:38.0534 0x14bc Actual detected object count: 0 Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.9.3.1001 www.malwarebytes.org Database version: main: v2015.11.23.02 rootkit: v2015.11.22.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.18097 Neagu :: NEAGU-PC [administrator] 23.11.2015 13:02:16 mbar-log-2015-11-23 (13-02-16).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 362288 Time elapsed: 40 minute(s), 9 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) |
23.11.2015, 19:39 | #6 |
/// the machine /// TB-Ausbilder | Windows 7: Interpol-Trojaner ohne Sperrschirm hi, Scan mit Combofix
__________________ --> Windows 7: Interpol-Trojaner ohne Sperrschirm |
27.11.2015, 10:42 | #7 |
| Windows 7: Interpol-Trojaner ohne Sperrschirm Hi schrauber, hier hast du die Combofix-Log: Code:
ATTFilter ComboFix 15-11-27.01 - Neagu 27.11.2015 9:34.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3576.2035 [GMT 1:00] ausgeführt von:: c:\users\Neagu\Desktop\ComboFix.exe AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859} SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Neagu\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll c:\windows\wininit.ini . . ((((((((((((((((((((((( Dateien erstellt von 2015-10-27 bis 2015-11-27 )))))))))))))))))))))))))))))) . . 2015-11-25 17:38 . 2015-10-29 09:28 11138400 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BB0FCD6D-EB55-4E14-801B-C81802206CD7}\mpengine.dll 2015-11-19 11:40 . 2015-11-19 11:45 -------- d-----w- C:\FRST 2015-11-14 16:54 . 2015-10-30 23:29 666624 ----a-w- c:\program files\Internet Explorer\DiagnosticsHub.DataWarehouse.dll 2015-11-14 16:53 . 2015-10-20 01:12 5570496 ----a-w- c:\windows\system32\ntoskrnl.exe 2015-11-14 16:52 . 2015-10-13 16:40 118272 ----a-w- c:\windows\system32\drivers\tdx.sys 2015-11-14 16:52 . 2015-10-13 16:41 497664 ----a-w- c:\windows\system32\drivers\afd.sys 2015-11-14 16:52 . 2015-11-03 17:55 3211264 ----a-w- c:\windows\system32\win32k.sys 2015-11-14 16:52 . 2015-10-13 04:57 950720 ----a-w- c:\windows\system32\drivers\ndis.sys . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-11-23 12:01 . 2014-06-18 13:25 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2015-11-23 12:00 . 2014-06-18 13:24 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2015-11-15 16:04 . 2013-06-04 07:44 145617392 ----a-w- c:\windows\system32\MRT.exe 2015-11-13 17:02 . 2012-06-26 06:32 780488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2015-11-13 17:02 . 2011-10-24 08:19 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2015-10-29 17:50 . 2015-11-14 16:55 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2015-10-29 17:50 . 2015-11-14 16:55 309248 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2015-10-29 17:50 . 2015-11-14 16:55 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2015-10-29 17:50 . 2015-11-14 16:55 103424 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2015-10-29 17:49 . 2015-11-14 16:55 562176 ----a-w- c:\windows\apppatch\AcLayers.dll 2015-10-29 17:49 . 2015-11-14 16:55 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2015-10-29 17:49 . 2015-11-14 16:55 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll 2015-10-29 17:49 . 2015-11-14 16:55 211968 ----a-w- c:\windows\apppatch\AcXtrnal.dll 2015-10-29 17:39 . 2015-11-14 16:55 2560 ----a-w- c:\windows\apppatch\AcRes.dll 2015-10-20 00:45 . 2015-11-14 16:53 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2015-10-16 17:42 . 2015-03-20 09:36 74952 ----a-w- c:\windows\system32\drivers\avnetflt.sys 2015-10-16 17:42 . 2015-03-20 09:36 163544 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2015-10-13 00:29 . 2015-10-13 00:29 875720 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll 2015-10-13 00:22 . 2015-10-13 00:22 869568 ----a-w- c:\windows\system32\msvcr120_clr0400.dll 2015-10-05 07:50 . 2014-06-18 13:24 63704 ----a-w- c:\windows\system32\drivers\mwac.sys 2015-10-05 07:50 . 2013-11-21 13:28 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2015-10-01 18:06 . 2015-10-14 09:48 692672 ----a-w- c:\windows\system32\winload.efi 2015-10-01 18:04 . 2015-10-14 09:48 616360 ----a-w- c:\windows\system32\winresume.efi 2015-10-01 18:00 . 2015-10-14 09:48 63488 ----a-w- c:\windows\system32\setbcdlocale.dll 2015-10-01 18:00 . 2015-10-14 09:48 59392 ----a-w- c:\windows\system32\appidapi.dll 2015-10-01 18:00 . 2015-10-14 09:48 32768 ----a-w- c:\windows\system32\appidsvc.dll 2015-10-01 18:00 . 2015-10-14 09:48 147456 ----a-w- c:\windows\system32\appidpolicyconverter.exe 2015-10-01 18:00 . 2015-10-14 09:48 17920 ----a-w- c:\windows\system32\appidcertstorecheck.exe 2015-10-01 17:50 . 2015-10-14 09:48 50688 ----a-w- c:\windows\SysWow64\appidapi.dll 2015-10-01 17:00 . 2015-10-14 09:48 61440 ----a-w- c:\windows\system32\drivers\appid.sys 2015-09-18 19:22 . 2015-10-15 13:57 25432 ----a-w- c:\windows\system32\CompatTelRunner.exe 2015-09-18 19:19 . 2015-10-15 13:57 700416 ----a-w- c:\windows\system32\invagent.dll 2015-09-18 19:19 . 2015-10-15 13:57 766464 ----a-w- c:\windows\system32\generaltel.dll 2015-09-18 19:19 . 2015-10-15 13:57 503808 ----a-w- c:\windows\system32\devinv.dll 2015-09-18 19:19 . 2015-10-15 13:57 73216 ----a-w- c:\windows\system32\acmigration.dll 2015-09-18 19:19 . 2015-10-15 13:57 1291264 ----a-w- c:\windows\system32\appraiser.dll 2015-09-18 19:09 . 2015-10-15 13:57 1163776 ----a-w- c:\windows\system32\aeinv.dll 2015-09-02 03:04 . 2015-09-09 16:09 41984 ----a-w- c:\windows\system32\lpk.dll 2015-09-02 03:04 . 2015-09-09 16:09 100864 ----a-w- c:\windows\system32\fontsub.dll 2015-09-02 03:04 . 2015-09-09 16:09 14336 ----a-w- c:\windows\system32\dciman32.dll 2015-09-02 03:04 . 2015-09-09 16:09 46080 ----a-w- c:\windows\system32\atmlib.dll 2015-09-02 02:48 . 2015-09-09 16:09 70656 ----a-w- c:\windows\SysWow64\fontsub.dll 2015-09-02 02:48 . 2015-09-09 16:09 10240 ----a-w- c:\windows\SysWow64\dciman32.dll 2015-09-02 02:48 . 2015-09-09 16:09 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2015-09-02 02:47 . 2015-09-09 16:09 25600 ----a-w- c:\windows\SysWow64\lpk.dll 2015-09-02 01:47 . 2015-09-09 16:09 372736 ----a-w- c:\windows\system32\atmfd.dll 2015-09-02 01:33 . 2015-09-09 16:09 299520 ----a-w- c:\windows\SysWow64\atmfd.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinPatrol"="c:\program files (x86)\Ruiware\WinPatrol\winpatrol.exe" [2014-07-21 1154112] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-24 336384] "Hotkey Utility"="c:\program files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe" [2011-08-11 627304] "PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2014-11-28 193568] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2015-10-16 782520] "Avira SystrayStartTrigger"="c:\program files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe" [2015-10-14 66320] . c:\users\Neagu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Netzmanager.lnk - c:\program files\Netzmanager\netzmanager.exe /Autostart [2012-7-20 14134784] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2013-11-4 565464] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) "EnableSecureUIAPath"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="userinit.exe" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . R2 AntiVirMailService;Avira Email-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x] R2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x] R3 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [x] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 TelekomNM6;Telekom Netzmanager Packet Filter Driver;c:\program files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys;c:\program files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x] S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x] S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x] S2 Avira.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe [x] S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x] S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [x] S2 Live Updater Service;Live Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [x] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x] S2 Netzmanager Service;Netzmanager Infrastruktur Informationssystem Dienst;c:\program files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe ;c:\program files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [x] S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x] S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x] S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x] . . Inhalt des "geplante Tasks" Ordners . 