| |
| |||||||
Log-Analyse und Auswertung: Betrug durch Internetkäufe: Schädling trotz Kaspersky vorhanden?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
21.01.2016, 18:44
| #1 |
 |  Betrug durch Internetkäufe: Schädling trotz Kaspersky vorhanden? Hallo ihr lieben Helfer, derzeit werde ich von einer Betrugsserie durch Internetkäufe heimgesucht. Ebayaccount und Emailadresse wurden gehackt und im Zuge dessen ein teurer Artikel verkauft, das Geld und die Emails umgeleitet und keine Ware verschickt (alles unter meinem Namen). Gestern dann die nächste Bestellung i.H.v. 900€ bei einem Onlineshop. Ware an einen Paketshop, Rechnung an mich. Da ich Kaspersky Internetsecurity nutze und ein Scan nichts ergeben hat, befürchte ich nun einen unbemerkten Schädling. Wie in Eurer Anleitung beschrieben stelle ich nachfolgend die zensierten LOG-Files ein. Besten Dank im Voraus für Eure Hilfe. Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:18-01-2016
durchgeführt von ***** (Administrator) auf AIRCAN (21-01-2016 18:22:18)
Gestartet von C:\Users\*****\Desktop
Geladene Profile: ***** & UpdatusUser (Verfügbare Profile: ***** & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Windows\PLFSetI.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Messaging) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-27] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2011-03-16] ()
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860040 2011-01-05] (Acer Incorporated)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [652624 2007-10-25] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2114376 2009-07-06] (CANON INC.)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [615584 2011-01-20] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-01-20] (Atheros Commnucations)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-27] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-29] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-4096825229-3460207125-1897423740-1001\...\Run: [TVgenial] => "C:\Program Files (x86)\TVgenial5\TVgenial.exe" -d
HKU\S-1-5-21-4096825229-3460207125-1897423740-1001\...\Run: [] => [X]
HKU\S-1-5-21-4096825229-3460207125-1897423740-1001\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia)
HKU\S-1-5-21-4096825229-3460207125-1897423740-1001\...\Run: [Lync] => C:\Program Files (x86)\Microsoft Office\root\office16\lync.exe [22496448 2016-01-16] (Microsoft Corporation)
HKU\S-1-5-21-4096825229-3460207125-1897423740-1001\...\MountPoints2: {a721febb-4776-11e2-8bde-00158315a310} - E:\LaunchU3.exe -a
HKU\S-1-5-21-4096825229-3460207125-1897423740-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [453152 2009-12-24] ()
HKU\S-1-5-21-4096825229-3460207125-1897423740-1001\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-4096825229-3460207125-1897423740-1001\$81b84ae0a730a45d99d5c8e57cc9de9b\n. ACHTUNG
HKU\S-1-5-21-4096825229-3460207125-1897423740-1004\...\RunOnce: [ScrSav] => C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-15] ()
HKU\S-1-5-21-4096825229-3460207125-1897423740-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Acer.scr [453152 2009-12-24] ()
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll [2010-05-27] (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll [2010-05-27] (Egis Technology Inc.)
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2016-01-16]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{00C56E12-8C89-4B2C-B0BC-15642B558B78}: [DhcpNameServer] 192.168.178.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt
SearchScopes: HKU\S-1-5-21-4096825229-3460207125-1897423740-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4096825229-3460207125-1897423740-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-01-16] (Microsoft Corporation)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-05-28] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-17] (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-05-28] (Kaspersky Lab ZAO)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2013-07-31] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2016-01-16] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-01-16] (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-05-28] (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-01-16] (Microsoft Corporation)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-05-28] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-17] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-04] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-01-20] (Atheros Commnucations)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-05-28] (Kaspersky Lab ZAO)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2013-07-31] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2016-01-16] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-01-16] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-04] (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-05-28] (Kaspersky Lab ZAO)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-16] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-16] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-16] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-16] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\xhezemyj.default-1432648771564
FF DefaultSearchEngine: DuckDuckGo
FF Homepage: hxxp://www.spiegel.de/
FF Session Restore: -> ist aktiviert.
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2016-01-17] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2016-01-17] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll [2015-01-09] (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-01-16] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-01-16] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2014-11-19] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4096825229-3460207125-1897423740-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\*****\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-09-07] (Unity Technologies ApS)
FF Extension: AutoCopy 2 - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\xhezemyj.default-1432648771564\extensions\autocopy2@teo.pl.xpi [2015-05-31]
FF Extension: Tab Mix Plus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\xhezemyj.default-1432648771564\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2016-01-18]
FF Extension: HTTPS-Everywhere - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\xhezemyj.default-1432648771564\extensions\https-everywhere-eff@eff.org [2016-01-18]
FF Extension: YouTube mp3 - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\xhezemyj.default-1432648771564\Extensions\info@youtube-mp3.org.xpi [2015-05-29]
FF Extension: Adblock Plus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\xhezemyj.default-1432648771564\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-20]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-01-19] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-12-17] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-12-17] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-12-17] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-12-17] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-12-17] [ist nicht signiert]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2013-01-29] <==== ACHTUNG
Chrome:
=======
CHR Profile: C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-11]
CHR Extension: (Google Docs) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-11]
CHR Extension: (Google Drive) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-11]
CHR Extension: (YouTube) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-11]
CHR Extension: (Google Cast) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-01-11]
CHR Extension: (Google-Suche) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-11]
CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2015-01-11]
CHR Extension: (Google Tabellen) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-11]
CHR Extension: (Sicherer Zahlungsverkehr) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2015-01-11]
CHR Extension: (Modul zum Sperren von gefährlichen Webseiten) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2015-01-11]
CHR Extension: (Google Wallet) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-11]
CHR Extension: (Google Mail) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-11]
CHR Extension: (Anti-Banner) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2015-01-11]
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - hxxps://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2014-05-28]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2014-05-28]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2014-05-28]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2014-05-28]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2014-05-28]
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [76448 2011-01-20] (Atheros Commnucations) [Datei ist nicht signiert]
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2014-05-28] (Kaspersky Lab ZAO)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2762936 2016-01-07] (Microsoft Corporation)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 EvoMouseDriverFilterHidUsb; C:\Windows\System32\DRIVERS\EvoMouseDriverFilterHidUsb.sys [25144 2010-06-23] (Evoluent)
S3 EvoMouseDriverMini; C:\Windows\System32\drivers\EvoMouseDriverMini.sys [22584 2010-06-23] ()
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-05-28] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-05-28] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-05-28] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-05-28] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-05-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2014-05-28] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-05-28] (Kaspersky Lab ZAO)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-28] (Malwarebytes Corporation)
R3 SjtWinIo; C:\Windows\System32\DRIVERS\SjtWinIo.sys [9216 2014-01-31] (SpeedJet Technology INC.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Apple, Inc.) [Datei ist nicht signiert]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-01-21 18:22 - 2016-01-21 18:23 - 00028785 _____ C:\Users\*****\Desktop\FRST.txt
2016-01-21 18:22 - 2016-01-21 18:22 - 00000000 ____D C:\FRST
2016-01-21 18:20 - 2016-01-21 18:20 - 02370560 _____ (Farbar) C:\Users\*****\Desktop\FRST64.exe
2016-01-20 21:08 - 2016-01-20 21:08 - 00682615 _____ C:\Users\*****\Desktop\111.xps
2016-01-20 21:08 - 2016-01-20 21:08 - 00641158 _____ C:\Users\*****\Desktop\222.xps
2016-01-20 21:08 - 2016-01-20 21:08 - 00635883 _____ C:\Users\*****\Desktop\333.xps
2016-01-18 18:54 - 2016-01-18 18:55 - 00249726 _____ C:\Users\*****\Desktop\ebay.xps
2016-01-16 19:32 - 2016-01-16 19:32 - 00002216 _____ C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-01-16 19:32 - 2016-01-16 19:32 - 00002145 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-01-16 19:32 - 2016-01-16 19:32 - 00002145 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-01-16 19:32 - 2016-01-16 19:32 - 00000000 ___RD C:\Users\*****\OneDrive
2016-01-16 19:32 - 2016-01-16 19:32 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-01-16 19:32 - 2016-01-16 19:32 - 00000000 ____D C:\Program Files (x86)\Microsoft OneDrive
2016-01-16 19:17 - 2016-01-16 19:17 - 00000000 ____D C:\Users\*****\Documents\OneNote-Notizbücher
2016-01-16 19:10 - 2015-07-18 14:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-01-16 19:03 - 2016-01-16 19:47 - 00002413 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-01-16 19:03 - 2016-01-16 19:03 - 00002530 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2016-01-16 19:03 - 2016-01-16 19:03 - 00002527 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-01-16 19:03 - 2016-01-16 19:03 - 00002523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-01-16 19:03 - 2016-01-16 19:03 - 00002502 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-01-16 19:03 - 2016-01-16 19:03 - 00002480 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2016-01-16 19:03 - 2016-01-16 19:03 - 00002477 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2016-01-16 19:03 - 2016-01-16 19:03 - 00002444 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2016-01-16 19:03 - 2016-01-16 19:03 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-01-16 19:03 - 2016-01-16 19:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016-Tools
2016-01-16 19:01 - 2016-01-16 19:09 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-01-16 18:59 - 2016-01-16 18:59 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-01-16 18:58 - 2016-01-16 18:58 - 03205312 _____ (Microsoft Corporation) C:\Users\*****\Downloads\Setup.x86.de-DE_ProPlusRetail_FXM4G-BBNTY-JHGBG-KG7BK-7XMVH_act_1_.exe
2016-01-13 17:52 - 2015-12-24 00:13 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-01-13 17:52 - 2015-12-23 23:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-01-13 17:52 - 2015-12-12 19:54 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-01-13 17:52 - 2015-12-12 19:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-01-13 17:52 - 2015-12-12 19:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-01-13 17:52 - 2015-12-12 19:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-01-13 17:52 - 2015-12-12 19:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-01-13 17:52 - 2015-12-12 19:15 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-01-13 17:52 - 2015-12-12 19:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-01-13 17:52 - 2015-12-12 19:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-01-13 17:52 - 2015-12-12 19:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-01-13 17:52 - 2015-12-12 19:07 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-01-13 17:52 - 2015-12-12 19:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-01-13 17:52 - 2015-12-12 19:07 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-01-13 17:52 - 2015-12-12 19:03 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-01-13 17:52 - 2015-12-12 19:02 - 20367360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-01-13 17:52 - 2015-12-12 19:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-01-13 17:52 - 2015-12-12 19:02 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-01-13 17:52 - 2015-12-12 19:02 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-01-13 17:52 - 2015-12-12 19:02 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-01-13 17:52 - 2015-12-12 18:55 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-01-13 17:52 - 2015-12-12 18:51 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-01-13 17:52 - 2015-12-12 18:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-01-13 17:52 - 2015-12-12 18:44 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-01-13 17:52 - 2015-12-12 18:40 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-01-13 17:52 - 2015-12-12 18:39 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-01-13 17:52 - 2015-12-12 18:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-01-13 17:52 - 2015-12-12 18:37 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-01-13 17:52 - 2015-12-12 18:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-01-13 17:52 - 2015-12-12 18:37 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-01-13 17:52 - 2015-12-12 18:36 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-01-13 17:52 - 2015-12-12 18:36 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-01-13 17:52 - 2015-12-12 18:35 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-01-13 17:52 - 2015-12-12 18:33 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-01-13 17:52 - 2015-12-12 18:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-01-13 17:52 - 2015-12-12 18:30 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-01-13 17:52 - 2015-12-12 18:28 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-01-13 17:52 - 2015-12-12 18:27 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-01-13 17:52 - 2015-12-12 18:27 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-01-13 17:52 - 2015-12-12 18:27 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-01-13 17:52 - 2015-12-12 18:25 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-01-13 17:52 - 2015-12-12 18:23 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-01-13 17:52 - 2015-12-12 18:22 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-01-13 17:52 - 2015-12-12 18:21 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-01-13 17:52 - 2015-12-12 18:20 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-01-13 17:52 - 2015-12-12 18:19 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-01-13 17:52 - 2015-12-12 18:18 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-01-13 17:52 - 2015-12-12 18:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-01-13 17:52 - 2015-12-12 18:12 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-01-13 17:52 - 2015-12-12 18:10 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-01-13 17:52 - 2015-12-12 18:10 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-01-13 17:52 - 2015-12-12 18:09 - 04610560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-01-13 17:52 - 2015-12-12 18:08 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-01-13 17:52 - 2015-12-12 18:06 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-01-13 17:52 - 2015-12-12 18:02 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-01-13 17:52 - 2015-12-12 18:00 - 12856320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-01-13 17:52 - 2015-12-12 18:00 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-01-13 17:52 - 2015-12-12 18:00 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-01-13 17:52 - 2015-12-12 18:00 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-01-13 17:52 - 2015-12-12 17:54 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-01-13 17:52 - 2015-12-12 17:42 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-01-13 17:52 - 2015-12-12 17:41 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-01-13 17:52 - 2015-12-12 17:38 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-01-13 17:52 - 2015-12-12 17:36 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-01-13 17:52 - 2015-12-08 22:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-01-13 17:52 - 2015-12-08 22:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-01-13 17:52 - 2015-12-08 22:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-01-13 17:52 - 2015-12-08 22:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-01-13 17:52 - 2015-12-08 22:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-01-13 17:52 - 2015-12-08 22:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-01-13 17:52 - 2015-12-08 22:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2016-01-13 17:52 - 2015-12-08 22:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-01-13 17:52 - 2015-12-08 22:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-01-13 17:52 - 2015-12-08 22:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-01-13 17:52 - 2015-12-08 22:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-01-13 17:52 - 2015-12-08 22:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-01-13 17:52 - 2015-12-08 22:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-01-13 17:52 - 2015-12-08 22:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-01-13 17:52 - 2015-12-08 22:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-01-13 17:52 - 2015-12-08 22:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-01-13 17:52 - 2015-12-08 22:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-01-13 17:52 - 2015-12-08 22:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-01-13 17:52 - 2015-12-08 22:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-01-13 17:52 - 2015-12-08 22:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-01-13 17:52 - 2015-12-08 22:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-01-13 17:52 - 2015-12-08 22:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-01-13 17:52 - 2015-12-08 22:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-01-13 17:52 - 2015-12-08 22:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-01-13 17:52 - 2015-12-08 22:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-01-13 17:52 - 2015-12-08 22:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2016-01-13 17:52 - 2015-12-08 22:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-01-13 17:52 - 2015-12-08 22:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-01-13 17:52 - 2015-12-08 22:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-01-13 17:52 - 2015-12-08 22:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-01-13 17:52 - 2015-12-08 22:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-01-13 17:52 - 2015-12-08 22:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-01-13 17:52 - 2015-12-08 22:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-01-13 17:52 - 2015-12-08 22:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-01-13 17:52 - 2015-12-08 22:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
2016-01-13 17:52 - 2015-12-08 22:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-01-13 17:52 - 2015-12-08 20:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-01-13 17:52 - 2015-12-08 20:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-01-13 17:52 - 2015-12-08 20:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-01-13 17:52 - 2015-12-08 20:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-01-13 17:52 - 2015-12-08 20:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-01-13 17:52 - 2015-12-08 20:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-01-13 17:52 - 2015-12-08 20:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-01-13 17:52 - 2015-12-08 20:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-01-13 17:52 - 2015-12-08 20:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-01-13 17:52 - 2015-12-08 20:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-01-13 17:52 - 2015-12-08 20:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-01-13 17:52 - 2015-12-08 20:07 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2016-01-13 17:52 - 2015-12-08 20:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-01-13 17:52 - 2015-12-08 20:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-01-13 17:52 - 2015-12-08 20:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-01-13 17:52 - 2015-12-08 20:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-01-13 17:52 - 2015-12-08 20:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-01-13 17:52 - 2015-12-08 20:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-01-13 17:52 - 2015-12-08 20:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-01-13 17:52 - 2015-12-08 20:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-01-13 17:52 - 2015-12-08 20:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-01-13 17:52 - 2015-12-08 20:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-01-13 17:52 - 2015-12-08 20:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-01-13 17:52 - 2015-12-08 20:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-01-13 17:52 - 2015-12-08 20:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-01-13 17:52 - 2015-12-08 20:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-01-13 17:52 - 2015-12-08 20:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-01-13 17:52 - 2015-12-08 20:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-01-13 17:52 - 2015-12-08 20:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-01-13 17:52 - 2015-12-08 20:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-01-13 17:52 - 2015-12-08 20:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-01-13 17:52 - 2015-12-08 20:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-01-13 17:52 - 2015-12-08 20:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-01-13 17:52 - 2015-12-08 20:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-01-13 17:52 - 2015-12-08 20:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2016-01-13 17:52 - 2015-12-08 20:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-01-13 17:52 - 2015-12-08 20:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-01-13 17:52 - 2015-12-08 20:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-01-13 17:52 - 2015-12-08 19:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-01-13 17:52 - 2015-12-08 19:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-01-13 17:52 - 2015-12-08 19:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2016-01-13 17:52 - 2015-12-08 18:58 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-01-13 17:52 - 2015-11-14 00:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-01-13 17:52 - 2015-11-14 00:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-01-13 17:52 - 2015-11-14 00:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-01-13 17:52 - 2015-11-13 23:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2016-01-13 17:52 - 2015-11-13 23:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2016-01-13 17:52 - 2015-11-13 23:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
2016-01-13 17:51 - 2015-12-08 22:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-01-13 17:51 - 2015-12-08 22:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-01-13 17:51 - 2015-12-08 20:07 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-01-13 17:51 - 2015-12-08 20:07 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-01-13 17:47 - 2015-12-30 20:08 - 05572544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-01-13 17:47 - 2015-12-30 20:08 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-01-13 17:47 - 2015-12-30 20:08 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-01-13 17:47 - 2015-12-30 20:05 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-01-13 17:47 - 2015-12-30 20:02 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-01-13 17:47 - 2015-12-30 20:02 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-01-13 17:47 - 2015-12-30 20:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-01-13 17:47 - 2015-12-30 20:02 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-01-13 17:47 - 2015-12-30 20:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-01-13 17:47 - 2015-12-30 20:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-01-13 17:47 - 2015-12-30 20:01 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-01-13 17:47 - 2015-12-30 20:01 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-01-13 17:47 - 2015-12-30 20:01 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-01-13 17:47 - 2015-12-30 20:01 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-01-13 17:47 - 2015-12-30 20:01 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-01-13 17:47 - 2015-12-30 20:01 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-01-13 17:47 - 2015-12-30 20:01 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-01-13 17:47 - 2015-12-30 20:00 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-01-13 17:47 - 2015-12-30 19:59 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-01-13 17:47 - 2015-12-30 19:59 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-01-13 17:47 - 2015-12-30 19:58 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-01-13 17:47 - 2015-12-30 19:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-01-13 17:47 - 2015-12-30 19:57 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-01-13 17:47 - 2015-12-30 19:57 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-01-13 17:47 - 2015-12-30 19:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-01-13 17:47 - 2015-12-30 19:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-01-13 17:47 - 2015-12-30 19:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-01-13 17:47 - 2015-12-30 19:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-01-13 17:47 - 2015-12-30 19:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-13 17:47 - 2015-12-30 19:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-13 17:47 - 2015-12-30 19:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-01-13 17:47 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-01-13 17:47 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-01-13 17:47 - 2015-12-30 19:47 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-01-13 17:47 - 2015-12-30 19:47 - 03938240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-01-13 17:47 - 2015-12-30 19:44 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-01-13 17:47 - 2015-12-30 19:41 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-01-13 17:47 - 2015-12-30 19:41 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-01-13 17:47 - 2015-12-30 19:41 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-01-13 17:47 - 2015-12-30 19:41 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-01-13 17:47 - 2015-12-30 19:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-01-13 17:47 - 2015-12-30 19:41 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-01-13 17:47 - 2015-12-30 19:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-01-13 17:47 - 2015-12-30 19:41 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-01-13 17:47 - 2015-12-30 19:40 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-01-13 17:47 - 2015-12-30 19:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-01-13 17:47 - 2015-12-30 19:39 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-01-13 17:47 - 2015-12-30 19:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-01-13 17:47 - 2015-12-30 19:38 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-01-13 17:47 - 2015-12-30 19:38 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-01-13 17:47 - 2015-12-30 19:37 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-01-13 17:47 - 2015-12-30 19:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-13 17:47 - 2015-12-30 19:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-01-13 17:47 - 2015-12-30 18:57 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-01-13 17:47 - 2015-12-30 18:50 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-01-13 17:47 - 2015-12-30 18:49 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-01-13 17:47 - 2015-12-30 18:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-01-13 17:47 - 2015-12-30 18:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-01-13 17:47 - 2015-12-30 18:42 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-01-13 17:47 - 2015-12-30 18:42 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-01-13 17:47 - 2015-12-30 18:41 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-01-13 17:47 - 2015-12-30 18:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-01-13 17:47 - 2015-12-30 18:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-01-13 17:47 - 2015-12-30 18:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-01-13 17:47 - 2015-12-30 18:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-01-13 17:47 - 2015-12-30 18:30 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-01-13 17:46 - 2015-12-30 19:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-01-13 17:46 - 2015-12-30 19:58 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-01-13 17:46 - 2015-12-30 19:54 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-01-13 17:46 - 2015-12-30 19:54 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-01-13 17:46 - 2015-12-30 19:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-01-13 17:46 - 2015-12-30 19:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-01-13 17:46 - 2015-12-30 19:37 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 18:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-01-13 17:46 - 2015-12-30 18:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 18:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 18:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-01-07 09:26 - 2016-01-07 09:26 - 00625848 _____ (Microsoft Corporation) C:\Windows\system32\msvcp140.dll
2016-01-07 09:26 - 2016-01-07 09:26 - 00381128 _____ (Microsoft Corporation) C:\Windows\system32\vccorlib140.dll
2016-01-07 09:26 - 2016-01-07 09:26 - 00323792 _____ (Microsoft Corporation) C:\Windows\system32\concrt140.dll
2016-01-07 09:26 - 2016-01-07 09:26 - 00079544 _____ (Microsoft Corporation) C:\Windows\system32\vcruntime140.dll
2016-01-07 07:34 - 2016-01-07 07:34 - 00430264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp140.dll
2016-01-07 07:34 - 2016-01-07 07:34 - 00257736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vccorlib140.dll
2016-01-07 07:34 - 2016-01-07 07:34 - 00234192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\concrt140.dll
2016-01-07 07:34 - 2016-01-07 07:34 - 00075960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcruntime140.dll
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-01-21 18:22 - 2007-07-12 02:48 - 00000000 ____D C:\Windows
2016-01-21 18:20 - 2011-06-19 14:37 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-21 18:15 - 2012-03-08 19:22 - 00000035 _____ C:\Users\Public\Documents\AtherosServiceConfig.ini
2016-01-21 17:17 - 2011-06-19 14:37 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-20 19:25 - 2011-05-20 19:39 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-01-20 19:19 - 2009-07-14 05:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-20 19:19 - 2009-07-14 05:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-18 18:11 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2016-01-17 11:26 - 2011-03-16 19:19 - 01111902 _____ C:\Windows\system32\perfh007.dat
2016-01-17 11:26 - 2011-03-16 19:19 - 00275748 _____ C:\Windows\system32\perfc007.dat
2016-01-17 11:26 - 2009-07-14 06:13 - 00005478 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-17 11:25 - 2012-11-05 13:02 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-17 11:25 - 2011-05-20 20:50 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-17 11:20 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-17 11:20 - 2009-07-14 05:45 - 00433592 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-17 11:11 - 2011-03-16 10:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-01-16 19:32 - 2011-05-20 19:21 - 00000000 ____D C:\Users\*****
2016-01-16 19:29 - 2011-05-20 19:22 - 00114184 _____ C:\Users\*****\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-16 19:10 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-01-16 19:01 - 2011-07-18 19:38 - 00000000 ____D C:\Users\*****\AppData\Roaming\SoftGrid Client
2016-01-16 18:59 - 2014-04-02 18:37 - 00017856 _____ C:\Users\*****\Desktop\Erwerbsminderung.xlsx
2016-01-16 18:59 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-01-14 18:32 - 2013-08-14 21:00 - 00000000 ____D C:\Windows\system32\MRT
2016-01-14 18:20 - 2011-05-29 11:20 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2011-07-05 22:11 - 2011-07-05 22:11 - 0000000 _____ () C:\Users\*****\AppData\Local\{9222BA30-9142-431B-9F67-297488ED8E4B}
2010-11-17 14:30 - 2010-03-03 00:59 - 0131984 _____ () C:\ProgramData\FullRemove.exe
Einige Dateien in TEMP:
====================
C:\Users\*****\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\*****\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\*****\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\*****\AppData\Local\Temp\Quarantine.exe
C:\Users\*****\AppData\Local\Temp\SHSetup.exe
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2016-01-18 17:55
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:18-01-2016
durchgeführt von (2016-01-21 18:24:10)
Gestartet von C:\Users\\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-05-20 18:21:31)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-4096825229-3460207125-1897423740-500 - Administrator - Disabled)
(S-1-5-21-4096825229-3460207125-1897423740-1001 - Administrator - Enabled) => C:\Users\
Gast (S-1-5-21-4096825229-3460207125-1897423740-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-4096825229-3460207125-1897423740-1003 - Limited - Enabled)
UpdatusUser (S-1-5-21-4096825229-3460207125-1897423740-1004 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Kaspersky Internet Security (Enabled - Out of date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AS: Kaspersky Internet Security (Enabled - Out of date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {8C27F4BD-7F99-4CD1-5651-D3EB97674300}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)
Acer Crystal Eye webcam Ver:1.1.199.107 (HKLM-x32\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.199.107 - Chicony Electronics Co.,Ltd.)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3009 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3016 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1) (Version: 6.1.0.9 - Oberon Media, Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3004 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0707.2010 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3005 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.1.102.64 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.6.156 - Adobe Systems, Inc.)
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version: - Oberon Media)
Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.56 - Atheros Communications)
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.0.2.3 - Broadcom Corporation)
Cake Mania (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version: - Oberon Media)
Canon iP2600 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series) (Version: - )
Canon iP2600 series Benutzerregistrierung (HKLM-x32\...\Canon iP2600 series Benutzerregistrierung) (Version: - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - )
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5143 - CDBurnerXP)
comdirect BörsenTicker (HKLM-x32\...\de.comdirect.ticker.CD5696F93DD370A1D14916944CB4AC4A409DD315.1) (Version: 1.0.2 - comdirect Bank AG)
comdirect BörsenTicker (x32 Version: 1.0.2 - comdirect Bank AG) Hidden
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3216.50 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version: - Oberon Media)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
ETDWare PS/2-x64 7.0.6.5_WHQL (HKLM\...\Elantech) (Version: 7.0.6.5 - ELAN Microelectronics Corp.)
Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version: - Oberon Media)
Flight Planner 6 (HKLM-x32\...\Flight Planner_is1) (Version: 6.0.0.42 - ifos GmbH)
Galapago (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version: - Oberon Media)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
GOTO PPL (HKLM-x32\...\{809B22DC-A386-4F22-0023-DE0000000001}) (Version: 1.0 - Peters Software)
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version: - Oberon Media)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2182 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Acer Inc.)
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Merriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version: - Oberon Media)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 16.0.6366.2056 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4096825229-3460207125-1897423740-1001\...\OneDriveSetup.exe) (Version: 17.3.4604.0120 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 39.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 39.0.3 (x86 de)) (Version: 39.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0 - Mozilla)
Mozilla Thunderbird (3.1.16) (HKLM-x32\...\Mozilla Thunderbird (3.1.16)) (Version: 3.1.16 (de) - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyWinLocker (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.8.54.0 - Nokia)
Nokia Suite (x32 Version: 3.8.54.0 - Nokia) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8939 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8939 - NTI Corporation) Hidden
NVIDIA 3D Vision Controller Driver 270.47 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 270.47 - NVIDIA Corporation)
NVIDIA Grafiktreiber 270.51 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 270.51 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6326.1019 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6326.1019 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6326.1019 - Microsoft Corporation) Hidden
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
Poker Pop (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}) (Version: - Oberon Media)
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30124 - Realtek Semiconductor Corp.)
Shredder (Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.3 - Egis Technology Inc.) Hidden
SopCast 3.4.7 (HKLM-x32\...\SopCast) (Version: 3.4.7 - www.sopcast.com)
Spin & Win (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}) (Version: - Oberon Media)
Stellarium 0.13.1 (HKLM\...\Stellarium_is1) (Version: 0.13.1 - Stellarium team)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Überwachungstool für die Intel® Turbo-Boost-Technik (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
Unity Web Player (HKU\S-1-5-21-4096825229-3460207125-1897423740-1001\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
webGAMET (HKU\S-1-5-21-4096825229-3460207125-1897423740-1001\...\webGAMET) (Version: - Deutscher Wetterdienst)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3101 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version: - )
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-4096825229-3460207125-1897423740-1001_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> C:\$Recycle.Bin ()
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {1CF9BBAB-D682-476D-9B91-BCD85E91EE15} - System32\Tasks\{0533D42C-8ABE-46A6-AA03-728BCBDF624C} => pcalua.exe -a "C:\Users\\Downloads\powersetup.exe" -d "C:\Users\\Downloads"
Task: {39C5980B-1207-4251-BDAB-DEC319E2B348} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {486CF296-ED15-414D-A117-A23668C801C4} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-01-07] (Microsoft Corporation)
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {5B461691-1AFA-4CC3-8425-3BF92BEAED75} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-01-07] (Microsoft Corporation)
Task: {5CD3BDBE-5133-4969-B042-27B85E992419} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-01-16] (Microsoft Corporation)
Task: {8B6564E5-1A9D-4AF5-9895-6CC28EE3A2D3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-01-16] (Microsoft Corporation)
Task: {B44E1771-CCB5-432D-9756-90CC57A4A065} - System32\Tasks\{DCB06C5D-90A8-4F30-A8F4-8CDF6249C24A} => pcalua.exe -a "C:\Users\\Local Settings\Application Data\Bundled software uninstaller\biclient.exe" -c /initurl hxxp://bi.bisrv.com/:affid:/:sid:/:uid:? /affid uninstall /id uninstall /name "Bundled software uninstaller"
Task: {CDA904E5-D875-43FD-9A72-6D998499C9B2} - \SidebarExecute -> Keine Datei <==== ACHTUNG
Task: {D07195FF-EA61-4009-8055-99B4CB519803} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2016-01-16 18:59 - 2016-01-07 06:13 - 00162472 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2011-06-08 20:35 - 2011-05-28 21:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2011-03-16 10:47 - 2011-03-16 10:47 - 00206208 _____ () C:\Windows\PLFSetI.exe
2013-06-17 11:35 - 2013-06-17 11:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 13:52 - 2013-05-08 13:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2010-06-29 00:20 - 2010-06-29 00:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-06-29 00:12 - 2010-06-29 00:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2014-11-19 11:48 - 2014-11-19 11:48 - 08507232 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtGui4.dll
2014-11-19 11:48 - 2014-11-19 11:48 - 02354016 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtCore4.dll
2014-11-19 11:48 - 2014-11-19 11:48 - 01014624 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtNetwork4.dll
2014-11-19 11:48 - 2014-11-19 11:48 - 00364384 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtXml4.dll
2014-11-19 11:48 - 2014-11-19 11:48 - 02480992 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtDeclarative4.dll
2014-11-19 11:48 - 2014-11-19 11:48 - 01346912 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtScript4.dll
2014-11-19 11:48 - 2014-11-19 11:48 - 00206176 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtSql4.dll
2014-11-19 11:48 - 2014-11-19 11:48 - 02653024 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtXmlPatterns4.dll
2014-11-19 11:48 - 2014-11-19 11:48 - 00033120 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qgif4.dll
2014-11-19 11:48 - 2014-11-19 11:48 - 00035680 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qico4.dll
2014-11-19 11:48 - 2014-11-19 11:48 - 00207200 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qjpeg4.dll
2014-11-19 11:48 - 2014-11-19 11:48 - 11166560 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtWebKit4.dll
2014-11-19 11:48 - 2014-11-19 11:48 - 00276832 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\phonon4.dll
2014-11-11 09:21 - 2014-11-11 09:21 - 00392552 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\ssoengine.dll
2014-11-11 09:21 - 2014-11-11 09:21 - 00059752 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\securestorage.dll
2014-11-19 11:47 - 2014-11-19 11:47 - 00438624 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\NService.dll
2014-11-19 11:48 - 2014-11-19 11:48 - 00446304 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
2014-11-19 11:48 - 2014-11-19 11:48 - 00520544 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtMultimediaKit1.dll
2014-11-19 11:48 - 2014-11-19 11:48 - 00720736 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtOpenGL4.dll
2014-11-19 11:46 - 2014-11-19 11:46 - 00606560 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\CommonUpdateChecker.dll
2014-11-19 11:48 - 2014-11-19 11:48 - 00093024 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\qjson.dll
2010-11-17 13:47 - 2009-05-20 07:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2014-10-19 15:18 - 2014-10-19 15:18 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\89753abff3827095ec7f3d3fb79f744a\IsdiInterop.ni.dll
2010-11-17 14:18 - 2010-04-13 18:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2011-05-20 21:31 - 2011-11-12 23:23 - 00848536 _____ () C:\Program Files (x86)\Mozilla Thunderbird\js3250.dll
2011-05-20 21:31 - 2011-11-12 23:23 - 00161944 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2011-05-20 21:31 - 2011-11-12 23:23 - 00021656 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\ProgramData\Temp:0B9176C0
AlternateDataStreams: C:\ProgramData\Temp:1A60DE96
AlternateDataStreams: C:\ProgramData\Temp:4D066AD2
AlternateDataStreams: C:\ProgramData\Temp:93EB7685
AlternateDataStreams: C:\ProgramData\Temp:CDFF58FE
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 03:34 - 2016-01-21 18:21 - 00000832 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-4096825229-3460207125-1897423740-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{21287B91-C4A6-49EB-A1D9-ABDF30DA2211}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{1CC30A01-172A-4864-97E2-B6F61390A76F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{50A792E6-7C82-4859-8E34-89FB308C052B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{BA9A8FBB-9A4E-4F77-9D49-4D11A6F9AEB8}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{DC92FC67-9BBB-4E23-B547-A7791BC72FDD}] => (Allow) LPort=2869
FirewallRules: [{EB9D1176-7058-4411-9369-F07BAE4FBF34}] => (Allow) LPort=1900
FirewallRules: [{A5E29AB8-AC8F-41A0-B225-7C2BAB3FC895}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{86D65BE1-26B9-434B-808F-C3205FA5C054}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{8BA3D7CD-5A18-4087-8A9F-32F0825473D2}] => (Allow) C:\Program Files (x86)\nokia\nokia suite\nokiasuite.exe
FirewallRules: [{D7F35CC7-8869-47B8-8036-12B4C8F92798}] => (Allow) C:\Program Files (x86)\Common Files\nokia\service layer\a\nsl_host_process.exe
FirewallRules: [{5879C5D2-27FC-4ED4-8C58-39E3A40056D0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{EE37404B-3018-4CA4-A76D-6E710590D730}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{01FD0687-C125-441D-9C7A-C161F41B5EB5}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{5CCE5E9C-F179-443B-BF4A-E6C4E3E460BC}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{B30FFEB5-8E2B-4C8B-BE4E-0C49EEAB7E68}] => (Allow) C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
FirewallRules: [{7DFD1E81-4947-4959-A9FE-59762BFD055C}] => (Allow) C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
FirewallRules: [{D1192789-5502-49B3-8A91-123256683D84}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{45300B6D-885E-4F2F-ACD3-F3AE64559087}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{71344E20-B3F8-4A64-9CF5-4E90003B2924}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{C6CCCB20-A48A-4CE3-9B7D-C77373DC3E0C}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{3B19E3AA-FA98-4ACA-B8A2-E85DB31C7DBE}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{6E426B5B-6F8F-4A88-920A-20F02F97E571}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{464CFB5A-4FBD-4BF4-A2EB-BBB72466E6AA}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{E9D9A7ED-15BF-42A2-A642-F935CE8C51EF}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{DB9C9685-1A36-477F-91B1-5AD653B0CDDE}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{5A0D79C7-6EE3-4828-A217-5579F7CD9944}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{52439C7E-C392-4C29-9695-56572610CE93}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{2E079CF7-E7BD-43FF-96FA-D36989DC142B}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{9A297087-368B-4D87-9EFA-4D9853F5C37C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{35781120-05C9-4458-8627-7B7DB874CCFB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FA599545-B53B-4514-817A-1E5F9D2E6CFB}] => (Allow) C:\Program Files (x86)\nokia\nokia suite\nokiasuite.exe
FirewallRules: [{F1317FB7-42C9-453E-A01D-65C7461E4EAD}] => (Allow) C:\Program Files (x86)\Common Files\nokia\service layer\a\nsl_host_process.exe
FirewallRules: [{DC264DB0-649D-494C-96CA-E4B7CBD01765}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{B7A788AB-F62E-4702-A2A8-8D7AA9C800AE}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{74984EFF-5E4C-46E5-91AC-FFA18E1002E2}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{F1977ED9-8742-4118-ACDD-7477813E31A9}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{3BDD5CB6-E49C-4CBC-92DA-DD92EE5A6BB3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{F2F9B5AA-A61B-47F0-B4E2-CC004A14EFAC}] => (Allow) C:\Users\\AppData\Local\Microsoft\OneDrive\OneDrive.exe
==================== Wiederherstellungspunkte =========================
19-12-2015 17:45:38 Windows Update
27-12-2015 11:07:45 Windows Update
01-01-2016 14:52:40 Windows Update
05-01-2016 15:47:00 Windows Update
12-01-2016 11:35:52 Windows Update
14-01-2016 18:15:07 Windows Update
15-01-2016 18:51:22 Windows Update
16-01-2016 19:10:19 Windows Update
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (01/18/2016 05:56:49 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"1". Fehler in Manifest- oder Richtliniendatei "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"2" in Zeile UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (01/17/2016 11:26:26 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error: (01/17/2016 11:26:26 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (01/17/2016 11:26:26 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (01/17/2016 11:11:08 AM) (Source: Windows Search Service) (EventID: 3083) (User: )
Description: Fehler beim Laden des Protokollhandlers Mapi16. Fehlerbeschreibung: Die angegebene Prozedur wurde nicht gefunden. (HRESULT : 0x8007007f).
Error: (01/17/2016 11:01:44 AM) (Source: Windows Search Service) (EventID: 3083) (User: )
Description: Fehler beim Laden des Protokollhandlers OneIndex16. Fehlerbeschreibung: Die angegebene Prozedur wurde nicht gefunden. (HRESULT : 0x8007007f).
Error: (01/17/2016 11:01:42 AM) (Source: Windows Search Service) (EventID: 3083) (User: )
Description: Fehler beim Laden des Protokollhandlers Mapi16. Fehlerbeschreibung: Die angegebene Prozedur wurde nicht gefunden. (HRESULT : 0x8007007f).
Error: (01/16/2016 07:48:46 PM) (Source: Windows Search Service) (EventID: 3083) (User: )
Description: Fehler beim Laden des Protokollhandlers Mapi16. Fehlerbeschreibung: Die angegebene Prozedur wurde nicht gefunden. (HRESULT : 0x8007007f).
Error: (01/16/2016 07:47:23 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"1". Fehler in Manifest- oder Richtliniendatei "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"2" in Zeile UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (01/16/2016 07:47:23 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"1". Fehler in Manifest- oder Richtliniendatei "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"2" in Zeile UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Systemfehler:
=============
Error: (01/17/2016 11:24:06 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1070
Error: (01/17/2016 11:24:05 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde nicht richtig gestartet.
Error: (01/16/2016 07:24:08 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
Error: (01/16/2016 07:24:08 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
Error: (01/16/2016 07:24:08 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
Error: (01/16/2016 07:24:08 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
Error: (01/16/2016 07:24:04 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
Error: (01/16/2016 07:24:04 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
Error: (01/16/2016 07:24:04 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
Error: (01/14/2016 06:39:07 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800f0902 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB3108664)
CodeIntegrity:
===================================
Date: 2015-03-21 11:57:50.124
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-21 11:57:50.122
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-21 11:57:50.119
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-21 11:57:50.099
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-21 11:57:50.096
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-21 11:57:50.093
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-17 19:44:18.563
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-17 19:44:18.562
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-17 19:44:18.560
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-17 19:44:18.538
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz
Prozentuale Nutzung des RAM: 29%
Installierter physikalischer RAM: 7862.71 MB
Verfügbarer physikalischer RAM: 5556.17 MB
Summe virtueller Speicher: 15723.62 MB
Verfügbarer virtueller Speicher: 12488.27 MB
==================== Laufwerke ================================
Drive c: (Windows und Programme) (Fixed) (Total:256.35 GB) (Free:148.09 GB) NTFS
Drive d: (Musik und Bilder) (Fixed) (Total:195.31 GB) (Free:56.18 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F3C06F04)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=256.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=195.3 GB) - (Type=OF Extended)
==================== Ende von Addition.txt ============================
|
|
21.01.2016, 22:10
| #2 |
| /// TB-Ausbilder /// Anleitungs-Guru  | Betrug durch Internetkäufe: Schädling trotz Kaspersky vorhanden? Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das... 
 Hinweis:Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden. Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert. Adware & Co. können wir sehr gut entfernen. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean  bekommst.Los geht's: Ich hoffe Du hast die Zugangsdaten zu Deinen Konten von einem anderen PC/Handy bereits geändert? Schritt 1  Scan mit Combofix
__________________ |
|
22.01.2016, 18:28
| #3 |
| | Betrug durch Internetkäufe: Schädling trotz Kaspersky vorhanden? Hallo Jürgen,
__________________zunächt einmal Danke für Deine Mühen. Ich habe die Zugangsdaten selbstverständlich zurückgesetzt und die Passwörter neu vergeben. Aber ich habe dies von meinem Rechner aus getan. - War das ein Fehler? - Hast Du bereits einen Hinweis auf eine Auffälligkeit? Anbei der Code: Code:
ATTFilter ComboFix 16-01-22.01 - ***** 22.01.2016 17:56:54.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.7863.5723 [GMT 1:00]
ausgeführt von:: c:\users\*****\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
FW: Kaspersky Internet Security *Disabled* {8C27F4BD-7F99-4CD1-5651-D3EB97674300}
SP: Kaspersky Internet Security *Disabled/Updated* {0F7D947C-13CC-4207-47BE-41AC12334EC6}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\wininit.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-12-22 bis 2016-01-22 ))))))))))))))))))))))))))))))
.
.