2015-11-27 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-26 17:02] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-11 11580520] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648] . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.com uLocal Page = c:\windows\system32\blank.htm mDefault_Search_URL = hxxp://www.google.com mDefault_Page_URL = hxxp://www.google.com mStart Page = hxxp://www.google.com mLocal Page = c:\windows\SysWOW64\blank.htm mSearch Page = hxxp://www.google.com IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm IE: {{d8f67242-b229-4065-95fa-391b077ed6ca} - {d8f67242-b229-4065-95fa-391b077ed6ca} - mscoree.dll TCP: DhcpNameServer = 192.168.2.1 Handler: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - c:\windows\System32\mscoree.dll FF - ProfilePath - c:\users\Neagu\AppData\Roaming\Mozilla\Firefox\Profiles\djoya4xo.default-1426496015576\ . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Toolbar-Locked - (no file) . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe c:\program files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe . ************************************************************************** . Zeit der Fertigstellung: 2015-11-27 10:05:47 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2015-11-27 09:05 . Vor Suchlauf: 12 Verzeichnis(se), 21.086.081.024 Bytes frei Nach Suchlauf: 14 Verzeichnis(se), 20.850.102.272 Bytes frei . - - End Of File - - 7DFBD92B318A649419650160F8A736ED A36C5E4F47E84449FF07ED3517B43A31 |
27.11.2015, 23:50 | #8 |
/// the machine /// TB-Ausbilder | Windows 7: Interpol-Trojaner ohne Sperrschirm Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
06.12.2015, 12:26 | #9 |
| Windows 7: Interpol-Trojaner ohne Sperrschirm Hallo schrauber, hier die gewünschten Logs: MBAM: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 04.12.2015 Suchlaufzeit: 14:18 Protokolldatei: mbam.txt Administrator: Ja Version: 2.2.0.1024 Malware-Datenbank: v2015.12.04.02 Rootkit-Datenbank: v2015.11.26.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Neagu Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 360413 Abgelaufene Zeit: 26 Min., 35 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswerte: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 0 (keine bösartigen Elemente erkannt) Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v5.023 - Bericht erstellt am 04/12/2015 um 14:57:10 # Aktualisiert am 30/11/2015 von Xplode # Datenbank : 2015-12-03.1 [Server] # Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64) # Benutzername : Neagu - NEAGU-PC # Gestartet von : C:\Users\Neagu\Desktop\AdwCleaner_5.023.exe # Option : Löschen # Unterstützung : hxxp://toolslib.net/forum ***** [ Dienste ] ***** ***** [ Ordner ] ***** ***** [ Dateien ] ***** ***** [ DLLs ] ***** ***** [ Verknüpfungen ] ***** ***** [ Aufgabenplanung ] ***** ***** [ Registrierungsdatenbank ] ***** [-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{94952EC4-DB66-3F32-BE4C-F0BB875EA98E} [-] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{58124A0B-DC32-4180-9BFF-E0E21AE34026}] [-] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}] [-] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}] [-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{94952EC4-DB66-3F32-BE4C-F0BB875EA98E} [-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\18C9E3869A16248439FE3FF9EB02207A [-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D8011310B2622942868A458964FFDC5 [-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6C63F7979DCC2154CB9591969A5CB89D [-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6DD31E6C1A73B334383DF186676F4D20 [-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB3204F747B20694B8D49EF92D8DC94B [-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C81E33A400B6F814E90C7A3354E2A3A5 [-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EDBF68C5F16790341B7C6FD7C7F8E4FC [-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FFA531D0F3A71504DA7AC6A11CE33739 ***** [ Internetbrowser ] ***** ************************* :: "Tracing" Schlüssel gelöscht :: Proxy Einstellungen zurückgesetzt :: Winsock Einstellungen zurückgesetzt :: Internet Explorer Richtlinien gelöscht :: Chrome Richtlinien gelöscht ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2642 Bytes] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.1 (11.24.2015) Operating System: Windows 7 Home Premium x64 Ran by Neagu (Administrator) on 06.12.2015 at 12:11:14,53 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 1 Successfully deleted: C:\Users\Neagu\AppData\Local\{7184E7AA-B756-4EE0-BFE6-72F7FCCE251F} (Empty Folder) Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 06.12.2015 at 12:16:19,76 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:05-12-2015 durchgeführt von Neagu (Administrator) auf NEAGU-PC (06-12-2015 12:21:46) Gestartet von C:\Users\Neagu\Desktop Geladene Profile: Neagu (Verfügbare Profile: Neagu) Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (AMD) C:\Windows\System32\atiesrxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe (Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11580520 2010-11-11] (Realtek Semiconductor) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-29] (Adobe Systems Incorporated) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-05-24] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe [627304 2011-08-11] () HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [782520 2015-10-16] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-10-14] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-2316090547-2145483676-150453018-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2013-11-28] ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) Startup: C:\Users\Neagu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk [2013-08-23] ShortcutTarget: Netzmanager.lnk -> C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{71FF24E1-EF5F-4E55-840A-EF01886EBFC7}: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{80667AD8-0D14-484D-A38D-134BE91BA980}: [DhcpNameServer] 192.168.2.1 Internet Explorer: ================== HKU\S-1-5-21-2316090547-2145483676-150453018-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-2316090547-2145483676-150453018-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.) BHO-x32: AviraBrowserSafety.BrowserSafety -> {c3c77255-42c0-499f-b664-6e981a0b1647} -> C:\Windows\SysWOW64\mscoree.dll [2010-11-21] (Microsoft Corporation) Toolbar: HKU\S-1-5-21-2316090547-2145483676-150453018-1000 -> Kein Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Keine Datei Toolbar: HKU\S-1-5-21-2316090547-2145483676-150453018-1000 -> Kein Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Keine Datei Handler-x32: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - C:\Windows\SysWOW64\mscoree.dll [2010-11-21] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Neagu\AppData\Roaming\Mozilla\Firefox\Profiles\djoya4xo.default-1426496015576 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-13] () FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-13] () FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-15] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.) FF Extension: WOT - C:\Users\Neagu\AppData\Roaming\Mozilla\Firefox\Profiles\djoya4xo.default-1426496015576\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-12-01] Chrome: ======= CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [932912 2015-10-16] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [461672 2015-10-16] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [461672 2015-10-16] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1147720 2015-10-16] (Avira Operations GmbH & Co. KG) R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [243968 2015-10-14] (Avira Operations GmbH & Co. KG) S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [347200 2014-12-17] (WildTangent) R2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [36456 2011-05-30] (Acer Incorporated) R2 Live Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [244624 