2016-01-22 17:07 . 2016-01-22 17:07 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2016-01-22 17:07 . 2016-01-22 17:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-01-21 17:22 . 2016-01-21 17:24 -------- d-----w- C:\FRST
2016-01-19 16:19 . 2015-11-25 11:02 11154520 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{29F08137-E46F-4062-A26D-7412619A79F1}\mpengine.dll
2016-01-16 18:32 . 2016-01-16 18:32 -------- d-----w- c:\program files (x86)\Microsoft OneDrive
2016-01-16 18:32 . 2016-01-16 18:32 -------- d-----r- c:\users\*****\OneDrive
2016-01-16 18:32 . 2016-01-16 18:32 -------- d-----w- c:\programdata\Microsoft OneDrive
2016-01-16 18:03 . 2016-01-16 18:01 2435280 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2016-01-16 18:01 . 2016-01-16 18:09 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft
2016-01-13 16:52 . 2015-12-08 21:53 509952 ----a-w- c:\windows\SysWow64\qedit.dll
2016-01-13 16:51 . 2015-12-08 21:53 641536 ----a-w- c:\windows\SysWow64\advapi32.dll
2016-01-13 16:51 . 2015-12-08 19:07 879104 ----a-w- c:\windows\system32\advapi32.dll
2016-01-13 16:51 . 2015-12-08 19:07 405504 ----a-w- c:\windows\system32\gdi32.dll
2016-01-13 16:51 . 2015-12-08 21:52 312320 ----a-w- c:\windows\SysWow64\gdi32.dll
2016-01-13 16:46 . 2015-12-30 18:54 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-07 08:26 . 2016-01-07 08:26 79544 ----a-w- c:\windows\system32\vcruntime140.dll
2016-01-07 08:26 . 2016-01-07 08:26 625848 ----a-w- c:\windows\system32\msvcp140.dll
2016-01-07 08:26 . 2016-01-07 08:26 381128 ----a-w- c:\windows\system32\vccorlib140.dll
2016-01-07 08:26 . 2016-01-07 08:26 323792 ----a-w- c:\windows\system32\concrt140.dll
2016-01-07 08:26 . 2016-01-07 08:26 20704 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VSTO\10.0\1031\VSTOLoaderUI.dll
2016-01-07 08:26 . 2016-01-07 08:26 11560 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VSTO\10.0\1031\VSTOInstallerUI.dll
2016-01-07 07:59 . 2016-01-07 07:59 28912 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll
2016-01-07 06:34 . 2016-01-07 06:34 75960 ----a-w- c:\windows\SysWow64\vcruntime140.dll
2016-01-07 06:34 . 2016-01-07 06:34 430264 ----a-w- c:\windows\SysWow64\msvcp140.dll
2016-01-07 06:34 . 2016-01-07 06:34 257736 ----a-w- c:\windows\SysWow64\vccorlib140.dll
2016-01-07 06:34 . 2016-01-07 06:34 234192 ----a-w- c:\windows\SysWow64\concrt140.dll
2016-01-07 01:51 . 2016-01-07 01:51 1274456 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE16\Office Setup Controller\pidgenx.dll
2016-01-06 02:35 . 2016-01-06 02:35 5132888 ----a-w- c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
2016-01-06 02:35 . 2016-01-06 02:35 2230360 ----a-w- c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPOBJS.DLL
2016-01-06 02:35 . 2016-01-06 02:35 204376 ----a-w- c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPC.DLL
2016-01-06 02:35 . 2016-01-06 02:35 1833560 ----a-w- c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPCEXT.DLL
2016-01-06 02:35 . 2016-01-06 02:35 179800 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPC.DLL
2016-01-06 02:35 . 2016-01-06 02:35 1653336 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPCEXT.DLL
2016-01-06 02:35 . 2016-01-06 02:35 147032 ----a-w- c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.DLL
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-01-17 10:25 . 2012-11-05 12:02 796864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-01-17 10:25 . 2011-05-20 19:50 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-01-14 17:20 . 2011-05-29 10:20 143671360 ----a-w- c:\windows\system32\MRT.exe
2015-12-30 18:37 . 2016-01-13 16:47 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-12-08 19:07 . 2009-07-14 00:22 1393152 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
2015-12-02 12:18 . 2011-05-20 18:53 301728 ------w- c:\windows\system32\MpSigStub.exe
2015-11-20 18:54 . 2015-12-10 11:52 98816 ----a-w- c:\windows\system32\wudriver.dll
2015-11-20 18:54 . 2015-12-10 11:52 37888 ----a-w- c:\windows\system32\wups2.dll
2015-11-20 18:54 . 2015-12-10 11:52 36864 ----a-w- c:\windows\system32\wups.dll
2015-11-20 18:54 . 2015-12-10 11:52 3170304 ----a-w- c:\windows\system32\wucltux.dll
2015-11-20 18:54 . 2015-12-10 11:52 2609152 ----a-w- c:\windows\system32\wuaueng.dll
2015-11-20 18:54 . 2015-12-10 11:52 192512 ----a-w- c:\windows\system32\wuwebv.dll
2015-11-20 18:54 . 2015-12-10 11:52 709632 ----a-w- c:\windows\system32\wuapi.dll
2015-11-20 18:54 . 2015-12-10 11:52 91136 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-11-20 18:54 . 2015-12-10 11:52 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-11-20 18:54 . 2015-12-10 11:52 37888 ----a-w- c:\windows\system32\wuapp.exe
2015-11-20 18:54 . 2015-12-10 11:52 140288 ----a-w- c:\windows\system32\wuauclt.exe
2015-11-20 18:34 . 2015-12-10 11:52 93696 ----a-w- c:\windows\SysWow64\wudriver.dll
2015-11-20 18:34 . 2015-12-10 11:52 30208 ----a-w- c:\windows\SysWow64\wups.dll
2015-11-20 18:34 . 2015-12-10 11:52 174080 ----a-w- c:\windows\SysWow64\wuwebv.dll
2015-11-20 18:34 . 2015-12-10 11:52 573440 ----a-w- c:\windows\SysWow64\wuapi.dll
2015-11-20 18:33 . 2015-12-10 11:52 35328 ----a-w- c:\windows\SysWow64\wuapp.exe
2015-11-11 18:53 . 2015-12-10 11:52 1735680 ----a-w- c:\windows\system32\comsvcs.dll
2015-11-11 18:53 . 2015-12-10 11:52 525312 ----a-w- c:\windows\system32\catsrvut.dll
2015-11-11 18:39 . 2015-12-10 11:52 1242624 ----a-w- c:\windows\SysWow64\comsvcs.dll
2015-11-11 18:39 . 2015-12-10 11:52 487936 ----a-w- c:\windows\SysWow64\catsrvut.dll
2015-11-10 18:55 . 2015-12-10 11:52 1648128 ----a-w- c:\windows\system32\DWrite.dll
2015-11-10 18:55 . 2015-12-10 11:52 1180160 ----a-w- c:\windows\system32\FntCache.dll
2015-11-10 18:55 . 2015-12-10 11:52 1008640 ----a-w- c:\windows\system32\user32.dll
2015-11-10 18:39 . 2015-12-10 11:52 1251328 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-11-10 18:37 . 2015-12-10 11:52 833024 ----a-w- c:\windows\SysWow64\user32.dll
2015-11-05 19:05 . 2015-12-10 11:52 17408 ----a-w- c:\windows\system32\wshrm.dll
2015-11-05 19:02 . 2015-12-10 11:52 14848 ----a-w- c:\windows\SysWow64\wshrm.dll
2015-11-05 09:53 . 2015-12-10 11:52 146944 ----a-w- c:\windows\system32\drivers\rmcast.sys
2015-11-03 19:04 . 2015-12-10 11:52 802304 ----a-w- c:\windows\system32\usp10.dll
2015-11-03 19:04 . 2015-12-10 11:51 241664 ----a-w- c:\windows\system32\els.dll
2015-11-03 18:56 . 2015-12-10 11:52 627712 ----a-w- c:\windows\SysWow64\usp10.dll
2015-11-03 18:55 . 2015-12-10 11:51 179712 ----a-w- c:\windows\SysWow64\els.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2016-01-16 18:32 329376 ----a-w- c:\users\*****\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2016-01-16 18:32 329376 ----a-w- c:\users\*****\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2016-01-16 18:32 329376 ----a-w- c:\users\*****\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2016-01-16 18:32 329376 ----a-w- c:\users\*****\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2016-01-16 18:32 329376 ----a-w- c:\users\*****\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-01-16 18:05 1527000 ----a-w- c:\program files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-01-16 18:05 1527000 ----a-w- c:\program files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-01-16 18:05 1527000 ----a-w- c:\program files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 03:40 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2014-11-19 1092448]
"Lync"="c:\program files (x86)\Microsoft Office\root\office16\lync.exe" [2016-01-16 22496448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
.
c:\users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
An OneNote senden.lnk - c:\program files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE /tsr [2016-1-16 168640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 EvoMouseDriverFilterHidUsb;Evoluent Mouse Driver Filter;c:\windows\system32\DRIVERS\EvoMouseDriverFilterHidUsb.sys;c:\windows\SYSNATIVE\DRIVERS\EvoMouseDriverFilterHidUsb.sys [x]
R3 EvoMouseDriverMini;EvoMouseDriverMini;c:\windows\system32\drivers\EvoMouseDriverMini.sys;c:\windows\SYSNATIVE\drivers\EvoMouseDriverMini.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 klflt;klflt;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 ClickToRunSvc;Microsoft Office-Klick-und-Los-Dienst;c:\program files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe;c:\program files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 SjtWinIo;SJT I/O Driver;c:\windows\system32\DRIVERS\SjtWinIo.sys;c:\windows\SYSNATIVE\DRIVERS\SjtWinIo.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2016-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-19 14:50]
.
2016-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-19 14:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2016-01-16 18:32 358064 ----a-w- c:\users\*****\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2016-01-16 18:32 358064 ----a-w- c:\users\*****\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2016-01-16 18:32 358064 ----a-w- c:\users\*****\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2016-01-16 18:32 358064 ----a-w- c:\users\*****\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2016-01-16 18:32 358064 ----a-w- c:\users\*****\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-01-16 18:05 2084056 ----a-w- c:\program files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-01-16 18:05 2084056 ----a-w- c:\program files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-01-16 18:05 2084056 ----a-w- c:\program files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 03:42 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
"PLFSetI"="c:\windows\PLFSetI.exe" [2011-03-16 206208]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-01-05 860040]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-25 652624]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-06 2114376]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-01-20 615584]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-01-20 379552]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2013-07-31 3091224]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\program files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.178.1
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - c:\program files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - c:\program files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - c:\program files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - c:\program files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
FF - ProfilePath - c:\users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\xhezemyj.default-1432648771564\
FF - prefs.js: browser.startup.homepage - hxxp://www.spiegel.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-TVgenial - c:\program files (x86)\TVgenial5\TVgenial.exe
Wow6432Node-HKLM-Run-APSDaemon - c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-webGAMET - c:\windows\system32\javaws.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2016-01-22 18:23:45
ComboFix-quarantined-files.txt 2016-01-22 17:23
.
Vor Suchlauf: 19 Verzeichnis(se), 163.086.917.632 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 164.979.400.704 Bytes frei
.
- - End Of File - - A1AE4C7BD508A9154B4C440FF4E66673
|
|
22.01.2016, 22:05
| #4 |
| /// TB-Ausbilder /// Anleitungs-Guru | Betrug durch Internetkäufe: Schädling trotz Kaspersky vorhanden? Sollte der Rechner verseucht sein, dann bringt eine Passwortänderung nichts.  Schritt 1 Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Gruß deeprybka  Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
23.01.2016, 11:24
| #5 |
| | Betrug durch Internetkäufe: Schädling trotz Kaspersky vorhanden? Hallo Jürgen, hast Du bereits einen Hinweis auf Malware? Oder ist diese Prozedur Standard? Anbei der Code: Es wurde ein Rootkit gefunden. Ich habe "Skip" gedrückt. Code:
ATTFilter 11:17:35.0731 0x1c08 TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
11:17:39.0321 0x1c08 ============================================================
11:17:39.0321 0x1c08 Current date / time: 2016/01/23 11:17:39.0321
11:17:39.0321 0x1c08 SystemInfo:
11:17:39.0321 0x1c08
11:17:39.0321 0x1c08 OS Version: 6.1.7601 ServicePack: 1.0
11:17:39.0321 0x1c08 Product type: Workstation
11:17:39.0321 0x1c08 ComputerName: AIRCAN
11:17:39.0321 0x1c08 UserName: Deniz Ercan
11:17:39.0321 0x1c08 Windows directory: C:\Windows
11:17:39.0321 0x1c08 System windows directory: C:\Windows
11:17:39.0321 0x1c08 Running under WOW64
11:17:39.0321 0x1c08 Processor architecture: Intel x64
11:17:39.0321 0x1c08 Number of processors: 4
11:17:39.0322 0x1c08 Page size: 0x1000
11:17:39.0322 0x1c08 Boot type: Normal boot
11:17:39.0322 0x1c08 ============================================================
11:17:49.0528 0x1c08 KLMD registered as C:\Windows\system32\drivers\24199466.sys
11:17:51.0520 0x1c08 System UUID: {29DE6AAE-73F8-DE60-DD58-0EB0DE7091E0}
11:17:52.0893 0x1c08 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:17:52.0930 0x1c08 ============================================================
11:17:52.0930 0x1c08 \Device\Harddisk0\DR0:
11:17:52.0931 0x1c08 MBR partitions:
11:17:52.0931 0x1c08 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1C00800, BlocksNum 0x32000
11:17:52.0931 0x1c08 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1C32800, BlocksNum 0x200B2800
11:17:52.0955 0x1c08 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x21CE6000, BlocksNum 0x1869F800
11:17:52.0955 0x1c08 ============================================================
11:17:52.0995 0x1c08 C: <-> \Device\Harddisk0\DR0\Partition2
11:17:53.0042 0x1c08 D: <-> \Device\Harddisk0\DR0\Partition3
11:17:53.0042 0x1c08 ============================================================
11:17:53.0042 0x1c08 Initialize success
11:17:53.0042 0x1c08 ============================================================
11:18:21.0827 0x1b6c ============================================================
11:18:21.0827 0x1b6c Scan started
11:18:21.0827 0x1b6c Mode: Manual; SigCheck; TDLFS;
11:18:21.0827 0x1b6c ============================================================
11:18:21.0827 0x1b6c KSN ping started
11:18:35.0207 0x1b6c KSN ping finished: true
11:18:37.0397 0x1b6c ================ Scan system memory ========================
11:18:37.0397 0x1b6c System memory - ok
11:18:37.0398 0x1b6c ================ Scan services =============================
11:18:37.0606 0x1b6c [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
11:18:37.0745 0x1b6c 1394ohci - ok
11:18:37.0791 0x1b6c [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
11:18:37.0818 0x1b6c ACPI - ok
11:18:37.0886 0x1b6c [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
11:18:37.0992 0x1b6c AcpiPmi - ok
11:18:38.0065 0x1b6c [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
11:18:38.0105 0x1b6c adp94xx - ok
11:18:38.0153 0x1b6c [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
11:18:38.0172 0x1b6c adpahci - ok
11:18:38.0209 0x1b6c [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
11:18:38.0224 0x1b6c adpu320 - ok
11:18:38.0253 0x1b6c [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:18:38.0367 0x1b6c AeLookupSvc - ok
11:18:38.0431 0x1b6c [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD C:\Windows\system32\drivers\afd.sys
11:18:38.0514 0x1b6c AFD - ok
11:18:38.0574 0x1b6c [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
11:18:38.0598 0x1b6c agp440 - ok
11:18:38.0629 0x1b6c [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
11:18:38.0703 0x1b6c ALG - ok
11:18:38.0757 0x1b6c [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
11:18:38.0773 0x1b6c aliide - ok
11:18:38.0779 0x1b6c [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
11:18:38.0795 0x1b6c amdide - ok
11:18:38.0817 0x1b6c [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
11:18:38.0873 0x1b6c AmdK8 - ok
11:18:38.0898 0x1b6c [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
11:18:38.0920 0x1b6c AmdPPM - ok
11:18:38.0965 0x1b6c [ 6EC6D772EAE38DC17C14AED9B178D24B, B4FB936B31B1265B8CC6B426C64965C34D0CCF1638E645ACD65E88F4AFFC57A6 ] amdsata C:\Windows\system32\drivers\amdsata.sys
11:18:38.0978 0x1b6c amdsata - ok
11:18:39.0040 0x1b6c [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
11:18:39.0068 0x1b6c amdsbs - ok
11:18:39.0080 0x1b6c [ 1142A21DB581A84EA5597B03A26EBAA0, F94EB140D0CD068760D7EB081FF75154C75DAC75E5E24B6DE4E4F9CE65A70343 ] amdxata C:\Windows\system32\drivers\amdxata.sys
11:18:39.0092 0x1b6c amdxata - ok
11:18:39.0158 0x1b6c [ 27DABFB4A6B0140C34DBEC713469592B, A355170D353AFBF0DE4EF53282F8404788FBBD0E2A1B7282B1B2925923E83141 ] AppID C:\Windows\system32\drivers\appid.sys
11:18:39.0198 0x1b6c AppID - ok
11:18:39.0209 0x1b6c [ ABC373B9C6275D45F17DB559408FFD1B, 12B355393BEBE2D1D24D7A9DA5E69E03E334899407503BC1CADCF7BE39828223 ] AppIDSvc C:\Windows\System32\appidsvc.dll
11:18:39.0250 0x1b6c AppIDSvc - ok
11:18:39.0313 0x1b6c [ 978DC0A1FBE9CC91B21B40AF66CB396A, 90BAFF81D98F5AFD743D8BD65F716666A7A7BD2DA612492E03C79B29E9A0F8C2 ] Appinfo C:\Windows\System32\appinfo.dll
11:18:39.0389 0x1b6c Appinfo - ok
11:18:39.0450 0x1b6c [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
11:18:39.0472 0x1b6c arc - ok
11:18:39.0483 0x1b6c [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
11:18:39.0496 0x1b6c arcsas - ok
11:18:39.0516 0x1b6c [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:18:39.0563 0x1b6c AsyncMac - ok
11:18:39.0621 0x1b6c [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
11:18:39.0642 0x1b6c atapi - ok
11:18:39.0698 0x1b6c [ CBE61B4494165F458BD87E37181EE934, E95654DCC0F977A3604B6BE435BEE109AC8F9F7494FD3A132F5FB477BBF7B105 ] AthBTPort C:\Windows\system32\DRIVERS\btath_flt.sys
11:18:39.0804 0x1b6c AthBTPort - ok
11:18:40.0054 0x1b6c [ FBBE79D7445AA4494E069A0B91F9417B, 5C5EB5C27324129702D040FE9C63D2D67853E12A6E19164A805A9EE0DC4C5463 ] AtherosSvc C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
11:18:40.0068 0x1b6c AtherosSvc - detected UnsignedFile.Multi.Generic ( 1 )
11:18:42.0473 0x1b6c Detect skipped due to KSN trusted
11:18:42.0473 0x1b6c AtherosSvc - ok
11:18:42.0586 0x1b6c [ E642491F64E58CD5BC8FB8B347DCF65F, D457175EF3A0552CEA3DA78E7116D54BC2BF157857A8B764597B51FB4E29C033 ] athr C:\Windows\system32\DRIVERS\athrx.sys
11:18:42.0685 0x1b6c athr - ok
11:18:42.0764 0x1b6c [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:18:42.0839 0x1b6c AudioEndpointBuilder - ok
11:18:42.0857 0x1b6c [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv C:\Windows\System32\Audiosrv.dll
11:18:42.0882 0x1b6c AudioSrv - ok
11:18:42.0990 0x1b6c [ 0D2F8F4055903A762AD46204E5A42E86, D3270039E4F066C69D844060388D3F895137C37C0FBE4C106BE1C71AE9DBC17A ] AVP C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
11:18:43.0024 0x1b6c AVP - ok
11:18:43.0100 0x1b6c [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
11:18:43.0218 0x1b6c AxInstSV - ok
11:18:43.0276 0x1b6c [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
11:18:43.0357 0x1b6c b06bdrv - ok
11:18:43.0420 0x1b6c [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
11:18:43.0463 0x1b6c b57nd60a - ok
11:18:43.0496 0x1b6c [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
11:18:43.0561 0x1b6c BDESVC - ok
11:18:43.0577 0x1b6c [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
11:18:43.0660 0x1b6c Beep - ok
11:18:43.0755 0x1b6c [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
11:18:43.0860 0x1b6c BFE - ok
11:18:43.0951 0x1b6c [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\system32\qmgr.dll
11:18:44.0082 0x1b6c BITS - ok
11:18:44.0132 0x1b6c [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
11:18:44.0194 0x1b6c blbdrive - ok
11:18:44.0227 0x1b6c [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:18:44.0266 0x1b6c bowser - ok
11:18:44.0285 0x1b6c [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:18:44.0370 0x1b6c BrFiltLo - ok
11:18:44.0412 0x1b6c [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:18:44.0447 0x1b6c BrFiltUp - ok
11:18:44.0487 0x1b6c [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
11:18:44.0553 0x1b6c BridgeMP - ok
11:18:44.0604 0x1b6c [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
11:18:44.0693 0x1b6c Browser - ok
11:18:44.0733 0x1b6c [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
11:18:44.0782 0x1b6c Brserid - ok
11:18:44.0799 0x1b6c [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
11:18:44.0831 0x1b6c BrSerWdm - ok
11:18:44.0850 0x1b6c [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
11:18:44.0889 0x1b6c BrUsbMdm - ok
11:18:44.0909 0x1b6c [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
11:18:44.0943 0x1b6c BrUsbSer - ok
11:18:45.0000 0x1b6c [ 227C8F308DE4AF4808E587465CEAB838, 7CF9FB82C979551E82F06F9D4003704E786CF2EAB4BE0836CB0BE9E735C48942 ] BTATH_A2DP C:\Windows\system32\drivers\btath_a2dp.sys
11:18:45.0034 0x1b6c BTATH_A2DP - ok
11:18:45.0099 0x1b6c [ A83A91D07D1FE6BBE7A9DB46CA00434B, 9EF851047189E13954C0F6A325E4843914C423C0D1EDAE21A34AB3A962BBD5AC ] BTATH_BUS C:\Windows\system32\DRIVERS\btath_bus.sys
11:18:45.0140 0x1b6c BTATH_BUS - ok
11:18:45.0182 0x1b6c [ C864FF85EE16D61C2BDD5EF76824625F, 6D2FE57688D9E8B4277BF6DA9C219DEB367274364FBE17EFC353CEDB2D7EA35D ] BTATH_HCRP C:\Windows\system32\DRIVERS\btath_hcrp.sys
11:18:45.0220 0x1b6c BTATH_HCRP - ok
11:18:45.0279 0x1b6c [ 0DEA505EFB5D771826D177EF8B8A208F, FD8027DA791F04077490749AC5A08F73CCBA1731462579AA9008CD8DD82FBBBC ] BTATH_LWFLT C:\Windows\system32\DRIVERS\btath_lwflt.sys
11:18:45.0344 0x1b6c BTATH_LWFLT - ok
11:18:45.0406 0x1b6c [ 724C8088C96EFE7A3E63FEC21D4681C0, 4F9B258BE0FEA634A0D93B3892F2F039A7CAD184C9A81DFC2B67B0D4B39C5035 ] BTATH_RCP C:\Windows\system32\DRIVERS\btath_rcp.sys
11:18:45.0470 0x1b6c BTATH_RCP - ok
11:18:45.0535 0x1b6c [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
11:18:45.0587 0x1b6c BthEnum - ok
11:18:45.0626 0x1b6c [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
11:18:45.0659 0x1b6c BTHMODEM - ok
11:18:45.0707 0x1b6c [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
11:18:45.0756 0x1b6c BthPan - ok
11:18:45.0845 0x1b6c [ 64C198198501F7560EE41D8D1EFA7952, 53CE5FDD1866FC8A0B91C7A620F7555D197488C4C8F3DEFD4398D8E3ED2AEBD0 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
11:18:45.0903 0x1b6c BTHPORT - ok
11:18:45.0944 0x1b6c [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
11:18:45.0994 0x1b6c bthserv - ok