2011-04-22] (Acer Incorporated) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG) [Datei ist nicht signiert] R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-11-04] (Secunia) R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-11-04] (Secunia) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [163544 2015-10-16] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [141416 2015-08-04] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-03-17] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [74952 2015-10-16] (Avira Operations GmbH & Co. KG) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation) R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-11-04] (Secunia) R3 TelekomNM6; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [45664 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-06 12:21 - 2015-12-06 12:21 - 00000000 ____D C:\Users\Neagu\Desktop\FRST-OlderVersion 2015-12-06 12:16 - 2015-12-06 12:16 - 00000660 _____ C:\Users\Neagu\Desktop\JRT.txt 2015-12-04 15:02 - 2015-12-04 15:02 - 01599336 _____ (Malwarebytes) C:\Users\Neagu\Desktop\JRT.exe 2015-12-04 14:57 - 2015-12-04 14:57 - 00002757 _____ C:\Users\Neagu\Desktop\AdwCleaner[C1].txt 2015-12-04 14:54 - 2015-12-04 15:00 - 00000000 ____D C:\AdwCleaner 2015-12-04 14:49 - 2015-12-04 14:49 - 01736704 _____ C:\Users\Neagu\Desktop\AdwCleaner_5.023.exe 2015-12-04 14:48 - 2015-12-04 14:48 - 00001210 _____ C:\Users\Neagu\Desktop\mbam.txt 2015-12-01 17:22 - 2015-12-01 17:22 - 00149628 _____ C:\Users\Neagu\Downloads\2015_12rechnung_4885817180(3).pdf 2015-12-01 17:21 - 2015-12-01 17:21 - 00149628 _____ C:\Users\Neagu\Downloads\2015_12rechnung_4885817180(2).pdf 2015-12-01 17:19 - 2015-12-01 17:19 - 00149628 _____ C:\Users\Neagu\Downloads\2015_12rechnung_4885817180(1).pdf 2015-12-01 17:15 - 2015-12-01 17:15 - 00149628 _____ C:\Users\Neagu\Downloads\2015_12rechnung_4885817180.pdf 2015-11-27 10:05 - 2015-11-27 10:05 - 00015603 _____ C:\Users\Neagu\Desktop\ComboFix.txt 2015-11-27 09:30 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe 2015-11-27 09:30 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe 2015-11-27 09:30 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-11-27 09:30 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-11-27 09:30 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-11-27 09:30 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe 2015-11-27 09:30 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe 2015-11-27 09:30 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe 2015-11-27 09:29 - 2015-11-27 10:05 - 00000000 ____D C:\Qoobox 2015-11-27 09:25 - 2015-11-27 09:25 - 05639804 ____R (Swearware) C:\Users\Neagu\Desktop\ComboFix.exe 2015-11-23 13:48 - 2015-11-23 13:50 - 00198778 _____ C:\Users\Neagu\Desktop\TDSSKiller.3.1.0.6_23.11.2015_13.48.17_log.txt 2015-11-23 13:44 - 2015-11-23 13:44 - 04397752 _____ (Kaspersky Lab ZAO) C:\Users\Neagu\Desktop\tdsskiller.exe 2015-11-23 13:41 - 2015-11-23 13:41 - 00002138 _____ C:\Users\Neagu\Desktop\mbar-log-2015-11-23 (13-02-16).txt 2015-11-23 13:00 - 2015-11-23 13:42 - 00000000 ____D C:\Users\Neagu\Desktop\mbar 2015-11-23 12:47 - 2015-11-23 12:48 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Neagu\Desktop\mbar-1.09.3.1001.exe 2015-11-19 12:42 - 2015-11-19 12:45 - 00032901 _____ C:\Users\Neagu\Desktop\Addition.txt 2015-11-19 12:40 - 2015-12-06 12:21 - 00011813 _____ C:\Users\Neagu\Desktop\FRST.txt 2015-11-19 12:40 - 2015-12-06 12:21 - 00000000 ____D C:\FRST 2015-11-19 12:37 - 2015-12-06 12:21 - 02369024 _____ (Farbar) C:\Users\Neagu\Desktop\FRST64.exe 2015-11-18 14:14 - 2015-11-18 14:14 - 00380416 _____ C:\Users\Neagu\Desktop\Gmer-19357.exe 2015-11-18 14:11 - 2015-11-18 14:11 - 00000000 _____ C:\Users\Neagu\defogger_reenable 2015-11-18 14:09 - 2015-11-18 14:09 - 00050477 _____ C:\Users\Neagu\Desktop\Defogger.exe 2015-11-18 10:51 - 2015-11-18 10:51 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.1.2.lnk 2015-11-18 10:51 - 2015-11-18 10:51 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2 2015-11-18 10:43 - 2015-11-18 10:43 - 00000000 ____D C:\Users\Neagu\Desktop\OpenOffice 4.1.2 (de) Installation Files 2015-11-18 10:38 - 2015-11-18 10:42 - 164803434 _____ C:\Users\Neagu\Downloads\Apache_OpenOffice_4.1.2_Win_x86_install_de.exe 2015-11-14 17:55 - 2015-11-03 22:51 - 00342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-11-14 17:55 - 2015-10-31 00:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-11-14 17:55 - 2015-10-31 00:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-11-14 17:55 - 2015-10-31 00:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-11-14 17:55 - 2015-10-31 00:12 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-11-14 17:55 - 2015-10-30 23:45 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-11-14 17:55 - 2015-10-30 23:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-11-14 17:55 - 2015-10-30 23:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-11-14 17:55 - 2015-10-30 23:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-11-14 17:55 - 2015-10-30 23:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2015-11-14 17:55 - 2015-10-30 22:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-11-14 17:55 - 2015-10-29 18:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll 2015-11-14 17:55 - 2015-10-29 18:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll 2015-11-14 17:55 - 2015-10-29 18:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe 2015-11-14 17:55 - 2015-10-29 18:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll 2015-11-14 17:55 - 2015-10-29 18:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll 2015-11-14 17:55 - 2015-10-29 18:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll 2015-11-14 17:55 - 2015-10-29 18:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe 2015-11-14 17:55 - 2015-10-20 19:42 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-11-14 17:55 - 2015-10-20 19:42 - 02608128 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-11-14 17:55 - 2015-10-20 19:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-11-14 17:55 - 2015-10-20 19:42 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-11-14 17:55 - 2015-10-20 19:42 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-11-14 17:55 - 2015-10-20 19:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-11-14 17:55 - 2015-10-20 19:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-11-14 17:55 - 2015-10-20 19:41 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-11-14 17:55 - 2015-10-20 19:41 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-11-14 17:55 - 2015-10-20 19:41 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-11-14 17:55 - 2015-10-20 19:41 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-11-14 17:55 - 2015-10-20 18:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-11-14 17:55 - 2015-10-20 18:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-11-14 17:55 - 2015-10-20 18:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-11-14 17:55 - 2015-10-20 18:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-11-14 17:55 - 2015-10-20 18:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-11-14 17:54 - 2015-11-03 23:10 - 00390344 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-11-14 17:54 - 2015-10-31 00:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-11-14 17:54 - 2015-10-31 00:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-11-14 17:54 - 2015-10-31 00:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-11-14 17:54 - 2015-10-31 00:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-11-14 17:54 - 2015-10-31 00:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-11-14 17:54 - 2015-10-31 00:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-11-14 17:54 - 2015-10-31 00:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-11-14 17:54 - 2015-10-31 00:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-11-14 17:54 - 2015-10-31 00:13 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-11-14 17:54 - 2015-10-31 00:12 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-11-14 17:54 - 2015-10-31 00:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-11-14 17:54 - 2015-10-31 00:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-11-14 17:54 - 2015-10-31 00:11 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-11-14 17:54 - 2015-10-31 00:04 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-11-14 17:54 - 2015-10-31 00:01 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-11-14 17:54 - 2015-10-30 23:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-11-14 17:54 - 2015-10-30 23:53 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-11-14 17:54 - 2015-10-30 23:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-11-14 17:54 - 2015-10-30 23:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-11-14 17:54 - 2015-10-30 23:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-11-14 17:54 - 2015-10-30 23:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-11-14 17:54 - 2015-10-30 23:46 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-11-14 17:54 - 2015-10-30 23:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-11-14 17:54 - 2015-10-30 23:45 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-11-14 17:54 - 2015-10-30 23:44 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2015-11-14 17:54 - 2015-10-30 23:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-11-14 17:54 - 2015-10-30 23:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-11-14 17:54 - 2015-10-30 23:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-11-14 17:54 - 2015-10-30 23:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-11-14 17:54 - 2015-10-30 23:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-11-14 17:54 - 2015-10-30 23:36 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-11-14 17:54 - 2015-10-30 23:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-11-14 17:54 - 2015-10-30 23:34 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-11-14 17:54 - 2015-10-30 23:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-11-14 17:54 - 2015-10-30 23:29 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-11-14 17:54 - 2015-10-30 23:29 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-11-14 17:54 - 2015-10-30 23:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-11-14 17:54 - 2015-10-30 23:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-11-14 17:54 - 2015-10-30 23:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-11-14 17:54 - 2015-10-30 23:21 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-11-14 17:54 - 2015-10-30 23:18 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-11-14 17:54 - 2015-10-30 23:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-11-14 17:54 - 2015-10-30 23:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-11-14 17:54 - 2015-10-30 23:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2015-11-14 17:54 - 2015-10-30 23:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-11-14 17:54 - 2015-10-30 23:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-11-14 17:54 - 2015-10-30 23:09 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-11-14 17:54 - 2015-10-30 23:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-11-14 17:54 - 2015-10-30 23:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-11-14 17:54 - 2015-10-30 22:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-11-14 17:54 - 2015-10-30 22:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-11-14 17:54 - 2015-10-30 22:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-11-14 17:53 - 2015-10-20 02:12 - 05570496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-11-14 17:53 - 2015-10-20 02:12 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-11-14 17:53 - 2015-10-20 02:12 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-11-14 17:53 - 2015-10-20 02:09 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-11-14 17:53 - 2015-10-20 02:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-11-14 17:53 - 2015-10-20 02:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-11-14 17:53 - 2015-10-20 02:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-11-14 17:53 - 2015-10-20 02:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-11-14 17:53 - 2015-10-20 02:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-11-14 17:53 - 2015-10-20 02:05 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2015-11-14 17:53 - 2015-10-20 02:05 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-11-14 17:53 - 2015-10-20 02:05 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-11-14 17:53 - 2015-10-20 02:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-11-14 17:53 - 2015-10-20 02:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-11-14 17:53 - 2015-10-20 02:05 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-11-14 17:53 - 2015-10-20 02:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-11-14 17:53 - 2015-10-20 02:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-11-14 17:53 - 2015-10-20 02:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-11-14 17:53 - 2015-10-20 02:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-11-14 17:53 - 2015-10-20 02:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-11-14 17:53 - 2015-10-20 02:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-11-14 17:53 - 2015-10-20 02:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-11-14 17:53 - 2015-10-20 02:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-11-14 17:53 - 2015-10-20 02:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2015-11-14 17:53 - 2015-10-20 02:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-11-14 17:53 - 2015-10-20 02:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-11-14 17:53 - 2015-10-20 02:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-11-14 17:53 - 2015-10-20 02:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-11-14 17:53 - 2015-10-20 02:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-11-14 17:53 - 2015-10-20 02:04 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-11-14 17:53 - 2015-10-20 02:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-11-14 17:53 - 2015-10-20 02:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-11-14 17:53 - 2015-10-20 02:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-11-14 17:53 - 2015-10-20 01:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-11-14 17:53 - 2015-10-20 01:53 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-11-14 17:53 - 2015-10-20 01:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-11-14 17:53 - 2015-10-20 01:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:53 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-11-14 17:53 - 2015-10-20 01:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-11-14 17:53 - 2015-10-20 01:48 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-11-14 17:53 - 2015-10-20 01:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-11-14 17:53 - 2015-10-20 01:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-11-14 17:53 - 2015-10-20 01:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-11-14 17:53 - 2015-10-20 01:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-11-14 17:53 - 2015-10-20 01:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-11-14 17:53 - 2015-10-20 01:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-11-14 17:53 - 2015-10-20 01:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-11-14 17:53 - 2015-10-20 01:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2015-11-14 17:53 - 2015-10-20 01:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-11-14 17:53 - 2015-10-20 01:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-11-14 17:53 - 2015-10-20 01:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-11-14 17:53 - 2015-10-20 01:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-11-14 17:53 - 2015-10-20 01:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-11-14 17:53 - 2015-10-20 01:44 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2015-11-14 17:53 - 2015-10-20 01:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-11-14 17:53 - 2015-10-20 01:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-11-14 17:53 - 2015-10-20 01:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-11-14 17:53 - 2015-10-20 01:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-11-14 17:53 - 2015-10-20 01:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-11-14 17:53 - 2015-10-20 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-11-14 17:53 - 2015-10-20 01:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-11-14 17:53 - 2015-10-20 01:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-11-14 17:53 - 2015-10-20 01:35 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:35 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 00:41 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2015-11-14 17:53 - 2015-10-20 00:40 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2015-11-14 17:53 - 2015-10-20 00:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2015-11-14 17:53 - 2015-10-20 00:29 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-11-14 17:53 - 2015-10-20 00:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-11-14 17:53 - 2015-10-20 00:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 00:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 00:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-11-14 17:53 - 2015-10-20 00:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-11-14 17:53 - 2015-09-23 14:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-11-14 17:53 - 2015-09-23 14:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll 2015-11-14 17:53 - 2015-09-23 14:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll 2015-11-14 17:52 - 2015-11-03 18:55 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-11-14 17:52 - 2015-10-13 17:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2015-11-14 17:52 - 2015-10-13 17:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2015-11-14 17:52 - 2015-10-13 05:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys 2015-11-14 17:51 - 2015-10-01 19:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-11-14 17:51 - 2015-10-01 19:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2015-11-14 17:51 - 2015-10-01 18:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2015-11-09 11:07 - 2015-11-10 17:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-06 12:21 - 2007-07-12 02:48 - 00000000 ____D C:\Windows 2015-12-06 12:12 - 2009-07-14 05:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-12-06 12:12 - 2009-07-14 05:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-12-06 12:09 - 2012-07-17 07:48 - 00000000 ____D C:\Users\Neagu\AppData\Local\CrashDumps 2015-12-06 12:04 - 2012-06-26 07:33 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-12-06 12:01 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-12-04 16:47 - 2013-12-02 12:09 - 00190976 ___SH C:\Users\Neagu\Documents\Thumbs.db 2015-12-04 16:46 - 2012-07-04 18:19 - 00019781 _____ C:\Users\Neagu\Documents\Bewerbung Niki.odt 2015-12-04 14:46 - 2014-06-18 14:25 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-12-04 14:17 - 2011-10-24 09:22 - 00000000 ____D C:\ProgramData\Temp 2015-12-04 14:16 - 2013-11-28 14:49 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster 2015-12-01 17:24 - 2012-10-30 18:42 - 00000000 ____D C:\Users\Neagu\Documents\Telekom-Rechnungen 2015-11-27 10:00 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini 2015-11-27 09:49 - 2013-11-20 09:54 - 00000000 ____D C:\Windows\erdnt 2015-11-26 18:19 - 2015-07-02 14:07 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2015-11-23 13:41 - 2015-03-09 09:51 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-11-23 13:00 - 2014-06-18 14:24 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-11-18 14:11 - 2012-06-06 14:58 - 00000000 ____D C:\Users\Neagu 2015-11-18 13:57 - 2012-06-06 14:58 - 00067824 _____ C:\Users\Neagu\AppData\Local\GDIPFONTCACHEV1.DAT 2015-11-18 13:54 - 2009-07-14 05:45 - 00301992 _____ C:\Windows\system32\FNTCACHE.DAT 2015-11-18 10:51 - 2014-03-10 16:13 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4 2015-11-18 10:36 - 2011-11-23 19:22 - 00699432 _____ C:\Windows\system32\perfh007.dat 2015-11-18 10:36 - 2011-11-23 19:22 - 00149572 _____ C:\Windows\system32\perfc007.dat 2015-11-18 10:36 - 2009-07-14 06:13 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI 2015-11-18 10:36 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf 2015-11-15 17:16 - 2013-08-07 13:19 - 00000000 ____D C:\Windows\system32\MRT 2015-11-15 17:04 - 2013-06-04 08:44 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-11-14 19:57 - 2013-11-28 14:33 - 01594028 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2015-11-14 19:56 - 2010-11-21 08:17 - 00000000 ____D C:\Program Files\Windows Journal 2015-11-13 18:02 - 2012-06-26 07:33 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-11-13 18:02 - 2012-06-26 07:32 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-11-13 18:02 - 2011-10-24 09:19 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-11-10 21:18 - 2015-03-20 10:31 - 00000000 ____D C:\ProgramData\Package Cache 2015-11-10 17:30 - 2015-09-05 14:54 - 00001150 _____ C:\Users\Public\Desktop\Avira Launcher.lnk 2015-11-10 17:30 - 2015-03-20 10:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-11-10 17:15 - 2013-05-11 15:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2014-07-17 11:40 - 2014-07-17 11:40 - 0004608 _____ () C:\Users\Neagu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini Einige Dateien in TEMP: ==================== C:\Users\Neagu\AppData\Local\Temp\avgnt.exe C:\Users\Neagu\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2014-01-03 15:59 ==================== Ende von FRST.txt ============================ |
07.12.2015, 16:13 | #10 |
/// the machine /// TB-Ausbilder | Windows 7: Interpol-Trojaner ohne SperrschirmESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
23.12.2015, 14:38 | #11 |
| Windows 7: Interpol-Trojaner ohne Sperrschirm Hallo schrauber, ich bitte vielmals um Entschuldigung, aber ich konnte in letzter Zeit leider nicht viel Zeit an dem entsprechenden PC verbringen, zumal der ESET-Scan auch sehr lange gedauert hat. Hier sind nun aber die Logs: ESET: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=b4b36fe435ad0d4b8a13af9f8fe9ce94 # end=init # utc_time=2015-12-14 11:36:39 # local_time=2015-12-14 12:36:39 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 Update Init Update Download Update Finalize Updated modules version: 27185 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=b4b36fe435ad0d4b8a13af9f8fe9ce94 # end=updated # utc_time=2015-12-14 11:39:41 # local_time=2015-12-14 12:39:41 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=b4b36fe435ad0d4b8a13af9f8fe9ce94 # engine=27185 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-12-14 02:11:01 # local_time=2015-12-14 03:11:01 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 693628 201732111 0 0 # scanned=92555 # found=0 # cleaned=0 # scan_time=9079 ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=b4b36fe435ad0d4b8a13af9f8fe9ce94 # end=init # utc_time=2015-12-18 11:18:21 # local_time=2015-12-18 12:18:21 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 Update Init Update Download Update Finalize Updated modules version: 27257 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=b4b36fe435ad0d4b8a13af9f8fe9ce94 # end=updated # utc_time=2015-12-18 11:21:20 # local_time=2015-12-18 12:21:20 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=b4b36fe435ad0d4b8a13af9f8fe9ce94 # engine=27257 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-12-18 03:18:19 # local_time=2015-12-18 04:18:19 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 1046866 202081749 0 0 # scanned=239506 # found=0 # cleaned=0 # scan_time=14218 ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=b4b36fe435ad0d4b8a13af9f8fe9ce94 # end=init # utc_time=2015-12-22 09:19:31 # local_time=2015-12-22 10:19:31 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 Update Init Update Download Update Finalize Updated modules version: 27312 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=b4b36fe435ad0d4b8a13af9f8fe9ce94 # end=updated # utc_time=2015-12-22 09:20:34 # local_time=2015-12-22 10:20:34 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=b4b36fe435ad0d4b8a13af9f8fe9ce94 # engine=27312 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-12-22 01:58:07 # local_time=2015-12-22 02:58:07 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 1384053 202422536 0 0 # scanned=231307 # found=0 # cleaned=0 # scan_time=16651 ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=b4b36fe435ad0d4b8a13af9f8fe9ce94 # end=init # utc_time=2015-12-23 07:50:52 # local_time=2015-12-23 08:50:52 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 Update Init Update Download Update Finalize Updated modules version: 27327 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=b4b36fe435ad0d4b8a13af9f8fe9ce94 # end=updated # utc_time=2015-12-23 07:51:54 # local_time=2015-12-23 08:51:54 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=b4b36fe435ad0d4b8a13af9f8fe9ce94 # engine=27327 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-12-23 12:25:34 # local_time=2015-12-23 01:25:34 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 1464901 202503384 0 0 # scanned=240039 # found=0 # cleaned=0 # scan_time=16420 Code:
ATTFilter Results of screen317's Security Check version 1.009 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Avira Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` SpywareBlaster 5.2 Secunia PSI (3.0.0.9015) Adobe Flash Player 20.0.0.235 Mozilla Firefox (43.0.1) ````````Process Check: objlist.exe by Laurent```````` WinPatrol winpatrol.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Avira Antivirus sched.exe Avira Antivirus avshadow.exe Ruiware WinPatrol WinPatrol.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:23-12-2015 durchgeführt von Neagu (Administrator) auf NEAGU-PC (23-12-2015 14:27:45) Gestartet von C:\Users\Neagu\Desktop Geladene Profile: Neagu (Verfügbare Profile: Neagu) Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe (Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe (Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe () C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe (Deutsche Telekom AG) C:\Program Files\Netzmanager\netzmanager.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11580520 2010-11-11] (Realtek Semiconductor) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-29] (Adobe Systems Incorporated) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-05-24] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe [627304 2011-08-11] () HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH) HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-11-23] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [803200 2015-11-20] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [14408 2015-12-16] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-2316090547-2145483676-150453018-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey FF RunOnce.lnk [2015-12-06] ShortcutTarget: Install SafeKey FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey IE RunOnce.lnk [2015-12-06] ShortcutTarget: Install SafeKey IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2013-11-28] ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) Startup: C:\Users\Neagu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk [2013-08-23] ShortcutTarget: Netzmanager.lnk -> C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{71FF24E1-EF5F-4E55-840A-EF01886EBFC7}: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{80667AD8-0D14-484D-A38D-134BE91BA980}: [DhcpNameServer] 192.168.2.1 Internet Explorer: ================== HKU\S-1-5-21-2316090547-2145483676-150453018-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-2316090547-2145483676-150453018-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.) BHO: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll [2015-12-06] (McAfee) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.) BHO-x32: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar.dll [2015-12-06] (McAfee) BHO-x32: AviraBrowserSafety.BrowserSafety -> {c3c77255-42c0-499f-b664-6e981a0b1647} -> C:\Windows\SysWOW64\mscoree.dll [2010-11-21] (Microsoft Corporation) Toolbar: HKLM - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll [2015-12-06] (McAfee) Toolbar: HKLM-x32 - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar.dll [2015-12-06] (McAfee) Toolbar: HKU\S-1-5-21-2316090547-2145483676-150453018-1000 -> Kein Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Keine Datei Toolbar: HKU\S-1-5-21-2316090547-2145483676-150453018-1000 -> Kein Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Keine Datei Handler-x32: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - C:\Windows\SysWOW64\mscoree.dll [2010-11-21] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Neagu\AppData\Roaming\Mozilla\Firefox\Profiles\djoya4xo.default-1426496015576 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-11] () FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-11] () FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-10-12] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.) FF Extension: WOT - C:\Users\Neagu\AppData\Roaming\Mozilla\Firefox\Profiles\djoya4xo.default-1426496015576\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-12-09] FF Extension: McAfee SafeKey - C:\Users\Neagu\AppData\Roaming\Mozilla\Firefox\Profiles\djoya4xo.default-1426496015576\Extensions\{072844D3-7DEE-45F6-A406-E87F76302E4B} [2015-12-06] [ist nicht signiert] FF Extension: Adblock Plus - C:\Users\Neagu\AppData\Roaming\Mozilla\Firefox\Profiles\djoya4xo.default-1426496015576\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-15] Chrome: ======= CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [948392 2015-11-20] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [466408 2015-11-20] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [466408 2015-11-20] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1418560 2015-11-20] (Avira Operations GmbH & Co. KG) R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [249624 2015-11-23] (Avira Operations GmbH & Co. KG) S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-10-12] (WildTangent) R2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [36456 2011-05-30] (Acer Incorporated) R2 Live Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [244624 2011-04-22] (Acer Incorporated) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG) [Datei ist nicht signiert] R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-11-04] (Secunia) R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-11-04] (Secunia) R2 SpeedupService; C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe [24216 2015-12-16] (Avira Operations GmbH & Co. KG) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [162072 2015-11-20] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [140448 2015-11-20] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-11-20] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [75472 2015-11-20] (Avira Operations GmbH & Co. KG) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation) R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-11-04] (Secunia) R3 TelekomNM6; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [45664 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-23 14:26 - 2015-12-23 14:26 - 00000863 _____ C:\Users\Neagu\Desktop\checkup.txt 2015-12-23 14:19 - 2015-12-23 14:19 - 00852720 _____ C:\Users\Neagu\Desktop\SecurityCheck.exe 2015-12-20 18:01 - 2015-12-21 16:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-12-18 12:10 - 2015-12-18 12:10 - 00001227 _____ C:\Users\Public\Desktop\Avira System Speedup.lnk 2015-12-17 19:58 - 2015-12-17 19:58 - 00000000 ____D C:\Windows\SysWOW64\IPM 2015-12-17 19:45 - 2015-12-17 19:45 - 00002532 ____N C:\Users\Public\Desktop\WildTangent Games App - packardbell.lnk 2015-12-17 17:31 - 2015-12-20 20:05 - 00000176 _____ C:\Windows\wininit.ini 2015-12-14 12:36 - 2015-12-14 12:36 - 00000000 ____D C:\Program Files (x86)\ESET 2015-12-14 12:31 - 2015-12-14 12:31 - 02870984 _____ (ESET) C:\Users\Neagu\Desktop\esetsmartinstaller_deu.exe 2015-12-09 18:12 - 2015-11-20 19:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-12-09 18:12 - 2015-11-20 19:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-12-09 18:12 - 2015-11-20 19:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-12-09 18:12 - 2015-11-20 19:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-12-09 18:12 - 2015-11-20 19:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-12-09 18:12 - 2015-11-20 19:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-12-09 18:12 - 2015-11-20 19:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-12-09 18:12 - 2015-11-20 19:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-12-09 18:12 - 2015-11-20 19:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-12-09 18:12 - 2015-11-20 19:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-12-09 18:12 - 2015-11-20 19:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-12-09 18:12 - 2015-11-20 19:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-12-09 18:12 - 2015-11-20 19:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-12-09 18:12 - 2015-11-20 19:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-12-09 18:12 - 2015-11-20 19:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-12-09 18:12 - 2015-11-20 19:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-12-09 18:12 - 2015-11-05 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2015-12-09 18:12 - 2015-11-05 20:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2015-12-09 18:12 - 2015-11-03 20:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2015-12-09 18:12 - 2015-11-03 19:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll 2015-12-09 18:11 - 2015-11-11 22:12 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-12-09 18:11 - 2015-11-11 21:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-12-09 18:11 - 2015-11-11 19:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll 2015-12-09 18:11 - 2015-11-11 19:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll 2015-12-09 18:11 - 2015-11-11 19:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll 2015-12-09 18:11 - 2015-11-11 19:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll 2015-12-09 18:11 - 2015-11-11 17:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-12-09 18:11 - 2015-11-11 17:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-12-09 18:11 - 2015-11-11 16:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-12-09 18:11 - 2015-11-11 16:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-12-09 18:11 - 2015-11-11 16:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-12-09 18:11 - 2015-11-11 16:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-12-09 18:11 - 2015-11-11 15:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-12-09 18:11 - 2015-11-10 19:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-12-09 18:11 - 2015-11-10 19:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-12-09 18:11 - 2015-11-10 19:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll 2015-12-09 18:11 - 2015-11-10 19:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-12-09 18:11 - 2015-11-10 19:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll 2015-12-09 18:11 - 2015-11-10 18:47 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-12-09 18:11 - 2015-11-10 01:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-12-09 18:11 - 2015-11-10 01:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-12-09 18:11 - 2015-11-10 01:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-12-09 18:11 - 2015-11-10 01:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-12-09 18:11 - 2015-11-10 01:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-12-09 18:11 - 2015-11-10 01:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-12-09 18:11 - 2015-11-10 01:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-12-09 18:11 - 2015-11-10 01:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-12-09 18:11 - 2015-11-10 01:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-12-09 18:11 - 2015-11-10 01:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-12-09 18:11 - 2015-11-10 01:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-12-09 18:11 - 2015-11-10 01:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-12-09 18:11 - 2015-11-10 01:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-12-09 18:11 - 2015-11-10 00:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-12-09 18:11 - 2015-11-10 00:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-12-09 18:11 - 2015-11-10 00:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-12-09 18:11 - 2015-11-10 00:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2015-12-09 18:11 - 2015-11-10 00:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2015-12-09 18:11 - 2015-11-10 00:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-12-09 18:11 - 2015-11-10 00:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-12-09 18:11 - 2015-11-10 00:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-12-09 18:11 - 2015-11-10 00:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-12-09 18:11 - 2015-11-10 00:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-12-09 18:11 - 2015-11-10 00:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-12-09 18:11 - 2015-11-08 23:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-12-09 18:11 - 2015-11-08 23:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-12-09 18:11 - 2015-11-08 23:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-12-09 18:11 - 2015-11-08 23:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-12-09 18:11 - 2015-11-08 23:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-12-09 18:11 - 2015-11-08 23:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-12-09 18:11 - 2015-11-08 23:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-12-09 18:11 - 2015-11-08 23:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-12-09 18:11 - 2015-11-08 23:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-12-09 18:11 - 2015-11-08 23:06 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-12-09 18:11 - 2015-11-08 23:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-12-09 18:11 - 2015-11-08 23:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-12-09 18:11 - 2015-11-08 23:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-12-09 18:11 - 2015-11-08 23:01 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-12-09 18:11 - 2015-11-08 23:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-12-09 18:11 - 2015-11-08 23:01 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-12-09 18:11 - 2015-11-08 22:52 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-12-09 18:11 - 2015-11-08 22:48 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-12-09 18:11 - 2015-11-08 22:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-12-09 18:11 - 2015-11-08 22:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-12-09 18:11 - 2015-11-08 22:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-12-09 18:11 - 2015-11-08 22:29 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2015-12-09 18:11 - 2015-11-08 22:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-12-09 18:11 - 2015-11-08 22:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-12-09 18:11 - 2015-11-08 22:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-12-09 18:11 - 2015-11-08 22:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-12-09 18:11 - 2015-11-08 22:14 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-12-09 18:11 - 2015-11-08 22:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-12-09 18:11 - 2015-11-08 21:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-12-09 18:11 - 2015-11-08 21:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-12-09 18:11 - 2015-11-08 21:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-12-09 18:11 - 2015-11-05 20:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll 2015-12-09 18:11 - 2015-11-05 20:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll 2015-12-09 18:11 - 2015-11-05 10:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys 2015-12-09 18:11 - 2015-10-09 00:22 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll 2015-12-09 18:11 - 2015-10-09 00:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL 2015-12-09 18:11 - 2015-10-09 00:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll 2015-12-09 18:11 - 2015-10-09 00:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL 2015-12-09 18:11 - 2015-10-09 00:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL 2015-12-09 18:11 - 2015-10-09 00:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll 2015-12-09 18:11 - 2015-10-09 00:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL 2015-12-09 18:11 - 2015-10-09 00:17 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll 2015-12-09 18:11 - 2015-10-08 20:13 - 00419928 _____ C:\Windows\SysWOW64\locale.nls 2015-12-09 18:11 - 2015-10-08 19:52 - 00419928 _____ C:\Windows\system32\locale.nls 2015-12-09 18:10 - 2015-11-03 20:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll 2015-12-09 18:10 - 2015-11-03 19:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll 2015-12-06 14:41 - 2015-12-06 14:41 - 00000000 ____D C:\Users\Neagu\AppData\Roaming\Avira 2015-12-06 14:38 - 2015-12-18 12:07 - 00003344 _____ C:\Windows\System32\Tasks\Avira System Speedup Tray 2015-12-06 14:37 - 2015-12-06 14:39 - 00000000 ____D C:\Users\Public\Speedup Sessions 2015-12-06 14:37 - 2015-12-06 14:37 - 00003432 _____ C:\Windows\System32\Tasks\Avira Browser Safety Updater Task 2015-12-06 14:34 - 2015-11-20 15:35 - 00162072 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2015-12-06 14:34 - 2015-11-20 15:35 - 00140448 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2015-12-06 14:34 - 2015-11-20 15:35 - 00075472 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2015-12-06 14:34 - 2015-11-20 15:35 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2015-12-06 14:28 - 2015-12-18 18:36 - 00000000 ____D C:\ProgramData\Package Cache 2015-12-06 14:28 - 2015-12-18 12:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-12-06 14:28 - 2015-12-18 12:09 - 00001150 _____ C:\Users\Public\Desktop\Avira Launcher.lnk 2015-12-06 14:28 - 2015-12-18 12:04 - 00000000 ____D C:\Program Files (x86)\Avira 2015-12-06 14:28 - 2015-12-06 14:28 - 04588512 _____ (Avira Operations GmbH & Co. KG) C:\Users\Neagu\Downloads\avira_de_av_566435ac17b49__ws.exe 2015-12-06 14:12 - 2015-12-06 14:12 - 00000000 ____D C:\Users\Neagu\AppData\LocalLow\SafeKeytmp 2015-12-06 14:12 - 2015-12-06 14:12 - 00000000 ____D C:\Users\Neagu\AppData\LocalLow\SafeKeylang 2015-12-06 14:06 - 2015-12-16 18:37 - 00000000 ____D C:\Users\Neagu\AppData\LocalLow\SafeKey 2015-12-06 14:06 - 2015-12-06 14:12 - 00000000 ____D C:\Program Files (x86)\SafeKey 2015-12-06 14:06 - 2015-12-06 14:06 - 26065144 _____ (McAfee, Inc.) C:\Users\Neagu\Downloads\mcafee_safekey.exe 2015-12-06 12:21 - 2015-12-23 14:27 - 00000000 ____D C:\Users\Neagu\Desktop\FRST-OlderVersion 2015-12-06 12:16 - 2015-12-06 12:16 - 00000660 _____ C:\Users\Neagu\Desktop\JRT.txt 2015-12-04 15:02 - 2015-12-04 15:02 - 01599336 _____ (Malwarebytes) C:\Users\Neagu\Desktop\JRT.exe 2015-12-04 14:57 - 2015-12-04 14:57 - 00002757 _____ C:\Users\Neagu\Desktop\AdwCleaner[C1].txt 2015-12-04 14:54 - 2015-12-04 15:00 - 00000000 ____D C:\AdwCleaner 2015-12-04 14:49 - 2015-12-04 14:49 - 01736704 _____ C:\Users\Neagu\Desktop\AdwCleaner_5.023.exe 2015-12-04 14:48 - 2015-12-04 14:48 - 00001210 _____ C:\Users\Neagu\Desktop\mbam.txt 2015-12-01 17:22 - 2015-12-01 17:22 - 00149628 _____ C:\Users\Neagu\Downloads\2015_12rechnung_4885817180(3).pdf 2015-12-01 17:21 - 2015-12-01 17:21 - 00149628 _____ C:\Users\Neagu\Downloads\2015_12rechnung_4885817180(2).pdf 2015-12-01 17:19 - 2015-12-01 17:19 - 00149628 _____ C:\Users\Neagu\Downloads\2015_12rechnung_4885817180(1).pdf 2015-12-01 17:15 - 2015-12-01 17:15 - 00149628 _____ C:\Users\Neagu\Downloads\2015_12rechnung_4885817180.pdf 2015-11-27 10:05 - 2015-11-27 10:05 - 00015603 _____ C:\Users\Neagu\Desktop\ComboFix.txt 2015-11-27 09:30 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe 2015-11-27 09:30 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe 2015-11-27 09:30 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-11-27 09:30 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-11-27 09:30 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-11-27 09:30 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe 2015-11-27 09:30 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe 2015-11-27 09:30 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe 2015-11-27 09:29 - 2015-11-27 10:05 - 00000000 ____D C:\Qoobox 2015-11-27 09:25 - 2015-11-27 09:25 - 05639804 ____R (Swearware) C:\Users\Neagu\Desktop\ComboFix.exe 2015-11-23 13:48 - 2015-11-23 13:50 - 00198778 _____ C:\Users\Neagu\Desktop\TDSSKiller.3.1.0.6_23.11.2015_13.48.17_log.txt 2015-11-23 13:44 - 2015-11-23 13:44 - 04397752 _____ (Kaspersky Lab ZAO) C:\Users\Neagu\Desktop\tdsskiller.exe 2015-11-23 13:41 - 2015-11-23 13:41 - 00002138 _____ C:\Users\Neagu\Desktop\mbar-log-2015-11-23 (13-02-16).txt 2015-11-23 13:00 - 2015-11-23 13:42 - 00000000 ____D C:\Users\Neagu\Desktop\mbar 2015-11-23 12:47 - 2015-11-23 12:48 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Neagu\Desktop\mbar-1.09.3.1001.exe ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-23 14:27 - 2015-11-19 12:40 - 00014933 _____ C:\Users\Neagu\Desktop\FRST.txt 2015-12-23 14:27 - 2015-11-19 12:40 - 00000000 ____D C:\FRST 2015-12-23 14:27 - 2015-11-19 12:37 - 02370560 _____ (Farbar) C:\Users\Neagu\Desktop\FRST64.exe 2015-12-23 14:02 - 2012-06-26 07:33 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-12-23 09:48 - 2009-07-14 05:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-12-23 09:48 - 2009-07-14 05:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-12-23 08:45 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-12-21 17:52 - 2013-12-02 12:09 - 00190976 ___SH C:\Users\Neagu\Documents\Thumbs.db 2015-12-21 17:51 - 2012-07-04 18:19 - 00019811 _____ C:\Users\Neagu\Documents\Bewerbung Niki.odt 2015-12-21 16:47 - 2013-05-11 15:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-12-18 16:20 - 2015-04-08 15:03 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2015-12-18 16:20 - 2015-04-08 15:03 - 00000000 ___SD C:\Windows\system32\GWX 2015-12-17 19:45 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-12-17 19:43 - 2011-10-24 08:09 - 00000000 ____D C:\Program Files (x86)\WildTangent Games 2015-12-17 19:42 - 2012-06-07 18:42 - 00000000 ____D C:\Users\Neagu\AppData\Local\Microsoft Games 2015-12-17 17:31 - 2007-07-12 02:48 - 00000000 ____D C:\Windows 2015-12-14 17:37 - 2013-11-10 17:13 - 00001969 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog 2015-12-11 18:02 - 2012-06-26 07:33 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-12-11 18:02 - 2012-06-26 07:32 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-12-11 18:02 - 2011-10-24 09:19 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-12-09 19:43 - 2009-07-14 05:45 - 00302768 _____ C:\Windows\system32\FNTCACHE.DAT 2015-12-09 19:40 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf 2015-12-09 19:28 - 2013-03-13 12:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-12-09 19:26 - 2013-03-13 12:08 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-12-09 19:26 - 2013-03-13 12:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2015-12-09 19:22 - 2013-08-07 13:19 - 00000000 ____D C:\Windows\system32\MRT 2015-12-09 19:14 - 2013-06-04 08:44 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-12-06 17:29 - 2012-06-06 14:58 - 00068224 _____ C:\Users\Neagu\AppData\Local\GDIPFONTCACHEV1.DAT 2015-12-06 14:38 - 2012-08-08 12:47 - 00000000 ____D C:\ProgramData\Avira 2015-12-06 12:09 - 2012-07-17 07:48 - 00000000 ____D C:\Users\Neagu\AppData\Local\CrashDumps 2015-12-04 14:46 - 2014-06-18 14:25 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-12-04 14:17 - 2011-10-24 09:22 - 00000000 ____D C:\ProgramData\Temp 2015-12-04 14:16 - 2013-11-28 14:49 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster 2015-12-01 17:24 - 2012-10-30 18:42 - 00000000 ____D C:\Users\Neagu\Documents\Telekom-Rechnungen 2015-11-27 10:00 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini 2015-11-27 09:49 - 2013-11-20 09:54 - 00000000 ____D C:\Windows\erdnt 2015-11-26 18:19 - 2015-07-02 14:07 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2015-11-23 13:41 - 2015-03-09 09:51 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-11-23 13:00 - 2014-06-18 14:24 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-12-06 14:12 - 2015-12-06 14:12 - 32372200 _____ (McAfee) C:\Program Files (x86)\Common Files\lpuninstall.exe 2014-07-17 11:40 - 2014-07-17 11:40 - 0004608 _____ () C:\Users\Neagu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini Einige Dateien in TEMP: ==================== C:\Users\Neagu\AppData\Local\Temp\avgnt.exe C:\Users\Neagu\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2014-01-03 15:59 ==================== Ende von FRST.txt ============================ |
Themen zu Windows 7: Interpol-Trojaner ohne Sperrschirm |
appdata, autostart, bytes, c:\windows, code, device, dienst, eingefangen, erkannt, files, gen, harddisk, hilfe!, hotkey, kostenlose, malwarebytes, registry, scan, starten, system, temp, websites, windows, windows 7, winpatrol |