11:18:46.0027 0x1b6c [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
11:18:46.0069 0x1b6c BTHUSB - ok
11:18:46.0101 0x1b6c catchme - ok
11:18:46.0147 0x1b6c [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:18:46.0216 0x1b6c cdfs - ok
11:18:46.0285 0x1b6c [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
11:18:46.0323 0x1b6c cdrom - ok
11:18:46.0368 0x1b6c [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
11:18:46.0444 0x1b6c CertPropSvc - ok
11:18:46.0480 0x1b6c [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
11:18:46.0504 0x1b6c circlass - ok
11:18:46.0568 0x1b6c [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS C:\Windows\system32\CLFS.sys
11:18:46.0589 0x1b6c CLFS - ok
11:18:46.0804 0x1b6c [ 80E9ED159D9CFC9EA59A6FA0DE7843AE, EECA5709B45057BE00F10E32A75E21F87D2DDDF4E043C468CD1920F6EC47329D ] ClickToRunSvc C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
11:18:46.0915 0x1b6c ClickToRunSvc - ok
11:18:46.0976 0x1b6c [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:18:46.0997 0x1b6c clr_optimization_v2.0.50727_32 - ok
11:18:47.0042 0x1b6c [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:18:47.0054 0x1b6c clr_optimization_v2.0.50727_64 - ok
11:18:47.0169 0x1b6c [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:18:47.0183 0x1b6c clr_optimization_v4.0.30319_32 - ok
11:18:47.0215 0x1b6c [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:18:47.0227 0x1b6c clr_optimization_v4.0.30319_64 - ok
11:18:47.0258 0x1b6c [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
11:18:47.0285 0x1b6c CmBatt - ok
11:18:47.0311 0x1b6c [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
11:18:47.0325 0x1b6c cmdide - ok
11:18:47.0413 0x1b6c [ EC0511BB85BAA42A9734011685A6732C, 10B52F0860CCB3AA0FC34DDA5C5538BFCF7B6D40738B7756297237FD2D9E01C1 ] CNG C:\Windows\system32\Drivers\cng.sys
11:18:47.0448 0x1b6c CNG - ok
11:18:47.0471 0x1b6c [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
11:18:47.0485 0x1b6c Compbatt - ok
11:18:47.0547 0x1b6c [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
11:18:47.0590 0x1b6c CompositeBus - ok
11:18:47.0599 0x1b6c COMSysApp - ok
11:18:47.0615 0x1b6c [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
11:18:47.0627 0x1b6c crcdisk - ok
11:18:47.0678 0x1b6c [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:18:47.0751 0x1b6c CryptSvc - ok
11:18:47.0887 0x1b6c [ 61A86809B62769643892BC0812B204AA, 92FAC8176BE88D63C1DB1FF127F1BACD7D735A36DA42ABDE448D34B8D66F2BB9 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
11:18:47.0913 0x1b6c cvhsvc - ok
11:18:48.0010 0x1b6c [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
11:18:48.0081 0x1b6c DcomLaunch - ok
11:18:48.0138 0x1b6c [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
11:18:48.0229 0x1b6c defragsvc - ok
11:18:48.0262 0x1b6c [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:18:48.0309 0x1b6c DfsC - ok
11:18:48.0368 0x1b6c [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
11:18:48.0425 0x1b6c Dhcp - ok
11:18:48.0454 0x1b6c [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
11:18:48.0510 0x1b6c discache - ok
11:18:48.0544 0x1b6c [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys
11:18:48.0559 0x1b6c Disk - ok
11:18:48.0613 0x1b6c [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:18:48.0685 0x1b6c Dnscache - ok
11:18:48.0731 0x1b6c [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
11:18:48.0794 0x1b6c dot3svc - ok
11:18:48.0851 0x1b6c [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
11:18:48.0929 0x1b6c DPS - ok
11:18:48.0992 0x1b6c [ 26FE888505E5A945B0536AF9A2A27A6F, A6B16ED498BAFE300E1F0E0A241E3D62F7A1C5973EE775904ED14F33A2BC08A6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:18:49.0044 0x1b6c drmkaud - ok
11:18:49.0128 0x1b6c [ 9CF46FDF163E06B83D03FF929EF2296C, 40BB0226361DEC2E6CBFE79CA092083986BD3D94564ED5F3E54CA2EE9A756837 ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe
11:18:49.0150 0x1b6c DsiWMIService - ok
11:18:49.0236 0x1b6c [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:18:49.0271 0x1b6c DXGKrnl - ok
11:18:49.0304 0x1b6c [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
11:18:49.0357 0x1b6c EapHost - ok
11:18:49.0489 0x1b6c [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
11:18:49.0658 0x1b6c ebdrv - ok
11:18:49.0696 0x1b6c [ CB0E57424A776C51EF42469064ADBF08, 2E4EFE070560F4CCE6AF6D142C559EEF3672631C846E612968D57BE7F71C1C4F ] EFS C:\Windows\System32\lsass.exe
11:18:49.0725 0x1b6c EFS - ok
11:18:49.0811 0x1b6c [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:18:49.0879 0x1b6c ehRecvr - ok
11:18:49.0910 0x1b6c [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
11:18:49.0971 0x1b6c ehSched - ok
11:18:50.0030 0x1b6c [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
11:18:50.0057 0x1b6c elxstor - ok
11:18:50.0143 0x1b6c [ 2AEE0416C54A1A86D035366DE192B2F0, DBDCAFB139ACD9FBD61000371D0AE41783CC9B2F821A8345F3F061E61692CD44 ] ePowerSvc C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
11:18:50.0172 0x1b6c ePowerSvc - ok
11:18:50.0216 0x1b6c [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
11:18:50.0238 0x1b6c ErrDev - ok
11:18:50.0282 0x1b6c [ 0975BF32399A24117E317B5BF1D5D0AA, 850217D920BB6E524C08C11A9806B8B148E9CF6CEBED9481BF7C9F07BCA918D5 ] ETD C:\Windows\system32\DRIVERS\ETD.sys
11:18:50.0295 0x1b6c ETD - ok
11:18:50.0338 0x1b6c [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
11:18:50.0398 0x1b6c EventSystem - ok
11:18:50.0456 0x1b6c [ 618B2BC3E72A2FBDF2FA4A7350DE3695, DF18CD5788FFDD08E5F746E5498E1D70799349187B774962BD220EC8C4ECD69A ] EvoMouseDriverFilterHidUsb C:\Windows\system32\DRIVERS\EvoMouseDriverFilterHidUsb.sys
11:18:50.0465 0x1b6c EvoMouseDriverFilterHidUsb - ok
11:18:50.0508 0x1b6c [ EC0FE22EB2F3B32E046E01496B88D523, 557EE9466BAB79DA1B9BFA6DC0C72AECE0FB77C74E31299C8860C547FBFE3668 ] EvoMouseDriverMini C:\Windows\system32\drivers\EvoMouseDriverMini.sys
11:18:50.0516 0x1b6c EvoMouseDriverMini - ok
11:18:50.0556 0x1b6c [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
11:18:50.0613 0x1b6c exfat - ok
11:18:50.0651 0x1b6c [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:18:50.0694 0x1b6c fastfat - ok
11:18:50.0755 0x1b6c [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
11:18:50.0810 0x1b6c Fax - ok
11:18:50.0824 0x1b6c [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
11:18:50.0836 0x1b6c fdc - ok
11:18:50.0877 0x1b6c [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
11:18:50.0951 0x1b6c fdPHost - ok
11:18:50.0972 0x1b6c [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
11:18:51.0016 0x1b6c FDResPub - ok
11:18:51.0049 0x1b6c [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:18:51.0061 0x1b6c FileInfo - ok
11:18:51.0076 0x1b6c [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:18:51.0123 0x1b6c Filetrace - ok
11:18:51.0186 0x1b6c [ BB0667B0171B632B97EA759515476F07, 07A123B2182D5813D2898928C231638353CF086606E9D5A5AF4A2A73E17CEC27 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
11:18:51.0211 0x1b6c FLEXnet Licensing Service - ok
11:18:51.0228 0x1b6c [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
11:18:51.0250 0x1b6c flpydisk - ok
11:18:51.0287 0x1b6c [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:18:51.0305 0x1b6c FltMgr - ok
11:18:51.0401 0x1b6c [ BCB16AE33AA58E0042F3EF34CFB6396A, E8ADA10DE60A94E4BABE9FCA6D0AA83B11520C092D49057E17F6C6059D35A323 ] FontCache C:\Windows\system32\FntCache.dll
11:18:51.0486 0x1b6c FontCache - ok
11:18:51.0548 0x1b6c [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:18:51.0557 0x1b6c FontCache3.0.0.0 - ok
11:18:51.0610 0x1b6c [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
11:18:51.0637 0x1b6c FsDepends - ok
11:18:51.0678 0x1b6c [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:18:51.0699 0x1b6c Fs_Rec - ok
11:18:51.0778 0x1b6c [ 1F7B25B858FA27015169FE95E54108ED, 72DD12E924AA7273B3E4BDD2A2C581DECE304C8EF3D44EA79ABB032F3F95DCE5 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
11:18:51.0797 0x1b6c fvevol - ok
11:18:51.0828 0x1b6c [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
11:18:51.0840 0x1b6c gagp30kx - ok
11:18:51.0908 0x1b6c [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
11:18:52.0027 0x1b6c gpsvc - ok
11:18:52.0091 0x1b6c [ 0191DEE9B9EB7902AF2CF4F67301095D, 9E2E263E84167E1AD3FFCEA84066AF07CD6A653F5D8266A619E4973BC4B25460 ] GREGService C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
11:18:52.0099 0x1b6c GREGService - ok
11:18:52.0181 0x1b6c [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:18:52.0205 0x1b6c gupdate - ok
11:18:52.0237 0x1b6c [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:18:52.0250 0x1b6c gupdatem - ok
11:18:52.0271 0x1b6c [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
11:18:52.0308 0x1b6c hcw85cir - ok
11:18:52.0384 0x1b6c [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:18:52.0429 0x1b6c HdAudAddService - ok
11:18:52.0473 0x1b6c [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
11:18:52.0526 0x1b6c HDAudBus - ok
11:18:52.0565 0x1b6c [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
11:18:52.0576 0x1b6c HECIx64 - ok
11:18:52.0605 0x1b6c [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
11:18:52.0626 0x1b6c HidBatt - ok
11:18:52.0644 0x1b6c [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
11:18:52.0674 0x1b6c HidBth - ok
11:18:52.0678 0x1b6c [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
11:18:52.0699 0x1b6c HidIr - ok
11:18:52.0738 0x1b6c [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\System32\hidserv.dll
11:18:52.0782 0x1b6c hidserv - ok
11:18:52.0848 0x1b6c [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
11:18:52.0901 0x1b6c HidUsb - ok
11:18:52.0942 0x1b6c [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
11:18:53.0027 0x1b6c hkmsvc - ok
11:18:53.0079 0x1b6c [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:18:53.0128 0x1b6c HomeGroupListener - ok
11:18:53.0167 0x1b6c [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:18:53.0194 0x1b6c HomeGroupProvider - ok
11:18:53.0216 0x1b6c [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
11:18:53.0229 0x1b6c HpSAMD - ok
11:18:53.0287 0x1b6c [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP C:\Windows\system32\drivers\HTTP.sys
11:18:53.0346 0x1b6c HTTP - ok
11:18:53.0382 0x1b6c [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
11:18:53.0395 0x1b6c hwpolicy - ok
11:18:53.0456 0x1b6c [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
11:18:53.0475 0x1b6c i8042prt - ok
11:18:53.0525 0x1b6c [ 1384872112E8E7FD5786ECEB8BDDF4C9, DC7844691740805A94F2901F8CB56F1591AF4F0F9C6D92D6B8595F89E6FA5F02 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
11:18:53.0546 0x1b6c iaStor - ok
11:18:53.0625 0x1b6c [ 6B24D1C3096DE796D15571079EA5E98C, 89566A7BDEDA7A663110F72B6301998651937E1E3E541EAB054169CEC8C7353F ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
11:18:53.0635 0x1b6c IAStorDataMgrSvc - ok
11:18:53.0708 0x1b6c [ 3DF4395A7CF8B7A72A5F4606366B8C2D, 483588B8FC6E05488ED631C4E1CFC398553FEBFA2CD2BB527B4DF12D19774F80 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
11:18:53.0736 0x1b6c iaStorV - ok
11:18:53.0844 0x1b6c [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:18:53.0885 0x1b6c idsvc - ok
11:18:53.0918 0x1b6c IEEtwCollectorService - ok
11:18:54.0294 0x1b6c [ 677AA5991026A65ADA128C4B59CF2BAD, 013F9D7362960EEE1DB70EE8B90A896EACA0B752924717FD019A6DD3BFF50C00 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
11:18:54.0809 0x1b6c igfx - ok
11:18:54.0848 0x1b6c [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
11:18:54.0864 0x1b6c iirsp - ok
11:18:54.0958 0x1b6c [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
11:18:55.0010 0x1b6c IKEEXT - ok
11:18:55.0113 0x1b6c [ DD587A55390ED2295BCE6D36AD567DA9, AEB7DCB8EF89BEE8D9649A05FC482B1E4E3F44243D57A2577C862EB69166C48E ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
11:18:55.0144 0x1b6c Impcd - ok
11:18:55.0259 0x1b6c [ 235362D403D9D677514649D88DB31914, 522F5BA88169ADEC1EEB595BFBBCD6417DF38CD93A0D2B2FD0AF4C907FF6D965 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
11:18:55.0373 0x1b6c IntcAzAudAddService - ok
11:18:55.0426 0x1b6c [ 03C74719D48056A1078F3A51CEB76BAA, 34BCC73EE4D65E1F282208C243C54BBD8458DB50FA893DE3306E1A1E73D05B1A ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
11:18:55.0463 0x1b6c IntcDAud - ok
11:18:55.0483 0x1b6c [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
11:18:55.0495 0x1b6c intelide - ok
11:18:55.0531 0x1b6c [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
11:18:55.0550 0x1b6c intelppm - ok
11:18:55.0609 0x1b6c [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
11:18:55.0655 0x1b6c IPBusEnum - ok
11:18:55.0706 0x1b6c [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:18:55.0748 0x1b6c IpFilterDriver - ok
11:18:55.0783 0x1b6c [ A34A587FFFD45FA649FBA6D03784D257, C9A2BCD4E2A5EB6E320092A3AFD5737ECDCDA0B83EE42314A23C4978F2974767 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
11:18:55.0830 0x1b6c iphlpsvc - ok
11:18:55.0876 0x1b6c [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
11:18:55.0898 0x1b6c IPMIDRV - ok
11:18:55.0936 0x1b6c [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
11:18:55.0977 0x1b6c IPNAT - ok
11:18:56.0007 0x1b6c [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
11:18:56.0090 0x1b6c IRENUM - ok
11:18:56.0104 0x1b6c [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
11:18:56.0115 0x1b6c isapnp - ok
11:18:56.0149 0x1b6c [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
11:18:56.0170 0x1b6c iScsiPrt - ok
11:18:56.0246 0x1b6c [ 37E053A2CF8F0082B689ED74106E0CEC, 431D3A3212152A76878C9CA347056B62B2A5A3E0211C4D930639C426EE73A0B7 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
11:18:56.0267 0x1b6c k57nd60a - ok
11:18:56.0299 0x1b6c [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
11:18:56.0314 0x1b6c kbdclass - ok
11:18:56.0354 0x1b6c [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
11:18:56.0369 0x1b6c kbdhid - ok
11:18:56.0386 0x1b6c [ CB0E57424A776C51EF42469064ADBF08, 2E4EFE070560F4CCE6AF6D142C559EEF3672631C846E612968D57BE7F71C1C4F ] KeyIso C:\Windows\system32\lsass.exe
11:18:56.0401 0x1b6c KeyIso - ok
11:18:56.0458 0x1b6c [ 795EC29BA21F1D948FD6FD740C00B599, 780900717A812C5DB78C67057010BD62DF2C756C087599A6F8C67CB4EFA7518C ] KL1 C:\Windows\system32\DRIVERS\kl1.sys
11:18:56.0477 0x1b6c KL1 - ok
11:18:56.0538 0x1b6c [ D0C3AEF67932D2A80736FBCB956C017D, 166C2FD5F1B6FFE7A71CD821DFDD02B68D25CBF0D44BD6F2522C65CF1DEB363C ] klflt C:\Windows\system32\DRIVERS\klflt.sys
11:18:56.0549 0x1b6c klflt - ok
11:18:56.0632 0x1b6c [ 41DF293A7F0418F5DDED9F0297DC68F3, 25DE4BB7F2D915FCF576ABD46EEDC5574B694A2D1E5CB7AB565792C7BB57C76B ] KLIF C:\Windows\system32\DRIVERS\klif.sys
11:18:56.0656 0x1b6c KLIF - ok
11:18:56.0695 0x1b6c [ 31B69BFF28348503E4BD10C2A4F66D05, 891318C2DDF85E43DFCEE73717AEFCE79BC3DCD83FCD58E6F794AB6BF1739688 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
11:18:56.0704 0x1b6c KLIM6 - ok
11:18:56.0733 0x1b6c [ 8DA5BC75C3E8A995335642F26CAEA54B, 3995AAB499A37077AA4FB372E75CD9259BA3EA7020B961CF482AC948D2D47AB4 ] klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys
11:18:56.0744 0x1b6c klkbdflt - ok
11:18:56.0763 0x1b6c [ 72CF64FBF38CD681FA7F37176047E967, BE5683C119DCEF7E678EE477D6CADF873E32D42372A253B7E86B8C335DF28E1C ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
11:18:56.0776 0x1b6c klmouflt - ok
11:18:56.0819 0x1b6c [ 8C0EC95AD65A0DE3D6C040591D02BF02, 272FB83752B73684FA7BDBE256FAFD56138E4755AAEFED9E7EF8F0E3D0ACFAF2 ] klpd C:\Windows\system32\DRIVERS\klpd.sys
11:18:56.0828 0x1b6c klpd - ok
11:18:56.0846 0x1b6c [ 4828B3D2BC89B05E07101C6E60CE0A6A, C2D40EA03A526286AEDF27DE80CB0576EB59EB7581C9E9ECFCB867349593D7CE ] kltdi C:\Windows\system32\DRIVERS\kltdi.sys
11:18:56.0857 0x1b6c kltdi - ok
11:18:56.0868 0x1b6c [ 91BC1C5B00275A4D7FD669EFF0DDEB2A, B745518E1916441A49565478EA77C8DBC784E7B4D9DAD1EA1F648ED1727F413D ] kneps C:\Windows\system32\DRIVERS\kneps.sys
11:18:56.0880 0x1b6c kneps - ok
11:18:56.0923 0x1b6c [ 0F776895884B8DC430A307D57FD867BB, F9E8C8A04D757CEAD86938BEEFFAD9750589037E16FB1A2B0A90E4484E1A6B65 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
11:18:56.0946 0x1b6c KSecDD - ok
11:18:56.0970 0x1b6c [ 28E75F316CCCD79337E4957C53017D4B, 3BABDA50B4CE72F7F9A0FD7A33DDB19463A01F188D46354E0B411FC0389C01BE ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
11:18:56.0983 0x1b6c KSecPkg - ok
11:18:57.0013 0x1b6c [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
11:18:57.0065 0x1b6c ksthunk - ok
11:18:57.0091 0x1b6c [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
11:18:57.0153 0x1b6c KtmRm - ok
11:18:57.0239 0x1b6c [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\System32\srvsvc.dll
11:18:57.0325 0x1b6c LanmanServer - ok
11:18:57.0354 0x1b6c [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:18:57.0396 0x1b6c LanmanWorkstation - ok
11:18:57.0505 0x1b6c [ D186AAAE72691136BDE00BBB41F48D12, C64885A726C0642C92BC4993667696DFEC8D284C20872D58E49786EE280A01ED ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
11:18:57.0541 0x1b6c LBTServ - ok
11:18:57.0580 0x1b6c [ 015BABFCD2E911C505204257DAB5ADC5, 94239919E967ABA12394D445E2D126447B5B7FB042DB95B1CCB280AF02D93833 ] LEqdUsb C:\Windows\system32\DRIVERS\LEqdUsb.Sys
11:18:57.0590 0x1b6c LEqdUsb - ok
11:18:57.0648 0x1b6c [ 20A23B8863AAA8A23EEB9E2919F529FD, 5DD7C780346DA6A36AB55B38109167B3BE138713C5A7C913BFED2B61F34E8BA1 ] LHidEqd C:\Windows\system32\DRIVERS\LHidEqd.Sys
11:18:57.0655 0x1b6c LHidEqd - ok
11:18:57.0710 0x1b6c [ 77D5786C6A7765503884E38706C9FD5E, 827DC2069AA0997DB87E118AAAA53575D97A89147C1451464986F8D68A329D41 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
11:18:57.0719 0x1b6c LHidFilt - ok
11:18:57.0781 0x1b6c [ 6BCEE9C766815BFFF89DE7D81AF34CE1, E10B9EFAF5D1E6596CFC7E3C9D5C3904EC8E82B16133B59BBC636F5E4D0AEB7F ] Live Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
11:18:57.0794 0x1b6c Live Updater Service - ok
11:18:57.0852 0x1b6c [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
11:18:57.0913 0x1b6c lltdio - ok
11:18:57.0948 0x1b6c [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
11:18:58.0007 0x1b6c lltdsvc - ok
11:18:58.0026 0x1b6c [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
11:18:58.0093 0x1b6c lmhosts - ok
11:18:58.0129 0x1b6c [ F84023FB2E3DEA06103501974A2EDB44, 38144EB7DE7F0B33F9C3E637715834CD0860CCE11915C77065000949767D98DF ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
11:18:58.0139 0x1b6c LMouFilt - ok
11:18:58.0202 0x1b6c [ DBC1136A62BD4DECC3632DF650284C2E, 2D6344357D21A9062019C7DDF3DB440ABC724CDA925471BBFA8CCAC65E6A2C80 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
11:18:58.0216 0x1b6c LMS - ok
11:18:58.0237 0x1b6c [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
11:18:58.0250 0x1b6c LSI_FC - ok
11:18:58.0301 0x1b6c [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
11:18:58.0327 0x1b6c LSI_SAS - ok
11:18:58.0345 0x1b6c [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:18:58.0361 0x1b6c LSI_SAS2 - ok
11:18:58.0375 0x1b6c [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:18:58.0405 0x1b6c LSI_SCSI - ok
11:18:58.0438 0x1b6c [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
11:18:58.0497 0x1b6c luafv - ok
11:18:58.0552 0x1b6c [ 8A50D5304E6AE48664CF5838EC32F647, C76943FABEE1B5E1B641AA610668CCD4227E2C4B191DD30B79D3AB31A9E8B5BE ] MBAMSwissArmy C:\Windows\system32\drivers\MBAMSwissArmy.sys
11:18:58.0578 0x1b6c MBAMSwissArmy - ok
11:18:58.0617 0x1b6c [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
11:18:58.0648 0x1b6c Mcx2Svc - ok
11:18:58.0682 0x1b6c [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
11:18:58.0694 0x1b6c megasas - ok
11:18:58.0716 0x1b6c [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
11:18:58.0762 0x1b6c MegaSR - ok
11:18:58.0855 0x1b6c [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
11:18:58.0932 0x1b6c MMCSS - ok
11:18:58.0960 0x1b6c [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
11:18:59.0021 0x1b6c Modem - ok
11:18:59.0059 0x1b6c [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
11:18:59.0106 0x1b6c monitor - ok
11:18:59.0162 0x1b6c [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
11:18:59.0193 0x1b6c mouclass - ok
11:18:59.0237 0x1b6c [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
11:18:59.0263 0x1b6c mouhid - ok
11:18:59.0321 0x1b6c [ 67050452C0118BAF2883928E6FCCFE47, 335FC0AEB7B47DCC7CE0CF3F424EB60ACB1327D2FF6515F04D9AC03A10FF1E31 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
11:18:59.0333 0x1b6c mountmgr - ok
11:18:59.0403 0x1b6c [ 31A94358EF55B871B1B81ADE3ACEBFF9, 611E9502DC15733F37EEF8EA3D6DCD51434EACE3EBC204197E05A7B299FFC0D4 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:18:59.0431 0x1b6c MozillaMaintenance - ok
11:18:59.0452 0x1b6c [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
11:18:59.0466 0x1b6c mpio - ok
11:18:59.0488 0x1b6c [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
11:18:59.0523 0x1b6c mpsdrv - ok
11:18:59.0593 0x1b6c [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
11:18:59.0667 0x1b6c MpsSvc - ok
11:18:59.0718 0x1b6c [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
11:18:59.0752 0x1b6c MRxDAV - ok
11:18:59.0791 0x1b6c [ 32B85C4923D895B2FB35821A799BA38D, 7A7E5D08F745DB9B498B4BE946325FF7DAA7FA27589D9423FCA4558D20780026 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
11:18:59.0830 0x1b6c mrxsmb - ok
11:18:59.0856 0x1b6c [ A572BEF41F3C55D7DAF24D2340C91FEC, 1E51EEFEABCDCB664CD39437C2275B160860FB433EAA8DC905D5BC742FD03529 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:18:59.0891 0x1b6c mrxsmb10 - ok
11:18:59.0909 0x1b6c [ C49F1C4CA74FC52AFB2E892D8E50EA39, 9E7A2453627A82AFF4CE3F285AFF105C3F92F423C07E5C43E76BEC523841B8F7 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:18:59.0925 0x1b6c mrxsmb20 - ok
11:18:59.0965 0x1b6c [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
11:18:59.0977 0x1b6c msahci - ok
11:19:00.0010 0x1b6c [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
11:19:00.0024 0x1b6c msdsm - ok
11:19:00.0046 0x1b6c [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
11:19:00.0082 0x1b6c MSDTC - ok
11:19:00.0134 0x1b6c [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
11:19:00.0190 0x1b6c Msfs - ok
11:19:00.0210 0x1b6c [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
11:19:00.0264 0x1b6c mshidkmdf - ok
11:19:00.0290 0x1b6c [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
11:19:00.0300 0x1b6c msisadrv - ok
11:19:00.0331 0x1b6c [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
11:19:00.0396 0x1b6c MSiSCSI - ok
11:19:00.0404 0x1b6c msiserver - ok
11:19:00.0445 0x1b6c [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
11:19:00.0496 0x1b6c MSKSSRV - ok
11:19:00.0516 0x1b6c [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
11:19:00.0558 0x1b6c MSPCLOCK - ok
11:19:00.0606 0x1b6c [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
11:19:00.0654 0x1b6c MSPQM - ok
11:19:00.0702 0x1b6c [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
11:19:00.0729 0x1b6c MsRPC - ok
11:19:00.0772 0x1b6c [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
11:19:00.0783 0x1b6c mssmbios - ok
11:19:00.0809 0x1b6c [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
11:19:00.0876 0x1b6c MSTEE - ok
11:19:00.0894 0x1b6c [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
11:19:00.0921 0x1b6c MTConfig - ok
11:19:00.0945 0x1b6c [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
11:19:00.0956 0x1b6c Mup - ok
11:19:00.0981 0x1b6c [ 6FFECC25B39DC7652A0CEC0ADA9DB589, 927EF066CBBA8353149F8C3B7C4299AC06FED439DA874D25CFB583E5912611A2 ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
11:19:00.0991 0x1b6c mwlPSDFilter - ok
11:19:01.0001 0x1b6c [ 0BEFE32CA56D6EE89D58175725596A85, E36B9E6159AF7F67D549F7178896CCCB8FC3964531B1DA20CBDD465E632D8FCF ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
11:19:01.0010 0x1b6c mwlPSDNServ - ok
11:19:01.0020 0x1b6c [ D43BC633B8660463E446E28E14A51262, C55F235B5E08FAC6D70B0FAC737D714E318A93F8E43FF8095B86A76559AF211D ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
11:19:01.0032 0x1b6c mwlPSDVDisk - ok
11:19:01.0112 0x1b6c [ 3E5E20817259F7328C8F3BE5421F35B9, 9BF20E1CE75647BF5654AD603BD7D17E36CC0AD15EEAFF4FACE637D235C34190 ] MWLService C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
11:19:01.0128 0x1b6c MWLService - ok
11:19:01.0170 0x1b6c [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
11:19:01.0226 0x1b6c napagent - ok
11:19:01.0282 0x1b6c [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
11:19:01.0328 0x1b6c NativeWifiP - ok
11:19:01.0416 0x1b6c [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS C:\Windows\system32\drivers\ndis.sys
11:19:01.0453 0x1b6c NDIS - ok
11:19:01.0484 0x1b6c [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
11:19:01.0533 0x1b6c NdisCap - ok
11:19:01.0554 0x1b6c [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
11:19:01.0595 0x1b6c NdisTapi - ok
11:19:01.0655 0x1b6c [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
11:19:01.0758 0x1b6c Ndisuio - ok
11:19:01.0803 0x1b6c [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
11:19:01.0846 0x1b6c NdisWan - ok
11:19:01.0886 0x1b6c [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
11:19:01.0936 0x1b6c NDProxy - ok
11:19:01.0966 0x1b6c [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
11:19:02.0010 0x1b6c NetBIOS - ok
11:19:02.0078 0x1b6c [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
11:19:02.0122 0x1b6c NetBT - ok
11:19:02.0164 0x1b6c [ CB0E57424A776C51EF42469064ADBF08, 2E4EFE070560F4CCE6AF6D142C559EEF3672631C846E612968D57BE7F71C1C4F ] Netlogon C:\Windows\system32\lsass.exe
11:19:02.0191 0x1b6c Netlogon - ok
11:19:02.0235 0x1b6c [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
11:19:02.0282 0x1b6c Netman - ok
11:19:02.0305 0x1b6c [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
11:19:02.0363 0x1b6c netprofm - ok
11:19:02.0388 0x1b6c [ 9D0157074866FCF3EA2A07185D93FC72, C4107EE60ADA7E326DF7B27602166E9D57CB9982717605730BF7C7D2401E30A9 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:19:02.0400 0x1b6c NetTcpPortSharing - ok
11:19:02.0428 0x1b6c [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
11:19:02.0441 0x1b6c nfrd960 - ok
11:19:02.0493 0x1b6c [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll
11:19:02.0528 0x1b6c NlaSvc - ok
11:19:02.0550 0x1b6c [ 1381E95D4E0F94F22DD484B5F8C1D61D, E91C10A62E3B5A610063F48354C6F4A1AAB7300A69EAD59E89ED8EEFDBD99062 ] nmwcd C:\Windows\system32\drivers\ccdcmbx64.sys
11:19:02.0611 0x1b6c nmwcd - ok
11:19:02.0650 0x1b6c [ 205510CDB7B6084BF31760B5D06F9242, F3EAC6A7127DC5A0FEE7A9AFA561A8CA9B6E83FECCD731C890E85C33514B533B ] nmwcdc C:\Windows\system32\drivers\ccdcmbox64.sys
11:19:02.0686 0x1b6c nmwcdc - ok
11:19:02.0704 0x1b6c [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
11:19:02.0755 0x1b6c Npfs - ok
11:19:02.0789 0x1b6c [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
11:19:02.0835 0x1b6c nsi - ok
11:19:02.0853 0x1b6c [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
11:19:02.0921 0x1b6c nsiproxy - ok
11:19:03.0016 0x1b6c [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
11:19:03.0070 0x1b6c Ntfs - ok
11:19:03.0122 0x1b6c [ 9A308FCDCCA98A15B6F62D36A272160E, 3991F70D42C1949067ED48CF4EB815E06360B077F6A2369AC76BF0892C3C33EE ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
11:19:03.0148 0x1b6c NTI IScheduleSvc - ok
11:19:03.0177 0x1b6c [ EE3BA1024594D5D09E314F206B94069E, 34C8EC3DF1C3088D8A0442CAA4F5506665AFB2DF016709457ED2AB7DA45F53A6 ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
11:19:03.0187 0x1b6c NTIDrvr - ok
11:19:03.0200 0x1b6c [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
11:19:03.0260 0x1b6c Null - ok
11:19:03.0753 0x1b6c [ 8596650117E9CF38D8DDBF8EDBA4E6BA, 1E361DFBC1E4FE85D486B81841CBC831610333A63DC620D321D968FC4DFF7006 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:19:04.0223 0x1b6c nvlddmkm - ok
11:19:04.0269 0x1b6c [ F64E6A82C25568B678014066A5068623, ADEA2046D95103C38AF981DEC9D2CE552D08B21EEFDF5949BE86BBF5AADB0EAD ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
11:19:04.0278 0x1b6c nvpciflt - ok
11:19:04.0322 0x1b6c [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48, 7738785DE8B50D69993F4408498B812D0283FEE5C04FF5B89C20F149B44E9737 ] nvraid C:\Windows\system32\drivers\nvraid.sys
11:19:04.0338 0x1b6c nvraid - ok
11:19:04.0371 0x1b6c [ F7CD50FE7139F07E77DA8AC8033D1832, DA96F4B15C8165E6AE1D00E03A062C66CA3A3089E4FF0E9E11CE00B154DD12EC ] nvstor C:\Windows\system32\drivers\nvstor.sys
11:19:04.0385 0x1b6c nvstor - ok
11:19:04.0474 0x1b6c [ CF3D9BE19B7BEBB9773408775F5A6527, A602FE79ABC867D314BB0411B31F4AAA8E487ABA68E4542BE31248F5D3B5D1F3 ] NVSvc C:\Windows\system32\nvvsvc.exe
11:19:04.0508 0x1b6c NVSvc - ok
11:19:04.0648 0x1b6c [ EA71448676FBF46DDDC0C94A393552EC, 872E60A9A5E7500A46F211D02780F7C020A232357B5D8B8D27F898D6FC8455B9 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
11:19:04.0708 0x1b6c nvUpdatusService - ok
11:19:04.0746 0x1b6c [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
11:19:04.0761 0x1b6c nv_agp - ok
11:19:04.0775 0x1b6c [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
11:19:04.0801 0x1b6c ohci1394 - ok
11:19:04.0867 0x1b6c [ 55E925E51FAE416DED7EDBF531E63132, C6B507310109550694982497992C138D9C895778FFA2C37E843B10D3AD096945 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:19:04.0896 0x1b6c ose - ok
11:19:05.0158 0x1b6c [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:19:05.0275 0x1b6c osppsvc - ok
11:19:05.0331 0x1b6c [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
11:19:05.0419 0x1b6c p2pimsvc - ok
11:19:05.0449 0x1b6c [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
11:19:05.0494 0x1b6c p2psvc - ok
11:19:05.0524 0x1b6c [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
11:19:05.0556 0x1b6c Parport - ok
11:19:05.0597 0x1b6c [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
11:19:05.0608 0x1b6c partmgr - ok
11:19:05.0651 0x1b6c [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc C:\Windows\System32\pcasvc.dll
11:19:05.0694 0x1b6c PcaSvc - ok
11:19:05.0775 0x1b6c [ 3FDE033DFB0D07F8B7D5C9A3044AA121, 2C23B4FA34BA3060884B0168A830DD395A3853855CD6DF4065FBB303DFB4A87E ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
11:19:05.0808 0x1b6c pccsmcfd - ok
11:19:05.0843 0x1b6c [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
11:19:05.0857 0x1b6c pci - ok
11:19:05.0881 0x1b6c [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
11:19:05.0891 0x1b6c pciide - ok
11:19:05.0920 0x1b6c [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
11:19:05.0939 0x1b6c pcmcia - ok
11:19:05.0954 0x1b6c [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
11:19:05.0966 0x1b6c pcw - ok
11:19:06.0014 0x1b6c [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
11:19:06.0069 0x1b6c PEAUTH - ok
11:19:06.0168 0x1b6c [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
11:19:06.0193 0x1b6c PerfHost - ok
11:19:06.0305 0x1b6c [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
11:19:06.0458 0x1b6c pla - ok
11:19:06.0501 0x1b6c [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
11:19:06.0561 0x1b6c PlugPlay - ok
11:19:06.0595 0x1b6c [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
11:19:06.0624 0x1b6c PNRPAutoReg - ok
11:19:06.0662 0x1b6c [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
11:19:06.0696 0x1b6c PNRPsvc - ok
11:19:06.0752 0x1b6c [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
11:19:06.0826 0x1b6c PolicyAgent - ok
11:19:06.0878 0x1b6c [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
11:19:06.0952 0x1b6c Power - ok
11:19:07.0009 0x1b6c [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
11:19:07.0051 0x1b6c PptpMiniport - ok
11:19:07.0082 0x1b6c [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys
11:19:07.0105 0x1b6c Processor - ok
11:19:07.0163 0x1b6c [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll
11:19:07.0228 0x1b6c ProfSvc - ok
11:19:07.0255 0x1b6c [ CB0E57424A776C51EF42469064ADBF08, 2E4EFE070560F4CCE6AF6D142C559EEF3672631C846E612968D57BE7F71C1C4F ] ProtectedStorage C:\Windows\system32\lsass.exe
11:19:07.0275 0x1b6c ProtectedStorage - ok
11:19:07.0318 0x1b6c [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
11:19:07.0371 0x1b6c Psched - ok
11:19:07.0426 0x1b6c [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
11:19:07.0474 0x1b6c ql2300 - ok
11:19:07.0507 0x1b6c [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
11:19:07.0520 0x1b6c ql40xx - ok
11:19:07.0554 0x1b6c [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
11:19:07.0605 0x1b6c QWAVE - ok
11:19:07.0621 0x1b6c [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
11:19:07.0686 0x1b6c QWAVEdrv - ok
11:19:07.0725 0x1b6c [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
11:19:07.0779 0x1b6c RasAcd - ok
11:19:07.0807 0x1b6c [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
11:19:07.0856 0x1b6c RasAgileVpn - ok
11:19:07.0892 0x1b6c [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
11:19:07.0946 0x1b6c RasAuto - ok
11:19:08.0011 0x1b6c [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
11:19:08.0089 0x1b6c Rasl2tp - ok
11:19:08.0143 0x1b6c [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
11:19:08.0216 0x1b6c RasMan - ok
11:19:08.0246 0x1b6c [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
11:19:08.0287 0x1b6c RasPppoe - ok
11:19:08.0297 0x1b6c [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
11:19:08.0342 0x1b6c RasSstp - ok
11:19:08.0391 0x1b6c [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
11:19:08.0445 0x1b6c rdbss - ok
11:19:08.0461 0x1b6c [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
11:19:08.0484 0x1b6c rdpbus - ok
11:19:08.0496 0x1b6c [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
11:19:08.0541 0x1b6c RDPCDD - ok
11:19:08.0580 0x1b6c [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
11:19:08.0625 0x1b6c RDPENCDD - ok
11:19:08.0644 0x1b6c [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
11:19:08.0679 0x1b6c RDPREFMP - ok
11:19:08.0717 0x1b6c [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
11:19:08.0745 0x1b6c RDPWD - ok
11:19:08.0804 0x1b6c [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
11:19:08.0831 0x1b6c rdyboost - ok
11:19:08.0861 0x1b6c [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
11:19:08.0907 0x1b6c RemoteAccess - ok
11:19:08.0936 0x1b6c [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
11:19:08.0993 0x1b6c RemoteRegistry - ok
11:19:09.0039 0x1b6c [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
11:19:09.0056 0x1b6c RFCOMM - ok
11:19:09.0091 0x1b6c [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
11:19:09.0164 0x1b6c RpcEptMapper - ok
11:19:09.0191 0x1b6c [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
11:19:09.0214 0x1b6c RpcLocator - ok
11:19:09.0303 0x1b6c [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
11:19:09.0365 0x1b6c RpcSs - ok
11:19:09.0400 0x1b6c [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
11:19:09.0448 0x1b6c rspndr - ok
11:19:09.0544 0x1b6c [ 0E3DCF76F11DC431B088A2DFD7265CDA, 7FCC8A9C28B8B2E9EC6AB9FFF7354929838134F61DB9D5BB96C5F6A7ABDC6B6A ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
11:19:09.0578 0x1b6c RSUSBSTOR - ok
11:19:09.0587 0x1b6c [ CB0E57424A776C51EF42469064ADBF08, 2E4EFE070560F4CCE6AF6D142C559EEF3672631C846E612968D57BE7F71C1C4F ] SamSs C:\Windows\system32\lsass.exe
11:19:09.0601 0x1b6c SamSs - ok
11:19:09.0637 0x1b6c [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
11:19:09.0653 0x1b6c sbp2port - ok
11:19:09.0691 0x1b6c [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
11:19:09.0762 0x1b6c SCardSvr - ok
11:19:09.0792 0x1b6c [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
11:19:09.0850 0x1b6c scfilter - ok
11:19:09.0924 0x1b6c [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule C:\Windows\system32\schedsvc.dll
11:19:10.0037 0x1b6c Schedule - ok
11:19:10.0071 0x1b6c [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
11:19:10.0111 0x1b6c SCPolicySvc - ok
11:19:10.0149 0x1b6c [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
11:19:10.0240 0x1b6c SDRSVC - ok
11:19:10.0270 0x1b6c [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
11:19:10.0309 0x1b6c secdrv - ok
11:19:10.0347 0x1b6c [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
11:19:10.0405 0x1b6c seclogon - ok
11:19:10.0432 0x1b6c [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\system32\sens.dll
11:19:10.0484 0x1b6c SENS - ok
11:19:10.0509 0x1b6c [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
11:19:10.0562 0x1b6c SensrSvc - ok
11:19:10.0597 0x1b6c [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
11:19:10.0621 0x1b6c Serenum - ok
11:19:10.0648 0x1b6c [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
11:19:10.0691 0x1b6c Serial - ok
11:19:10.0711 0x1b6c [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
11:19:10.0742 0x1b6c sermouse - ok
11:19:10.0805 0x1b6c [ 78F7BB9F4924BE164294C59B8C3FC096, 75051A6A8B0DBB16CD70855A408134270EEAF0C127BAAE5B592DB53BB87C085B ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
11:19:10.0844 0x1b6c ServiceLayer - ok
11:19:10.0914 0x1b6c [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
11:19:10.0966 0x1b6c SessionEnv - ok
11:19:10.0999 0x1b6c [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
11:19:11.0054 0x1b6c sffdisk - ok
11:19:11.0071 0x1b6c [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
11:19:11.0099 0x1b6c sffp_mmc - ok
11:19:11.0103 0x1b6c [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
11:19:11.0122 0x1b6c sffp_sd - ok
11:19:11.0157 0x1b6c [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
11:19:11.0211 0x1b6c sfloppy - ok
11:19:11.0307 0x1b6c [ D5183ED285D2795491DC15BDDCBEE5AD, 607D208C730485B445EC80EEE5529A8E2BEF44FE2C8558E71A7FB47B0C8C7B56 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
11:19:11.0345 0x1b6c Sftfs - ok
11:19:11.0421 0x1b6c [ BFDB58616FF5EA540A5F58301D50641E, AFBF163938237C7E2578690BE71001016AF7FF61CD84594E7D76CDCBBD1FF4BD ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
11:19:11.0456 0x1b6c sftlist - ok
11:19:11.0500 0x1b6c [ 00F118B68C50D2206DD51634F9142B83, 5C5913ED0E3551DD5FD881830A6F7DBAEB0E9FA3904EE3BB13D8F1DA346EBCE7 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
11:19:11.0518 0x1b6c Sftplay - ok
11:19:11.0527 0x1b6c [ 76A827DF5640BFE16A0CDBB4108ADECA, E7D333A251E0F0DA729DA3CBE6B0F1E5DE2EE585E8B87B5EC78E78E129CA1112 ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
11:19:11.0540 0x1b6c Sftredir - ok
11:19:11.0558 0x1b6c [ 1B4C9701645086BAB8CAFFFCE30ED284, B95C995EEB573B5C3D00DBA9D439CACCF3D3C9593E568D2D0F44245E7B09E3F5 ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
11:19:11.0570 0x1b6c Sftvol - ok
11:19:11.0624 0x1b6c [ B94C3C4DCA2093243C76CA218EDE2A97, 4D376F825AEEFD8F1BCE48180471C75BDA655B2D8BE6E4205E327D14D797DBF2 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
11:19:11.0639 0x1b6c sftvsa - ok
11:19:11.0683 0x1b6c [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
11:19:11.0757 0x1b6c SharedAccess - ok
11:19:11.0798 0x1b6c [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:19:11.0859 0x1b6c ShellHWDetection - ok
11:19:11.0881 0x1b6c [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:19:11.0896 0x1b6c SiSRaid2 - ok
11:19:11.0919 0x1b6c [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
11:19:11.0937 0x1b6c SiSRaid4 - ok
11:19:11.0995 0x1b6c [ C44D3179D9EFEBD26572A9DC6DD759DE, B55AC98A86A07937B8517EF8B6278328CE4039AD2CA98E6BD7FB05252B893E9D ] SjtWinIo C:\Windows\system32\DRIVERS\SjtWinIo.sys
11:19:12.0018 0x1b6c SjtWinIo - ok
11:19:12.0038 0x1b6c [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
11:19:12.0099 0x1b6c Smb - ok
11:19:12.0136 0x1b6c [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
11:19:12.0167 0x1b6c SNMPTRAP - ok
11:19:12.0208 0x1b6c [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
11:19:12.0221 0x1b6c spldr - ok
11:19:12.0275 0x1b6c [ B96C17B5DC1424D56EEA3A99E97428CD, AF0A85066A7983878DC1C663811CE61C6CA1912DC956184F878B7B82DB93C651 ] Spooler C:\Windows\System32\spoolsv.exe
11:19:12.0323 0x1b6c Spooler - ok
11:19:12.0461 0x1b6c [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
11:19:12.0750 0x1b6c sppsvc - ok
11:19:12.0788 0x1b6c [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
11:19:12.0862 0x1b6c sppuinotify - ok
11:19:12.0920 0x1b6c [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
11:19:12.0965 0x1b6c srv - ok
11:19:13.0001 0x1b6c [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
11:19:13.0044 0x1b6c srv2 - ok
11:19:13.0065 0x1b6c [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
11:19:13.0090 0x1b6c srvnet - ok
11:19:13.0124 0x1b6c [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
11:19:13.0211 0x1b6c SSDPSRV - ok
11:19:13.0227 0x1b6c [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
11:19:13.0289 0x1b6c SstpSvc - ok
11:19:13.0314 0x1b6c [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
11:19:13.0325 0x1b6c stexstor - ok
11:19:13.0400 0x1b6c [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
11:19:13.0469 0x1b6c stisvc - ok
11:19:13.0505 0x1b6c [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
11:19:13.0523 0x1b6c swenum - ok
11:19:13.0555 0x1b6c [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
11:19:13.0637 0x1b6c swprv - ok
11:19:13.0771 0x1b6c [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain C:\Windows\system32\sysmain.dll
11:19:13.0920 0x1b6c SysMain - ok
11:19:13.0964 0x1b6c [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:19:13.0995 0x1b6c TabletInputService - ok
11:19:14.0023 0x1b6c [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
11:19:14.0099 0x1b6c TapiSrv - ok
11:19:14.0131 0x1b6c [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
11:19:14.0208 0x1b6c TBS - ok
11:19:14.0368 0x1b6c [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
11:19:14.0462 0x1b6c Tcpip - ok
11:19:14.0546 0x1b6c [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
11:19:14.0600 0x1b6c TCPIP6 - ok
11:19:14.0636 0x1b6c [ DF687E3D8836BFB04FCC0615BF15A519, 7C5B1E72673B4299DFC21E869F0FBB28198CA54DF4F4AF7080005F2D82467784 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
11:19:14.0706 0x1b6c tcpipreg - ok
11:19:14.0737 0x1b6c [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
11:19:14.0795 0x1b6c TDPIPE - ok
11:19:14.0829 0x1b6c [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
11:19:14.0870 0x1b6c TDTCP - ok
11:19:14.0918 0x1b6c [ AA77EB517D2F07A947294F260E3ACA83, B7A5DF3066830C0C2302B059778A67419792058A0D300C471DE40AB245EA7E58 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
11:19:14.0945 0x1b6c tdx - ok
11:19:14.0988 0x1b6c [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
11:19:15.0002 0x1b6c TermDD - ok
11:19:15.0049 0x1b6c [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
11:19:15.0099 0x1b6c TermService - ok
11:19:15.0118 0x1b6c [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
11:19:15.0135 0x1b6c Themes - ok
11:19:15.0168 0x1b6c [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
11:19:15.0203 0x1b6c THREADORDER - ok
11:19:15.0224 0x1b6c [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
11:19:15.0266 0x1b6c TrkWks - ok
11:19:15.0333 0x1b6c [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:19:15.0396 0x1b6c TrustedInstaller - ok
11:19:15.0435 0x1b6c [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
11:19:15.0453 0x1b6c tssecsrv - ok
11:19:15.0506 0x1b6c [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
11:19:15.0531 0x1b6c TsUsbFlt - ok
11:19:15.0609 0x1b6c [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
11:19:15.0667 0x1b6c tunnel - ok
11:19:15.0702 0x1b6c [ 825E7A1F48FB8BCFBA27C178AAB4E275, 94F039917B52BEFFFE383E14A6169AE81B6E79C30BA7DD017A9CFE15708A1605 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
11:19:15.0711 0x1b6c TurboB - ok
11:19:15.0763 0x1b6c [ B206BE1174D5964D49A56BB6C4E0524A, 9D7DA11220B69E2EDEA9E55EC0E4CB554DD7F638ABF49B76353CE5A5C75965B8 ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
11:19:15.0776 0x1b6c TurboBoost - ok
11:19:15.0808 0x1b6c [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
11:19:15.0822 0x1b6c uagp35 - ok
11:19:15.0844 0x1b6c [ A17D5E1A6DF4EAB0A480F2C490DE4C9D, 1EA835F172B6BF3D7F496E079DF1CDF00122B2110C08D61427582BC9405D2B7B ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
11:19:15.0872 0x1b6c UBHelper - ok
11:19:15.0908 0x1b6c [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
11:19:15.0963 0x1b6c udfs - ok
11:19:16.0006 0x1b6c [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
11:19:16.0034 0x1b6c UI0Detect - ok
11:19:16.0053 0x1b6c [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
11:19:16.0066 0x1b6c uliagpkx - ok
11:19:16.0113 0x1b6c [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\drivers\umbus.sys
11:19:16.0141 0x1b6c umbus - ok
11:19:16.0171 0x1b6c [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
11:19:16.0195 0x1b6c UmPass - ok
11:19:16.0338 0x1b6c [ 7466809E6DA561D60C2F1CE8EDE3C73F, A3185049282A51B17C3DA839AF7E90F1CD395B2FB5587514EB2D65CB22854E2C ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
11:19:16.0448 0x1b6c UNS - ok
11:19:16.0513 0x1b6c [ 6BCEE9C766815BFFF89DE7D81AF34CE1, E10B9EFAF5D1E6596CFC7E3C9D5C3904EC8E82B16133B59BBC636F5E4D0AEB7F ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
11:19:16.0525 0x1b6c Updater Service - ok
11:19:16.0555 0x1b6c [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
11:19:16.0616 0x1b6c upnphost - ok
11:19:16.0654 0x1b6c [ 311C90F0767A63000AC35DD0A7078A30, DB80E10015DCC595F90C31CE61590DB07E84F8B13DA904B2D59233678C366A2D ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
11:19:16.0701 0x1b6c upperdev - ok
11:19:16.0748 0x1b6c [ F957092C63CD71D85903CA0D8370F473, 4DEC2FC20329F248135DA24CB6694FD972DCCE8B1BBEA8D872FDE41939E96AAF ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
11:19:16.0766 0x1b6c USBAAPL64 - detected UnsignedFile.Multi.Generic ( 1 )
11:19:19.0097 0x1b6c Detect skipped due to KSN trusted
11:19:19.0097 0x1b6c USBAAPL64 - ok
11:19:19.0139 0x1b6c [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
11:19:19.0190 0x1b6c usbccgp - ok
11:19:19.0233 0x1b6c [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
11:19:19.0284 0x1b6c usbcir - ok
11:19:19.0316 0x1b6c [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\drivers\usbehci.sys
11:19:19.0328 0x1b6c usbehci - ok
11:19:19.0348 0x1b6c [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
11:19:19.0369 0x1b6c usbhub - ok
11:19:19.0389 0x1b6c [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys
11:19:19.0402 0x1b6c usbohci - ok
11:19:19.0435 0x1b6c [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
11:19:19.0466 0x1b6c usbprint - ok
11:19:19.0511 0x1b6c [ B57B4F0BEC4270A281B9F8537EB2FA04, 554273482EE85F010DC62E412C9933E65BD63AA09911BD25D86F86D2618EF382 ] usbser C:\Windows\system32\DRIVERS\usbser.sys
11:19:19.0569 0x1b6c usbser - ok
11:19:19.0603 0x1b6c [ C03DA998E412D69D18DD11D835229AF0, DD43E370EF370767588A6D56A51A4ADF99B5E063C7AA0528F91FD431DE7C2932 ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
11:19:19.0626 0x1b6c UsbserFilt - ok
11:19:19.0674 0x1b6c [ D76510CFA0FC09023077F22C2F979D86, 5662281C6D515423255D3C262EA368DBAFC250235E535FBFA3E59D3487695439 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:19:19.0714 0x1b6c USBSTOR - ok
11:19:19.0743 0x1b6c [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
11:19:19.0760 0x1b6c usbuhci - ok
11:19:19.0851 0x1b6c [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
11:19:19.0910 0x1b6c usbvideo - ok
11:19:19.0940 0x1b6c [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
11:19:19.0998 0x1b6c UxSms - ok
11:19:20.0022 0x1b6c [ CB0E57424A776C51EF42469064ADBF08, 2E4EFE070560F4CCE6AF6D142C559EEF3672631C846E612968D57BE7F71C1C4F ] VaultSvc C:\Windows\system32\lsass.exe
11:19:20.0033 0x1b6c VaultSvc - ok
11:19:20.0076 0x1b6c [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
11:19:20.0087 0x1b6c vdrvroot - ok
11:19:20.0130 0x1b6c [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
11:19:20.0207 0x1b6c vds - ok
11:19:20.0236 0x1b6c [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
11:19:20.0267 0x1b6c vga - ok
11:19:20.0285 0x1b6c [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
11:19:20.0320 0x1b6c VgaSave - ok
11:19:20.0360 0x1b6c [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
11:19:20.0378 0x1b6c vhdmp - ok
11:19:20.0413 0x1b6c [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
11:19:20.0424 0x1b6c viaide - ok
11:19:20.0442 0x1b6c [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
11:19:20.0454 0x1b6c volmgr - ok
11:19:20.0505 0x1b6c [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
11:19:20.0540 0x1b6c volmgrx - ok
11:19:20.0559 0x1b6c [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
11:19:20.0576 0x1b6c volsnap - ok
11:19:20.0619 0x1b6c [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
11:19:20.0639 0x1b6c vsmraid - ok
11:19:20.0718 0x1b6c [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
11:19:20.0805 0x1b6c VSS - ok
11:19:20.0826 0x1b6c [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
11:19:20.0872 0x1b6c vwifibus - ok
11:19:20.0886 0x1b6c [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
11:19:20.0905 0x1b6c vwififlt - ok
11:19:20.0935 0x1b6c [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
11:19:20.0953 0x1b6c vwifimp - ok
11:19:21.0004 0x1b6c [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
11:19:21.0050 0x1b6c W32Time - ok
11:19:21.0067 0x1b6c [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
11:19:21.0081 0x1b6c WacomPen - ok
11:19:21.0134 0x1b6c [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
11:19:21.0174 0x1b6c WANARP - ok
11:19:21.0178 0x1b6c [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
11:19:21.0214 0x1b6c Wanarpv6 - ok
11:19:21.0299 0x1b6c [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
11:19:21.0392 0x1b6c wbengine - ok
11:19:21.0432 0x1b6c [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
11:19:21.0472 0x1b6c WbioSrvc - ok
11:19:21.0522 0x1b6c [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
11:19:21.0564 0x1b6c wcncsvc - ok
11:19:21.0610 0x1b6c [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:19:21.0671 0x1b6c WcsPlugInService - ok
11:19:21.0710 0x1b6c [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
11:19:21.0736 0x1b6c Wd - ok
11:19:21.0822 0x1b6c [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
11:19:21.0862 0x1b6c Wdf01000 - ok
11:19:21.0878 0x1b6c [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
11:19:21.0969 0x1b6c WdiServiceHost - ok
11:19:21.0975 0x1b6c [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
11:19:22.0000 0x1b6c WdiSystemHost - ok
11:19:22.0034 0x1b6c [ 4E89FC53493704BF835F0300DC201C34, FB3080725E144D93512DED81047D21C0582BC3412250EFF37E039108D7351F53 ] WebClient C:\Windows\System32\webclnt.dll
11:19:22.0065 0x1b6c WebClient - ok
11:19:22.0102 0x1b6c [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
11:19:22.0156 0x1b6c Wecsvc - ok
11:19:22.0184 0x1b6c [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
11:19:22.0247 0x1b6c wercplsupport - ok
11:19:22.0280 0x1b6c [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
11:19:22.0329 0x1b6c WerSvc - ok
11:19:22.0353 0x1b6c [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
11:19:22.0388 0x1b6c WfpLwf - ok
11:19:22.0419 0x1b6c [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
11:19:22.0440 0x1b6c WIMMount - ok
11:19:22.0456 0x1b6c WinDefend - ok
11:19:22.0471 0x1b6c WinHttpAutoProxySvc - ok
11:19:22.0558 0x1b6c [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
11:19:22.0616 0x1b6c Winmgmt - ok
11:19:22.0778 0x1b6c [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
11:19:22.0865 0x1b6c WinRM - ok
11:19:22.0943 0x1b6c [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
11:19:22.0960 0x1b6c WinUsb - ok
11:19:23.0007 0x1b6c [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
11:19:23.0047 0x1b6c Wlansvc - ok
11:19:23.0081 0x1b6c [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
11:19:23.0095 0x1b6c wlcrasvc - ok
11:19:23.0234 0x1b6c [ 7E47C328FC4768CB8BEAFBCFAFA70362, C98BD6A0C2F70E069D5FD3BAB31BD028DFEAC0490D180BBC28A14BE375897D8C ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:19:23.0331 0x1b6c wlidsvc - ok
11:19:23.0371 0x1b6c [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
11:19:23.0401 0x1b6c WmiAcpi - ok
11:19:23.0426 0x1b6c [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
11:19:23.0461 0x1b6c wmiApSrv - ok
11:19:23.0501 0x1b6c WMPNetworkSvc - ok
11:19:23.0529 0x1b6c [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
11:19:23.0591 0x1b6c WPCSvc - ok
11:19:23.0629 0x1b6c [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
11:19:23.0683 0x1b6c WPDBusEnum - ok
11:19:23.0715 0x1b6c [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
11:19:23.0767 0x1b6c ws2ifsl - ok
11:19:23.0817 0x1b6c [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\system32\wscsvc.dll
11:19:23.0841 0x1b6c wscsvc - ok
11:19:23.0846 0x1b6c WSearch - ok
11:19:23.0971 0x1b6c [ 6075791ED85E47A2A2916B1F34582944, 25B5FAD161711875B38BDD014A26FA527C8EE4854D485989D19A72D5EBBA4054 ] wuauserv C:\Windows\system32\wuaueng.dll
11:19:24.0069 0x1b6c wuauserv - ok
11:19:24.0092 0x1b6c [ D3381DC54C34D79B22CEE0D65BA91B7C, 70DC4ADCA4C0C28BB133287511E329D1B6B9B97F96CDE5B1D2F1F59FE1A965D9 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
11:19:24.0141 0x1b6c WudfPf - ok
11:19:24.0212 0x1b6c [ CF8D590BE3373029D57AF80914190682, FB9641777E90A58C063FBE95F081DC6D2F4770827DE19108A9DC3E3D6B17B4BF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
11:19:24.0288 0x1b6c WUDFRd - ok
11:19:24.0346 0x1b6c [ 7A95C95B6C4CF292D689106BCAE49543, 9029F489E1E817CE12839B8C6656E46190497D445DC3F43C20CF96E5E6BD0691 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
11:19:24.0384 0x1b6c wudfsvc - ok
11:19:24.0431 0x1b6c [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc C:\Windows\System32\wwansvc.dll
11:19:24.0479 0x1b6c WwanSvc - ok
11:19:24.0525 0x1b6c ================ Scan global ===============================
11:19:24.0556 0x1b6c [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
11:19:24.0597 0x1b6c [ CE14A4BBF890A7D4C898CF886D145EC9, AD4BE7CBB0C624EC00E8496AF33AC5AB8C5689C75C66C4C99F2FB7149E912D18 ] C:\Windows\system32\winsrv.dll
11:19:24.0641 0x1b6c [ CE14A4BBF890A7D4C898CF886D145EC9, AD4BE7CBB0C624EC00E8496AF33AC5AB8C5689C75C66C4C99F2FB7149E912D18 ] C:\Windows\system32\winsrv.dll
11:19:24.0674 0x1b6c [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
11:19:24.0714 0x1b6c [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
11:19:24.0723 0x1b6c [ Global ] - ok
11:19:24.0723 0x1b6c ================ Scan MBR ==================================
11:19:24.0738 0x1b6c [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:19:25.0168 0x1b6c \Device\Harddisk0\DR0 - ok
11:19:25.0170 0x1b6c ================ Scan VBR ==================================
11:19:25.0192 0x1b6c [ 9D2C1FA90B86B128C217196DDD43DACD ] \Device\Harddisk0\DR0\Partition1
11:19:25.0225 0x1b6c \Device\Harddisk0\DR0\Partition1 - ok
11:19:25.0243 0x1b6c [ CD98E4D67D49CE0D06F343DD98815AB7 ] \Device\Harddisk0\DR0\Partition2
11:19:25.0271 0x1b6c \Device\Harddisk0\DR0\Partition2 - ok
11:19:25.0293 0x1b6c [ 8B9A595855A0B7F702B90C7FC2474B44 ] \Device\Harddisk0\DR0\Partition3
11:19:25.0295 0x1b6c \Device\Harddisk0\DR0\Partition3 - ok
11:19:25.0298 0x1b6c ================ Scan generic autorun ======================
11:19:25.0381 0x1b6c [ 0D6972A795995F07B6D78CA7724744FB, AA5E21F2957CCA7FBB0A2D006054E43BE4992BDEBAAC26A217C741FF36276B1B ] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
11:19:25.0401 0x1b6c mwlDaemon - ok
11:19:25.0929 0x1b6c [ 8CB8E0C93C5459B45BE1FA628FB0D761, F06830359F11515BA1CA5EC061F5B254E5A4676FBEC8AFAC23B56BB413B7E63F ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
11:19:26.0292 0x1b6c RtHDVCpl - ok
11:19:26.0304 0x1b6c ETDWare - ok
11:19:26.0375 0x1b6c [ EADCEB89DD46DA2A5560CA2AF016A6A6, 192EA5F750B6135304984482DC42CD5D9CC08680584C2BC54A3A5578FA275B7E ] C:\Windows\PLFSetI.exe
11:19:26.0394 0x1b6c PLFSetI - ok
11:19:26.0525 0x1b6c [ 3F7CC75C1420D45E16615C3868EBA502, EA97D82C7D91C46AEED5326C695D84AFB1FB622D2D888032929992D482FE0CEF ] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
11:19:26.0551 0x1b6c Acer ePower Management - ok
11:19:26.0593 0x1b6c [ 0BBFE08ECCE8A209D07C3B68D63FC293, 0374316F3586D191437F5A54F9A322B3F68002652920477DBCFD48EF049E6F21 ] C:\Windows\system32\igfxtray.exe
11:19:26.0606 0x1b6c IgfxTray - ok
11:19:26.0663 0x1b6c [ 2F16207A65B62001FC73E6798D0B8F2A, 44B3B7E0ED654480EE6CB238976FCDC745BE3EFD7CDC71B262146A4CE63731CD ] C:\Windows\system32\hkcmd.exe
11:19:26.0681 0x1b6c HotKeysCmds - ok
11:19:26.0723 0x1b6c [ B69A01794D44C769C2575AE75E2EB31F, CE19EEA3F738A5F2A2C43EB6699AACB21D798B9649D744FB983868FB3E58E7C1 ] C:\Windows\system32\igfxpers.exe
11:19:26.0740 0x1b6c Persistence - ok
11:19:26.0881 0x1b6c [ DB45D01FB4379346A422C6739FF30723, FBBBDAE8127DE99B8BDFB931FA550139C536C78487542AADF545BD5748F19B76 ] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe
11:19:26.0908 0x1b6c CanonSolutionMenu - ok
11:19:27.0131 0x1b6c [ AC9F294EF500C115709D389779635605, 86EC00A29BC05895CA37350134C83A274D0A862A5487C0B76D7C49CFB435C66F ] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
11:19:27.0241 0x1b6c CanonMyPrinter - ok
11:19:27.0391 0x1b6c [ 93291FB908DD865520848663273255C4, CBC59F1B6DF4ACCCA5A4D5E7CA7CFE0B5047D23F198C408B83ADAF3FF7E50062 ] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
11:19:27.0417 0x1b6c AtherosBtStack - detected UnsignedFile.Multi.Generic ( 1 )
11:19:29.0742 0x1b6c Detect skipped due to KSN trusted
11:19:29.0742 0x1b6c AtherosBtStack - ok
11:19:29.0792 0x1b6c [ 9B3DDBF9A68DF6A98085DA401FD8DB5C, 508182D123D00EC26E0C1A35960A0FE0FDC0D972284936206D53985DDE9D9E96 ] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
11:19:29.0817 0x1b6c AthBtTray - detected UnsignedFile.Multi.Generic ( 1 )
11:19:32.0141 0x1b6c Detect skipped due to KSN trusted
11:19:32.0142 0x1b6c AthBtTray - ok
11:19:32.0322 0x1b6c [ 9401DC5119D4E64F91CDAD7124C0260A, B762AC2EDDCD159D63495FAFC2226189600243F72B1A968CF40527A0F343A682 ] C:\Program Files\Logitech\SetPointP\SetPoint.exe
11:19:32.0414 0x1b6c EvtMgr6 - ok
11:19:32.0482 0x1b6c [ 9ECF375A6E4E74D056F4B54E76D58721, 29C89504C369CC40BC6BEDE965F52736CB01FA70644059392C912FFB35C4ED0A ] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
11:19:32.0495 0x1b6c IAStorIcon - ok
11:19:32.0554 0x1b6c [ AF7DE2922E01EFA48BF5F2A8511CF896, C0488146EC4600DBD9BF35C3C2DAE38714A4AEBB5341539237CAD1B3BBED3051 ] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
11:19:32.0572 0x1b6c SuiteTray - ok
11:19:32.0608 0x1b6c [ F255E48EA981E943A14CF16269F3F3AF, DDA7829AE5D4E2EC0CB11581F4CB3AA70366021BFB70B678A54D050F2EEC0F4B ] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
11:19:32.0619 0x1b6c EgisUpdate - ok
11:19:32.0641 0x1b6c [ 0ADF079D36B2C25E6E9BECE1BD937ACE, E90188F60B942A9A7586E39DDE3871B1ED9D5F4D32AB70297CBE69B465609BEE ] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
11:19:32.0658 0x1b6c EgisTecPMMUpdate - ok
11:19:32.0709 0x1b6c [ F4F7C86191A981C804326E2EF6F3604F, 1ECE05E643AFFB27A148A8B86615F6C167875EF29D6FF7E2FD15B8DCBE6B8A16 ] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
11:19:32.0720 0x1b6c Adobe Reader Speed Launcher - ok
11:19:32.0771 0x1b6c [ 94F80155B91B8DF7A0EAD527C853D377, 3E35B686DB526592F2ABF4B3E6EAACE1E784A5552C1CE074E85661388E66C153 ] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
11:19:32.0787 0x1b6c BackupManagerTray - ok
11:19:32.0862 0x1b6c [ 38218E47372B77DDB3C9DDD4390CB960, C665FCFE08A4C1F9C3FBA73A220AAB7344C2BF203B62FAB76EF1F659A78F007C ] C:\Program Files (x86)\Launch Manager\LManager.exe
11:19:32.0893 0x1b6c LManager - ok
11:19:33.0008 0x1b6c [ 48BE298F7FD1BEF4D8FBACB04D8D95C4, D375B3F6E850E4B0EC81BAA0E554C356BE2248AA77C6C56F5267CA05460FE4EB ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
11:19:33.0049 0x1b6c Adobe ARM - ok
11:19:33.0105 0x1b6c [ 916A2C4EB028604783FD5EA169236C1D, C97DAA1BE5C912DDCEDBA7619631BB98F4A9B32B1E40C5374A64E25305E0A1C4 ] C:\Program Files (x86)\QuickTime\QTTask.exe
11:19:33.0121 0x1b6c QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
11:19:43.0209 0x1b6c QuickTime Task ( UnsignedFile.Multi.Generic ) - warning
11:19:47.0676 0x1b6c [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
11:19:47.0762 0x1b6c Sidebar - ok
11:19:47.0793 0x1b6c [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
11:19:47.0824 0x1b6c mctadmin - ok
11:19:47.0902 0x1b6c [ 00953F2E02B28E806CA3993DEA06D0C3, 74E42948C14FC89CC04FEAF67F194B616075809827C87D04FA468FF6C7E2F743 ] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe
11:19:47.0916 0x1b6c ScrSav - ok
11:19:48.0016 0x1b6c [ 2481529EC3A9A030481545B70B119CCB, 8997D74A136EFB358F6E280D2A290D9CA6D70F4E47CFD88E757595A1D6CE559E ] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
11:19:48.0051 0x1b6c NokiaSuite.exe - ok
11:19:48.0171 0x1b6c Lync - ok
11:19:48.0299 0x1b6c [ 4AA072441C3557BBA9AD18A1CE283525, 6D67CB98877AF3F16E43F576B6F7DD01686E64F8D833FC9EF258D93ADD128937 ] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_20_0_0_267_Plugin.exe
11:19:48.0341 0x1b6c FlashPlayerUpdate - ok
11:19:48.0395 0x1b6c [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
11:19:48.0434 0x1b6c Sidebar - ok
11:19:48.0449 0x1b6c [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
11:19:48.0466 0x1b6c mctadmin - ok
11:19:48.0490 0x1b6c [ 00953F2E02B28E806CA3993DEA06D0C3, 74E42948C14FC89CC04FEAF67F194B616075809827C87D04FA468FF6C7E2F743 ] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe
11:19:48.0501 0x1b6c ScrSav - ok
11:19:48.0503 0x1b6c Waiting for KSN requests completion. In queue: 8
11:19:49.0503 0x1b6c Waiting for KSN requests completion. In queue: 8
11:19:50.0503 0x1b6c Waiting for KSN requests completion. In queue: 8
11:19:51.0054 0x11a8 Object required for P2P: [ 4AA072441C3557BBA9AD18A1CE283525 ] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_20_0_0_267_Plugin.exe
11:19:51.0503 0x1b6c Waiting for KSN requests completion. In queue: 1
11:19:52.0503 0x1b6c Waiting for KSN requests completion. In queue: 1
11:19:53.0503 0x1b6c Waiting for KSN requests completion. In queue: 1
11:19:53.0589 0x11a8 Object send P2P result: true
11:19:54.0556 0x1b6c AV detected via SS2: Kaspersky Internet Security, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\wmiav.exe ( 14.0.0.4651 ), 0x41000 ( enabled : updated )
11:19:54.0570 0x1b6c FW detected via SS2: Kaspersky Internet Security, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\wmifw.exe ( 14.0.0.4651 ), 0x41010 ( enabled )
11:19:57.0034 0x1b6c ============================================================
11:19:57.0034 0x1b6c Scan finished
11:19:57.0034 0x1b6c ============================================================
11:19:57.0046 0x228c Detected object count: 1
11:19:57.0047 0x228c Actual detected object count: 1
11:20:53.0699 0x228c QuickTime Task ( UnsignedFile.Multi.Generic ) - skipped by user
11:20:53.0700 0x228c QuickTime Task ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
23.01.2016, 12:58
| #6 | |
| /// TB-Ausbilder /// Anleitungs-Guru | Betrug durch Internetkäufe: Schädling trotz Kaspersky vorhanden?Zitat:
Ja, die Scans sollen Malware ausschließen. Ich denke nicht, dass der Rechner infiziert ist. Zumindest sehe ich nur einen Rest vom damaligen Befall. Jetzt bitte Suchscan durchführen: Schritt 1 ESET Online Scanner
__________________ --> Betrug durch Internetkäufe: Schädling trotz Kaspersky vorhanden? |
|
24.01.2016, 16:35
| #7 |
| | Betrug durch Internetkäufe: Schädling trotz Kaspersky vorhanden? Hallo Jürgen, anbei der Code: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=b954a8c1eab9d746aa321ed79a3309f7
# end=init
# utc_time=2016-01-23 01:04:10
# local_time=2016-01-23 02:04:10 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 27780
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=b954a8c1eab9d746aa321ed79a3309f7
# end=updated
# utc_time=2016-01-23 01:05:59
# local_time=2016-01-23 02:05:59 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=b954a8c1eab9d746aa321ed79a3309f7
# engine=27780
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-01-23 03:20:10
# local_time=2016-01-23 04:20:10 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Kaspersky Internet Security'
# compatibility_mode=1292 16777213 100 100 82212 85040432 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 16119 205192260 0 0
# scanned=280949
# found=15
# cleaned=0
# scan_time=8049
sh=1DBF1556C82A78CA45882E66DD83C0A977BF8D23 ft=1 fh=328989ef9803066c vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface32.dll.vir"
sh=C5883F4245AE2C0515FB1D04A08FD82885B06398 ft=1 fh=8d649859311d4519 vn="Win64/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface64.dll.vir"
sh=EA186A56E0445AF8E5F382F56F42F91682CFED3B ft=1 fh=875c743a5b727b00 vn="Win32/ELEX.AR evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\RSHP.exe.vir"
sh=9E90A050EB0BB1CEAB5633BCE404E5D5BC307647 ft=1 fh=2563181150dc44ea vn="Win32/Thinknice.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect32.dll.vir"
sh=16CF5D6E11C0F55548A67B8B5D04FA3460C76A2D ft=1 fh=7418003a088e68c3 vn="Win64/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect64.dll.vir"
sh=C03584BE4ED7835858158D1C38D6B08317E2FC82 ft=1 fh=a96a1125b953bd6a vn="Win32/Thinknice.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SpAPPSv32.dll.vir"
sh=67642DACDC22ED45AF7947E4F47B1B8463E4162C ft=1 fh=b08cc40f36e9035a vn="Win64/Thinknice.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SpAPPSv64.dll.vir"
sh=9042385F0336C5429FCD45FC347CC29A9BC06BB0 ft=1 fh=a7a426d7c77c80fb vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir"
sh=972DB9071C719922142BE77CF935C208B66F8DE2 ft=1 fh=c50a95d882970223 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\DENIZE~1\AppData\Local\Temp\OCS\ocs_v71b.exe.vir"
sh=81A5DCBFE2305D75EB40667E482150411E20502A ft=1 fh=b359010d72815e29 vn="Variante von Win64/Toolbar.Perion.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\dmwu.exe.vir"
sh=DEF60FE302E425147F0888F0DA34D646FE7D348D ft=1 fh=f334bd1e4085a8cf vn="Win32/SweetIM.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\ARFC\wrtc.exe.vir"
sh=F0B9C98931834EDF8D76DF0BDECDBCB0AFAB7814 ft=0 fh=0000000000000000 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\jmdp\pnte.crx.vir"
sh=3921B3425C5C561B5478A3ABBBD49C11775A0882 ft=0 fh=0000000000000000 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\jmdp\SweetNT.crx.vir"
sh=E01997C8AE459900D50BB3C3E2A052EBEAC2A8BF ft=1 fh=5755411f8f977445 vn="Win32/Adware.1ClickDownload.AN Anwendung" ac=I fn="C:\_OTL\MovedFiles\06142013_181310\C_$Recycle.Bin\S-1-5-21-4096825229-3460207125-1897423740-1001\$R7X2LJB.exe"
sh=83F7491AAA9DAF73337CC0B2D13A40EFD4C19339 ft=1 fh=7fcedeea9049f953 vn="Win32/TopMedia.A evtl. unerwünschte Anwendung" ac=I fn="C:\_OTL\MovedFiles\06142013_181310\C_$Recycle.Bin\S-1-5-21-4096825229-3460207125-1897423740-1001\$R9CR11A.exe"
|
|
24.01.2016, 21:00
| #8 |
| /// TB-Ausbilder /// Anleitungs-Guru | Betrug durch Internetkäufe: Schädling trotz Kaspersky vorhanden? Keine Malware gefunden. Ich nehme an, dass Deine Login-Daten auf einen anderen Weg abgegriffen wurden. Gibts es seit den Passwortänderungen noch Probleme?
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
25.01.2016, 08:35
| #9 |
| | Betrug durch Internetkäufe: Schädling trotz Kaspersky vorhanden? Hallo Jürgen, vielen Dank zunächst für Deine Arbeit. Passwörter wurden am 09.01. zurückgesetzt. Am 18.01. war die letzte Bestellung in einem Online-Shop. Kann allerdings auch sein, daß sich die Täter so lange Zeit gelassen haben. Kannst Du nachvollziehen, wer sich auf das ebay- bzw. Emailkonto gehackt hat? In welcher Form auch immer? |
|
25.01.2016, 19:41
| #10 | ||
| /// TB-Ausbilder /// Anleitungs-Guru | Betrug durch Internetkäufe: Schädling trotz Kaspersky vorhanden?Zitat:
Desweiteren muss es ja einen Empfängername für die Sachen geben. Zitat:
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
25.01.2016, 19:56
| #11 |
| | Betrug durch Internetkäufe: Schädling trotz Kaspersky vorhanden? Hallo Jürgen, die Anzeigen sind längst erstattet. Mir ging es jetzt nur noch um die Quelle des Übels. Aber wenn der Rechner sauber ist, dann ist ja schon einmal viel gewonnen. Vielen Dank noch einmal. Gruß Aircan |
|
25.01.2016, 19:58
| #12 |
| /// TB-Ausbilder /// Anleitungs-Guru | Betrug durch Internetkäufe: Schädling trotz Kaspersky vorhanden? OK. Zum Aufräumen bitte nochmal frische FRST-Logs. Schritt 1   Bitte starte FRST erneut, markiere auch die checkbox  und drücke auf Untersuchen. Bitte poste mir den Inhalt der beiden Logs die erstellt werden.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
27.01.2016, 19:44
| #13 |
| | Betrug durch Internetkäufe: Schädling trotz Kaspersky vorhanden? Hallo Jürgen, anbei die FRST.txt Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:25-01-2016
durchgeführt von ***** (Administrator) auf AIRCAN (27-01-2016 19:41:33)
Gestartet von C:\Users\*****\Desktop
Geladene Profile: ***** & UpdatusUser (Verfügbare Profile: ***** & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Windows\PLFSetI.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Mozilla Messaging) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-27] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2011-03-16] ()
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860040 2011-01-05] (Acer Incorporated)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [652624 2007-10-25] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2114376 2009-07-06] (CANON INC.)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [615584 2011-01-20] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-01-20] (Atheros Commnucations)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-27] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-29] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-4096825229-3460207125-1897423740-1001\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia)
HKU\S-1-5-21-4096825229-3460207125-1897423740-1001\...\Run: [Lync] => C:\Program Files (x86)\Microsoft Office\root\office16\lync.exe [22496448 2016-01-16] (Microsoft Corporation)
HKU\S-1-5-21-4096825229-3460207125-1897423740-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [453152 2009-12-24] ()
HKU\S-1-5-21-4096825229-3460207125-1897423740-1004\...\RunOnce: [ScrSav] => C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-15] ()
HKU\S-1-5-21-4096825229-3460207125-1897423740-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Acer.scr [453152 2009-12-24] ()
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll [2010-05-27] (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll [2010-05-27] (Egis Technology Inc.)
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2016-01-16]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{00C56E12-8C89-4B2C-B0BC-15642B558B78}: [DhcpNameServer] 192.168.178.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\S-1-5-21-4096825229-3460207125-1897423740-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4096825229-3460207125-1897423740-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4096825229-3460207125-1897423740-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt
SearchScopes: HKU\S-1-5-21-4096825229-3460207125-1897423740-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4096825229-3460207125-1897423740-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-01-16] (Microsoft Corporation)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-05-28] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-17] (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-05-28] (Kaspersky Lab ZAO)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2013-07-31] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2016-01-16] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-01-16] (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-05-28] (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-01-16] (Microsoft Corporation)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-05-28] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-17] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-04] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-01-20] (Atheros Commnucations)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-05-28] (Kaspersky Lab ZAO)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2013-07-31] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2016-01-16] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-01-16] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-04] (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-05-28] (Kaspersky Lab ZAO)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-16] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-16] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-16] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-16] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\xhezemyj.default-1432648771564
FF DefaultSearchEngine: DuckDuckGo
FF Homepage: hxxp://www.spiegel.de/
FF Session Restore: -> ist aktiviert.
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2016-01-17] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2016-01-17] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll [2015-01-09] (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-01-16] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-01-16] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2014-11-19] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4096825229-3460207125-1897423740-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\*****\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-09-07] (Unity Technologies ApS)
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-01-19] [ist nicht signiert]
FF Extension: AutoCopy 2 - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\xhezemyj.default-1432648771564\extensions\autocopy2@teo.pl.xpi [2015-05-31]
FF Extension: Tab Mix Plus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\xhezemyj.default-1432648771564\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2016-01-18]
FF Extension: HTTPS-Everywhere - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\xhezemyj.default-1432648771564\extensions\https-everywhere-eff@eff.org [2016-01-18]
FF Extension: YouTube mp3 - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\xhezemyj.default-1432648771564\Extensions\info@youtube-mp3.org.xpi [2015-05-29]
FF Extension: Adblock Plus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\xhezemyj.default-1432648771564\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-20]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-12-17] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-12-17] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-12-17] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-12-17] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-12-17] [ist nicht signiert]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2013-01-29] <==== ACHTUNG
Chrome:
=======
CHR Profile: C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-11]
CHR Extension: (Google Docs) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-11]
CHR Extension: (Google Drive) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-11]
CHR Extension: (YouTube) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-11]
CHR Extension: (Google Cast) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-01-11]
CHR Extension: (Google-Suche) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-11]
CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2015-01-11]
CHR Extension: (Google Tabellen) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-11]
CHR Extension: (Sicherer Zahlungsverkehr) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2015-01-11]
CHR Extension: (Modul zum Sperren von gefährlichen Webseiten) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2015-01-11]
CHR Extension: (Google Wallet) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-11]
CHR Extension: (Google Mail) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-11]
CHR Extension: (Anti-Banner) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2015-01-11]
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - hxxps://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2014-05-28]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2014-05-28]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2014-05-28]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2014-05-28]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2014-05-28]
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [76448 2011-01-20] (Atheros Commnucations) [Datei ist nicht signiert]
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2014-05-28] (Kaspersky Lab ZAO)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2762936 2016-01-07] (Microsoft Corporation)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 EvoMouseDriverFilterHidUsb; C:\Windows\System32\DRIVERS\EvoMouseDriverFilterHidUsb.sys [25144 2010-06-23] (Evoluent)
S3 EvoMouseDriverMini; C:\Windows\System32\drivers\EvoMouseDriverMini.sys [22584 2010-06-23] ()
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-05-28] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-05-28] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-05-28] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-05-28] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-05-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2014-05-28] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-05-28] (Kaspersky Lab ZAO)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-28] (Malwarebytes Corporation)
R3 SjtWinIo; C:\Windows\System32\DRIVERS\SjtWinIo.sys [9216 2014-01-31] (SpeedJet Technology INC.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Apple, Inc.) [Datei ist nicht signiert]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-01-27 19:40 - 2016-01-27 19:41 - 00029134 _____ C:\Users\*****\Desktop\FRST.txt
2016-01-27 19:39 - 2016-01-27 19:39 - 02370560 _____ (Farbar) C:\Users\*****\Desktop\FRST64.exe
2016-01-23 11:17 - 2016-01-23 14:00 - 00225018 _____ C:\TDSSKiller.3.1.0.9_23.01.2016_11.17.35_log.txt
2016-01-22 18:23 - 2016-01-22 18:23 - 00032642 _____ C:\ComboFix.txt
2016-01-22 17:54 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2016-01-22 17:54 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2016-01-22 17:54 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-01-22 17:54 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-01-22 17:54 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-01-22 17:54 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2016-01-22 17:54 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2016-01-22 17:54 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2016-01-22 17:53 - 2016-01-22 18:24 - 00000000 ____D C:\Qoobox
2016-01-22 17:52 - 2016-01-22 18:19 - 00000000 ____D C:\Windows\erdnt
2016-01-21 18:22 - 2016-01-27 19:41 - 00000000 ____D C:\FRST
2016-01-16 19:32 - 2016-01-16 19:32 - 00002216 _____ C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-01-16 19:32 - 2016-01-16 19:32 - 00002145 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-01-16 19:32 - 2016-01-16 19:32 - 00002145 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-01-16 19:32 - 2016-01-16 19:32 - 00000000 ___RD C:\Users\*****\OneDrive
2016-01-16 19:32 - 2016-01-16 19:32 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-01-16 19:32 - 2016-01-16 19:32 - 00000000 ____D C:\Program Files (x86)\Microsoft OneDrive
2016-01-16 19:17 - 2016-01-16 19:17 - 00000000 ____D C:\Users\*****\Documents\OneNote-Notizbücher
2016-01-16 19:10 - 2015-07-18 14:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-01-16 19:10 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-01-16 19:03 - 2016-01-16 19:47 - 00002413 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-01-16 19:03 - 2016-01-16 19:03 - 00002530 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2016-01-16 19:03 - 2016-01-16 19:03 - 00002527 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-01-16 19:03 - 2016-01-16 19:03 - 00002523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-01-16 19:03 - 2016-01-16 19:03 - 00002502 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-01-16 19:03 - 2016-01-16 19:03 - 00002480 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2016-01-16 19:03 - 2016-01-16 19:03 - 00002477 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2016-01-16 19:03 - 2016-01-16 19:03 - 00002444 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2016-01-16 19:03 - 2016-01-16 19:03 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-01-16 19:03 - 2016-01-16 19:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016-Tools
2016-01-16 19:01 - 2016-01-16 19:09 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-01-16 18:59 - 2016-01-16 18:59 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-01-13 17:52 - 2015-12-24 00:13 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-01-13 17:52 - 2015-12-23 23:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-01-13 17:52 - 2015-12-12 19:54 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-01-13 17:52 - 2015-12-12 19:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-01-13 17:52 - 2015-12-12 19:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-01-13 17:52 - 2015-12-12 19:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-01-13 17:52 - 2015-12-12 19:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-01-13 17:52 - 2015-12-12 19:15 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-01-13 17:52 - 2015-12-12 19:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-01-13 17:52 - 2015-12-12 19:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-01-13 17:52 - 2015-12-12 19:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-01-13 17:52 - 2015-12-12 19:07 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-01-13 17:52 - 2015-12-12 19:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-01-13 17:52 - 2015-12-12 19:07 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-01-13 17:52 - 2015-12-12 19:03 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-01-13 17:52 - 2015-12-12 19:02 - 20367360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-01-13 17:52 - 2015-12-12 19:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-01-13 17:52 - 2015-12-12 19:02 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-01-13 17:52 - 2015-12-12 19:02 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-01-13 17:52 - 2015-12-12 19:02 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-01-13 17:52 - 2015-12-12 18:55 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-01-13 17:52 - 2015-12-12 18:51 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-01-13 17:52 - 2015-12-12 18:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-01-13 17:52 - 2015-12-12 18:44 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-01-13 17:52 - 2015-12-12 18:40 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-01-13 17:52 - 2015-12-12 18:39 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-01-13 17:52 - 2015-12-12 18:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-01-13 17:52 - 2015-12-12 18:37 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-01-13 17:52 - 2015-12-12 18:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-01-13 17:52 - 2015-12-12 18:37 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-01-13 17:52 - 2015-12-12 18:36 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-01-13 17:52 - 2015-12-12 18:36 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-01-13 17:52 - 2015-12-12 18:35 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-01-13 17:52 - 2015-12-12 18:33 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-01-13 17:52 - 2015-12-12 18:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-01-13 17:52 - 2015-12-12 18:30 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-01-13 17:52 - 2015-12-12 18:28 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-01-13 17:52 - 2015-12-12 18:27 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-01-13 17:52 - 2015-12-12 18:27 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-01-13 17:52 - 2015-12-12 18:27 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-01-13 17:52 - 2015-12-12 18:25 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-01-13 17:52 - 2015-12-12 18:23 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-01-13 17:52 - 2015-12-12 18:22 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-01-13 17:52 - 2015-12-12 18:21 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-01-13 17:52 - 2015-12-12 18:20 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-01-13 17:52 - 2015-12-12 18:19 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-01-13 17:52 - 2015-12-12 18:18 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-01-13 17:52 - 2015-12-12 18:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-01-13 17:52 - 2015-12-12 18:12 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-01-13 17:52 - 2015-12-12 18:10 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-01-13 17:52 - 2015-12-12 18:10 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-01-13 17:52 - 2015-12-12 18:09 - 04610560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-01-13 17:52 - 2015-12-12 18:08 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-01-13 17:52 - 2015-12-12 18:06 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-01-13 17:52 - 2015-12-12 18:02 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-01-13 17:52 - 2015-12-12 18:00 - 12856320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-01-13 17:52 - 2015-12-12 18:00 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-01-13 17:52 - 2015-12-12 18:00 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-01-13 17:52 - 2015-12-12 18:00 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-01-13 17:52 - 2015-12-12 17:54 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-01-13 17:52 - 2015-12-12 17:42 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-01-13 17:52 - 2015-12-12 17:41 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-01-13 17:52 - 2015-12-12 17:38 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-01-13 17:52 - 2015-12-12 17:36 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-01-13 17:52 - 2015-12-08 22:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-01-13 17:52 - 2015-12-08 22:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-01-13 17:52 - 2015-12-08 22:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-01-13 17:52 - 2015-12-08 22:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-01-13 17:52 - 2015-12-08 22:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-01-13 17:52 - 2015-12-08 22:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-01-13 17:52 - 2015-12-08 22:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2016-01-13 17:52 - 2015-12-08 22:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-01-13 17:52 - 2015-12-08 22:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-01-13 17:52 - 2015-12-08 22:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-01-13 17:52 - 2015-12-08 22:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-01-13 17:52 - 2015-12-08 22:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-01-13 17:52 - 2015-12-08 22:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-01-13 17:52 - 2015-12-08 22:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-01-13 17:52 - 2015-12-08 22:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-01-13 17:52 - 2015-12-08 22:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-01-13 17:52 - 2015-12-08 22:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-01-13 17:52 - 2015-12-08 22:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-01-13 17:52 - 2015-12-08 22:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-01-13 17:52 - 2015-12-08 22:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-01-13 17:52 - 2015-12-08 22:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-01-13 17:52 - 2015-12-08 22:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-01-13 17:52 - 2015-12-08 22:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-01-13 17:52 - 2015-12-08 22:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-01-13 17:52 - 2015-12-08 22:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-01-13 17:52 - 2015-12-08 22:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2016-01-13 17:52 - 2015-12-08 22:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-01-13 17:52 - 2015-12-08 22:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-01-13 17:52 - 2015-12-08 22:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-01-13 17:52 - 2015-12-08 22:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-01-13 17:52 - 2015-12-08 22:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-01-13 17:52 - 2015-12-08 22:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-01-13 17:52 - 2015-12-08 22:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-01-13 17:52 - 2015-12-08 22:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-01-13 17:52 - 2015-12-08 22:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
2016-01-13 17:52 - 2015-12-08 22:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-01-13 17:52 - 2015-12-08 20:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-01-13 17:52 - 2015-12-08 20:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-01-13 17:52 - 2015-12-08 20:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-01-13 17:52 - 2015-12-08 20:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-01-13 17:52 - 2015-12-08 20:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-01-13 17:52 - 2015-12-08 20:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-01-13 17:52 - 2015-12-08 20:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-01-13 17:52 - 2015-12-08 20:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-01-13 17:52 - 2015-12-08 20:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-01-13 17:52 - 2015-12-08 20:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-01-13 17:52 - 2015-12-08 20:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-01-13 17:52 - 2015-12-08 20:07 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2016-01-13 17:52 - 2015-12-08 20:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-01-13 17:52 - 2015-12-08 20:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-01-13 17:52 - 2015-12-08 20:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-01-13 17:52 - 2015-12-08 20:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-01-13 17:52 - 2015-12-08 20:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-01-13 17:52 - 2015-12-08 20:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-01-13 17:52 - 2015-12-08 20:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-01-13 17:52 - 2015-12-08 20:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-01-13 17:52 - 2015-12-08 20:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-01-13 17:52 - 2015-12-08 20:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-01-13 17:52 - 2015-12-08 20:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-01-13 17:52 - 2015-12-08 20:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-01-13 17:52 - 2015-12-08 20:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-01-13 17:52 - 2015-12-08 20:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-01-13 17:52 - 2015-12-08 20:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-01-13 17:52 - 2015-12-08 20:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-01-13 17:52 - 2015-12-08 20:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-01-13 17:52 - 2015-12-08 20:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-01-13 17:52 - 2015-12-08 20:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-01-13 17:52 - 2015-12-08 20:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-01-13 17:52 - 2015-12-08 20:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-01-13 17:52 - 2015-12-08 20:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-01-13 17:52 - 2015-12-08 20:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2016-01-13 17:52 - 2015-12-08 20:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-01-13 17:52 - 2015-12-08 20:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-01-13 17:52 - 2015-12-08 20:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-01-13 17:52 - 2015-12-08 19:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-01-13 17:52 - 2015-12-08 19:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-01-13 17:52 - 2015-12-08 19:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2016-01-13 17:52 - 2015-12-08 18:58 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-01-13 17:52 - 2015-11-14 00:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-01-13 17:52 - 2015-11-14 00:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-01-13 17:52 - 2015-11-14 00:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-01-13 17:52 - 2015-11-13 23:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2016-01-13 17:52 - 2015-11-13 23:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2016-01-13 17:52 - 2015-11-13 23:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
2016-01-13 17:51 - 2015-12-08 22:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-01-13 17:51 - 2015-12-08 22:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-01-13 17:51 - 2015-12-08 20:07 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-01-13 17:51 - 2015-12-08 20:07 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-01-13 17:47 - 2015-12-30 20:08 - 05572544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-01-13 17:47 - 2015-12-30 20:08 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-01-13 17:47 - 2015-12-30 20:08 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-01-13 17:47 - 2015-12-30 20:05 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-01-13 17:47 - 2015-12-30 20:02 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-01-13 17:47 - 2015-12-30 20:02 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-01-13 17:47 - 2015-12-30 20:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-01-13 17:47 - 2015-12-30 20:02 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-01-13 17:47 - 2015-12-30 20:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-01-13 17:47 - 2015-12-30 20:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-01-13 17:47 - 2015-12-30 20:01 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-01-13 17:47 - 2015-12-30 20:01 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-01-13 17:47 - 2015-12-30 20:01 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-01-13 17:47 - 2015-12-30 20:01 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-01-13 17:47 - 2015-12-30 20:01 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-01-13 17:47 - 2015-12-30 20:01 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-01-13 17:47 - 2015-12-30 20:01 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-01-13 17:47 - 2015-12-30 20:00 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-01-13 17:47 - 2015-12-30 19:59 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-01-13 17:47 - 2015-12-30 19:59 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-01-13 17:47 - 2015-12-30 19:58 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-01-13 17:47 - 2015-12-30 19:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-01-13 17:47 - 2015-12-30 19:57 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-01-13 17:47 - 2015-12-30 19:57 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-01-13 17:47 - 2015-12-30 19:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-01-13 17:47 - 2015-12-30 19:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-01-13 17:47 - 2015-12-30 19:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-01-13 17:47 - 2015-12-30 19:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-01-13 17:47 - 2015-12-30 19:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-13 17:47 - 2015-12-30 19:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-13 17:47 - 2015-12-30 19:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-01-13 17:47 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-01-13 17:47 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-01-13 17:47 - 2015-12-30 19:47 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-01-13 17:47 - 2015-12-30 19:47 - 03938240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-01-13 17:47 - 2015-12-30 19:44 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-01-13 17:47 - 2015-12-30 19:41 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-01-13 17:47 - 2015-12-30 19:41 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-01-13 17:47 - 2015-12-30 19:41 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-01-13 17:47 - 2015-12-30 19:41 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-01-13 17:47 - 2015-12-30 19:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-01-13 17:47 - 2015-12-30 19:41 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-01-13 17:47 - 2015-12-30 19:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-01-13 17:47 - 2015-12-30 19:41 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-01-13 17:47 - 2015-12-30 19:40 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-01-13 17:47 - 2015-12-30 19:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-01-13 17:47 - 2015-12-30 19:39 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-01-13 17:47 - 2015-12-30 19:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-01-13 17:47 - 2015-12-30 19:38 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-01-13 17:47 - 2015-12-30 19:38 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-01-13 17:47 - 2015-12-30 19:37 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-01-13 17:47 - 2015-12-30 19:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-13 17:47 - 2015-12-30 19:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-01-13 17:47 - 2015-12-30 18:57 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-01-13 17:47 - 2015-12-30 18:50 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-01-13 17:47 - 2015-12-30 18:49 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-01-13 17:47 - 2015-12-30 18:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-01-13 17:47 - 2015-12-30 18:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-01-13 17:47 - 2015-12-30 18:42 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-01-13 17:47 - 2015-12-30 18:42 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-01-13 17:47 - 2015-12-30 18:41 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-01-13 17:47 - 2015-12-30 18:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-01-13 17:47 - 2015-12-30 18:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-01-13 17:47 - 2015-12-30 18:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-01-13 17:47 - 2015-12-30 18:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-01-13 17:47 - 2015-12-30 18:30 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-01-13 17:46 - 2015-12-30 19:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-01-13 17:46 - 2015-12-30 19:58 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-01-13 17:46 - 2015-12-30 19:54 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-01-13 17:46 - 2015-12-30 19:54 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-01-13 17:46 - 2015-12-30 19:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-01-13 17:46 - 2015-12-30 19:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-01-13 17:46 - 2015-12-30 19:37 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 18:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-01-13 17:46 - 2015-12-30 18:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 18:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 18:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-01-13 17:46 - 2015-12-30 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-01-07 09:26 - 2016-01-07 09:26 - 00625848 _____ (Microsoft Corporation) C:\Windows\system32\msvcp140.dll
2016-01-07 09:26 - 2016-01-07 09:26 - 00381128 _____ (Microsoft Corporation) C:\Windows\system32\vccorlib140.dll
2016-01-07 09:26 - 2016-01-07 09:26 - 00323792 _____ (Microsoft Corporation) C:\Windows\system32\concrt140.dll
2016-01-07 09:26 - 2016-01-07 09:26 - 00079544 _____ (Microsoft Corporation) C:\Windows\system32\vcruntime140.dll
2016-01-07 07:34 - 2016-01-07 07:34 - 00430264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp140.dll
2016-01-07 07:34 - 2016-01-07 07:34 - 00257736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vccorlib140.dll
2016-01-07 07:34 - 2016-01-07 07:34 - 00234192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\concrt140.dll
2016-01-07 07:34 - 2016-01-07 07:34 - 00075960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcruntime140.dll
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-01-27 19:20 - 2011-06-19 14:37 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-27 18:27 - 2011-05-20 19:39 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-01-27 18:07 - 2011-06-19 14:37 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-27 18:01 - 2012-03-08 19:22 - 00000035 _____ C:\Users\Public\Documents\AtherosServiceConfig.ini
2016-01-24 16:40 - 2009-07-14 05:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-24 16:40 - 2009-07-14 05:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-24 16:27 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-22 18:08 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2016-01-22 18:08 - 2007-07-12 02:48 - 00000000 ____D C:\Windows
2016-01-22 18:01 - 2011-03-16 10:52 - 00000000 ____D C:\ProgramData\Temp
2016-01-18 18:11 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2016-01-17 11:26 - 2011-03-16 19:19 - 01111902 _____ C:\Windows\system32\perfh007.dat
2016-01-17 11:26 - 2011-03-16 19:19 - 00275748 _____ C:\Windows\system32\perfc007.dat
2016-01-17 11:26 - 2009-07-14 06:13 - 00005478 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-17 11:25 - 2012-11-05 13:02 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-17 11:25 - 2011-05-20 20:50 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-17 11:20 - 2009-07-14 05:45 - 00433592 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-17 11:11 - 2011-03-16 10:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-01-16 19:32 - 2011-05-20 19:21 - 00000000 ____D C:\Users\*****
2016-01-16 19:29 - 2011-05-20 19:22 - 00114184 _____ C:\Users\*****\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-16 19:10 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-01-16 19:01 - 2011-07-18 19:38 - 00000000 ____D C:\Users\*****\AppData\Roaming\SoftGrid Client
2016-01-16 18:59 - 2014-04-02 18:37 - 00017856 _____ C:\Users\*****\Desktop\Erwerbsminderung.xlsx
2016-01-16 18:59 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-01-14 18:32 - 2013-08-14 21:00 - 00000000 ____D C:\Windows\system32\MRT
2016-01-14 18:20 - 2011-05-29 11:20 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2011-07-05 22:11 - 2011-07-05 22:11 - 0000000 _____ () C:\Users\*****\AppData\Local\{9222BA30-9142-431B-9F67-297488ED8E4B}
2010-11-17 14:30 - 2010-03-03 00:59 - 0131984 _____ () C:\ProgramData\FullRemove.exe
Einige Dateien in TEMP:
====================
C:\Users\*****\AppData\Local\Temp\NOSEventMessages.dll
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2016-01-22 19:12
==================== Ende von FRST.txt ============================
und die Addition.txt Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:25-01-2016
durchgeführt von ***** (2016-01-27 19:42:18)
Gestartet von C:\Users\*****\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-05-20 18:21:31)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-4096825229-3460207125-1897423740-500 - Administrator - Disabled)
***** (S-1-5-21-4096825229-3460207125-1897423740-1001 - Administrator - Enabled) => C:\Users\*****
Gast (S-1-5-21-4096825229-3460207125-1897423740-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-4096825229-3460207125-1897423740-1003 - Limited - Enabled)
UpdatusUser (S-1-5-21-4096825229-3460207125-1897423740-1004 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Kaspersky Internet Security (Enabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AS: Kaspersky Internet Security (Enabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {8C27F4BD-7F99-4CD1-5651-D3EB97674300}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)
Acer Crystal Eye webcam Ver:1.1.199.107 (HKLM-x32\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.199.107 - Chicony Electronics Co.,Ltd.)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3009 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3016 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1) (Version: 6.1.0.9 - Oberon Media, Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3004 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0707.2010 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3005 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.1.102.64 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.6.156 - Adobe Systems, Inc.)
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version: - Oberon Media)
Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.56 - Atheros Communications)
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.0.2.3 - Broadcom Corporation)
Cake Mania (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version: - Oberon Media)
Canon iP2600 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series) (Version: - )
Canon iP2600 series Benutzerregistrierung (HKLM-x32\...\Canon iP2600 series Benutzerregistrierung) (Version: - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - )
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5143 - CDBurnerXP)
comdirect BörsenTicker (HKLM-x32\...\de.comdirect.ticker.CD5696F93DD370A1D14916944CB4AC4A409DD315.1) (Version: 1.0.2 - comdirect Bank AG)
comdirect BörsenTicker (x32 Version: 1.0.2 - comdirect Bank AG) Hidden
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3216.50 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version: - Oberon Media)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
ETDWare PS/2-x64 7.0.6.5_WHQL (HKLM\...\Elantech) (Version: 7.0.6.5 - ELAN Microelectronics Corp.)
Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version: - Oberon Media)
Flight Planner 6 (HKLM-x32\...\Flight Planner_is1) (Version: 6.0.0.42 - ifos GmbH)
Galapago (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version: - Oberon Media)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
GOTO PPL (HKLM-x32\...\{809B22DC-A386-4F22-0023-DE0000000001}) (Version: 1.0 - Peters Software)
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version: - Oberon Media)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2182 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Acer Inc.)
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Merriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version: - Oberon Media)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 16.0.6366.2056 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4096825229-3460207125-1897423740-1001\...\OneDriveSetup.exe) (Version: 17.3.4604.0120 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 39.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 39.0.3 (x86 de)) (Version: 39.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0 - Mozilla)
Mozilla Thunderbird (3.1.16) (HKLM-x32\...\Mozilla Thunderbird (3.1.16)) (Version: 3.1.16 (de) - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyWinLocker (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.8.54.0 - Nokia)
Nokia Suite (x32 Version: 3.8.54.0 - Nokia) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8939 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8939 - NTI Corporation) Hidden
NVIDIA 3D Vision Controller Driver 270.47 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 270.47 - NVIDIA Corporation)
NVIDIA Grafiktreiber 270.51 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 270.51 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6326.1019 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6326.1019 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6326.1019 - Microsoft Corporation) Hidden
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
Poker Pop (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}) (Version: - Oberon Media)
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30124 - Realtek Semiconductor Corp.)
Shredder (Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.3 - Egis Technology Inc.) Hidden
SopCast 3.4.7 (HKLM-x32\...\SopCast) (Version: 3.4.7 - www.sopcast.com)
Spin & Win (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}) (Version: - Oberon Media)
Stellarium 0.13.1 (HKLM\...\Stellarium_is1) (Version: 0.13.1 - Stellarium team)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Überwachungstool für die Intel® Turbo-Boost-Technik (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
Unity Web Player (HKU\S-1-5-21-4096825229-3460207125-1897423740-1001\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3101 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version: - )
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {1CF9BBAB-D682-476D-9B91-BCD85E91EE15} - System32\Tasks\{0533D42C-8ABE-46A6-AA03-728BCBDF624C} => pcalua.exe -a "C:\Users\*****\Downloads\powersetup.exe" -d "C:\Users\*****\Downloads"
Task: {39C5980B-1207-4251-BDAB-DEC319E2B348} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {486CF296-ED15-414D-A117-A23668C801C4} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-01-07] (Microsoft Corporation)
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {5B461691-1AFA-4CC3-8425-3BF92BEAED75} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-01-07] (Microsoft Corporation)
Task: {5CD3BDBE-5133-4969-B042-27B85E992419} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-01-16] (Microsoft Corporation)
Task: {8B6564E5-1A9D-4AF5-9895-6CC28EE3A2D3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-01-16] (Microsoft Corporation)
Task: {B44E1771-CCB5-432D-9756-90CC57A4A065} - System32\Tasks\{DCB06C5D-90A8-4F30-A8F4-8CDF6249C24A} => pcalua.exe -a "C:\Users\*****\Local Settings\Application Data\Bundled software uninstaller\biclient.exe" -c /initurl hxxp://bi.bisrv.com/:affid:/:sid:/:uid:? /affid uninstall /id uninstall /name "Bundled software uninstaller"
Task: {CDA904E5-D875-43FD-9A72-6D998499C9B2} - \SidebarExecute -> Keine Datei <==== ACHTUNG
Task: {D07195FF-EA61-4009-8055-99B4CB519803} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2011-06-08 20:35 - 2011-05-28 21:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2011-03-16 10:47 - 2011-03-16 10:47 - 00206208 _____ () C:\Windows\PLFSetI.exe
2016-01-16 18:59 - 2016-01-07 06:13 - 00162472 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2013-06-17 11:35 - 2013-06-17 11:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 13:52 - 2013-05-08 13:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2014-11-19 11:48 - 2014-11-19 11:48 - 08507232 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtGui4.dll
2014-11-19 11:48 - 2014-11-19 11:48 - 02354016 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtCore4.dll
2014-11-19 11:48 - 2014-11-19 11:48 - 01014624 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtNetwork4.dll
2014-11-19 11:48 - 2014-11-19 11:48 - 00364384 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtXml4.dll
2014-11-19 11:48 - 2014-11-19 11:48 - 02480992 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtDeclarative4.dll
2014-11-19 11:48 - 2014-11-19 11:48 - 01346912 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtScript4.dll
2014-11-19 11:48 - 2014-11-19 11:48 - 00206176 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtSql4.dll
2014-11-19 11:48 - 2014-11-19 11:48 - 02653024 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtXmlPatterns4.dll
2014-11-19 11:48 - 2014-11-19 11:48 - 00033120 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qgif4.dll
2014-11-19 11:48 - 2014-11-19 11:48 - 00035680 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qico4.dll
2014-11-19 11:48 - 2014-11-19 11:48 - 00207200 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qjpeg4.dll
2014-11-19 11:48 - 2014-11-19 11:48 - 11166560 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtWebKit4.dll
2014-11-19 11:48 - 2014-11-19 11:48 - 00276832 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\phonon4.dll
2014-11-11 09:21 - 2014-11-11 09:21 - 00392552 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\ssoengine.dll
2014-11-11 09:21 - 2014-11-11 09:21 - 00059752 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\securestorage.dll
2014-11-19 11:47 - 2014-11-19 11:47 - 00438624 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\NService.dll
2014-11-19 11:48 - 2014-11-19 11:48 - 00446304 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
2014-11-19 11:48 - 2014-11-19 11:48 - 00520544 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtMultimediaKit1.dll
2014-11-19 11:48 - 2014-11-19 11:48 - 00720736 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtOpenGL4.dll
2014-11-19 11:46 - 2014-11-19 11:46 - 00606560 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\CommonUpdateChecker.dll
2014-11-19 11:48 - 2014-11-19 11:48 - 00093024 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\qjson.dll
2010-06-29 00:20 - 2010-06-29 00:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-06-29 00:12 - 2010-06-29 00:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2010-11-17 13:47 - 2009-05-20 07:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2014-10-19 15:18 - 2014-10-19 15:18 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\89753abff3827095ec7f3d3fb79f744a\IsdiInterop.ni.dll
2010-11-17 14:18 - 2010-04-13 18:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2011-05-20 21:31 - 2011-11-12 23:23 - 00848536 _____ () C:\Program Files (x86)\Mozilla Thunderbird\js3250.dll
2011-05-20 21:31 - 2011-11-12 23:23 - 00161944 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2011-05-20 21:31 - 2011-11-12 23:23 - 00021656 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2016-01-17 11:25 - 2016-01-17 11:25 - 17882304 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\ProgramData\Temp:0B9176C0
AlternateDataStreams: C:\ProgramData\Temp:1A60DE96
AlternateDataStreams: C:\ProgramData\Temp:4D066AD2
AlternateDataStreams: C:\ProgramData\Temp:93EB7685
AlternateDataStreams: C:\ProgramData\Temp:CDFF58FE
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 03:34 - 2016-01-22 18:08 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-4096825229-3460207125-1897423740-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{21287B91-C4A6-49EB-A1D9-ABDF30DA2211}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{1CC30A01-172A-4864-97E2-B6F61390A76F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{50A792E6-7C82-4859-8E34-89FB308C052B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{BA9A8FBB-9A4E-4F77-9D49-4D11A6F9AEB8}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{DC92FC67-9BBB-4E23-B547-A7791BC72FDD}] => (Allow) LPort=2869
FirewallRules: [{EB9D1176-7058-4411-9369-F07BAE4FBF34}] => (Allow) LPort=1900
FirewallRules: [{A5E29AB8-AC8F-41A0-B225-7C2BAB3FC895}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{86D65BE1-26B9-434B-808F-C3205FA5C054}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{8BA3D7CD-5A18-4087-8A9F-32F0825473D2}] => (Allow) C:\Program Files (x86)\nokia\nokia suite\nokiasuite.exe
FirewallRules: [{D7F35CC7-8869-47B8-8036-12B4C8F92798}] => (Allow) C:\Program Files (x86)\Common Files\nokia\service layer\a\nsl_host_process.exe
FirewallRules: [{5879C5D2-27FC-4ED4-8C58-39E3A40056D0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{EE37404B-3018-4CA4-A76D-6E710590D730}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{01FD0687-C125-441D-9C7A-C161F41B5EB5}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{5CCE5E9C-F179-443B-BF4A-E6C4E3E460BC}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{B30FFEB5-8E2B-4C8B-BE4E-0C49EEAB7E68}] => (Allow) C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
FirewallRules: [{7DFD1E81-4947-4959-A9FE-59762BFD055C}] => (Allow) C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
FirewallRules: [{D1192789-5502-49B3-8A91-123256683D84}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{45300B6D-885E-4F2F-ACD3-F3AE64559087}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{71344E20-B3F8-4A64-9CF5-4E90003B2924}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{C6CCCB20-A48A-4CE3-9B7D-C77373DC3E0C}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{3B19E3AA-FA98-4ACA-B8A2-E85DB31C7DBE}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{6E426B5B-6F8F-4A88-920A-20F02F97E571}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{464CFB5A-4FBD-4BF4-A2EB-BBB72466E6AA}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{E9D9A7ED-15BF-42A2-A642-F935CE8C51EF}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{DB9C9685-1A36-477F-91B1-5AD653B0CDDE}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{5A0D79C7-6EE3-4828-A217-5579F7CD9944}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{52439C7E-C392-4C29-9695-56572610CE93}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{2E079CF7-E7BD-43FF-96FA-D36989DC142B}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{9A297087-368B-4D87-9EFA-4D9853F5C37C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{35781120-05C9-4458-8627-7B7DB874CCFB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FA599545-B53B-4514-817A-1E5F9D2E6CFB}] => (Allow) C:\Program Files (x86)\nokia\nokia suite\nokiasuite.exe
FirewallRules: [{F1317FB7-42C9-453E-A01D-65C7461E4EAD}] => (Allow) C:\Program Files (x86)\Common Files\nokia\service layer\a\nsl_host_process.exe
FirewallRules: [{DC264DB0-649D-494C-96CA-E4B7CBD01765}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{B7A788AB-F62E-4702-A2A8-8D7AA9C800AE}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{74984EFF-5E4C-46E5-91AC-FFA18E1002E2}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{F1977ED9-8742-4118-ACDD-7477813E31A9}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{3BDD5CB6-E49C-4CBC-92DA-DD92EE5A6BB3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{F2F9B5AA-A61B-47F0-B4E2-CC004A14EFAC}] => (Allow) C:\Users\*****\AppData\Local\Microsoft\OneDrive\OneDrive.exe
==================== Wiederherstellungspunkte =========================
12-01-2016 11:35:52 Windows Update
14-01-2016 18:15:07 Windows Update
15-01-2016 18:51:22 Windows Update
16-01-2016 19:10:19 Windows Update
22-01-2016 17:54:24 ComboFix created restore point
23-01-2016 11:16:47 Windows Update
27-01-2016 18:13:49 Windows Update
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (01/27/2016 07:41:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FRST64.exe, Version 3.3.14.2 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 191c
Startzeit: 01d159321e2a1cf7
Endzeit: 4
Anwendungspfad: C:\Users\*****\Desktop\FRST64.exe
Berichts-ID: 8bf7ac4a-c525-11e5-8ab3-1c7508cd9b58
Error: (01/27/2016 06:02:41 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (01/24/2016 05:46:36 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"1". Fehler in Manifest- oder Richtliniendatei "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"2" in Zeile UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (01/23/2016 02:16:45 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (01/23/2016 02:00:48 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (01/23/2016 02:00:38 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (01/23/2016 02:00:11 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (01/22/2016 07:11:21 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"1". Fehler in Manifest- oder Richtliniendatei "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"2" in Zeile UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (01/18/2016 05:56:49 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"1". Fehler in Manifest- oder Richtliniendatei "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"2" in Zeile UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (01/17/2016 11:26:26 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Systemfehler:
=============
Error: (01/24/2016 04:34:31 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde nicht richtig gestartet.
Error: (01/23/2016 02:05:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (01/23/2016 02:05:56 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\DENIZE~1\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (01/23/2016 02:05:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (01/23/2016 02:05:56 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\DENIZE~1\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (01/23/2016 02:05:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (01/23/2016 02:05:56 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\DENIZE~1\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (01/23/2016 02:04:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (01/23/2016 02:04:46 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\DENIZE~1\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (01/23/2016 02:04:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
CodeIntegrity:
===================================
Date: 2016-01-22 18:04:32.381
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2016-01-22 18:04:32.282
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-03-21 11:57:50.124
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-21 11:57:50.122
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-21 11:57:50.119
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-21 11:57:50.099
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-21 11:57:50.096
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-21 11:57:50.093
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-17 19:44:18.563
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-17 19:44:18.562
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz
Prozentuale Nutzung des RAM: 35%
Installierter physikalischer RAM: 7862.71 MB
Verfügbarer physikalischer RAM: 5055.75 MB
Summe virtueller Speicher: 15723.62 MB
Verfügbarer virtueller Speicher: 12043.45 MB
==================== Laufwerke ================================
Drive c: (Windows und Programme) (Fixed) (Total:256.35 GB) (Free:153.24 GB) NTFS
Drive d: (Musik und Bilder) (Fixed) (Total:195.31 GB) (Free:58.15 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F3C06F04)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=256.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=195.3 GB) - (Type=OF Extended)
==================== Ende von Addition.txt ============================
|
|
28.01.2016, 20:59
| #14 |
| /// TB-Ausbilder /// Anleitungs-Guru | Betrug durch Internetkäufe: Schädling trotz Kaspersky vorhanden? Bitte FlashPlayer Versionen aktualisieren und Java deinstallieren. Bei Bedarf mit der aktuellen Version ersetzen.  Wir haben es geschafft! Die Logs sehen für mich im Moment sauber aus. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...  und/oder das Forum mit einer kleinen Spende  unterstützen.  Es bleibt mir nur noch, Dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen.   Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde:  Combofix deinstallieren
Alle Logs gepostet? Dann lade Dir bitte  DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.  Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken (z.B. hier) in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. Meine Kauf-Empfehlung:  Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware scannen. Optional:  NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.Lade Software von einem sauberen Portal wie  .Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
| Themen zu Betrug durch Internetkäufe: Schädling trotz Kaspersky vorhanden? |
| dnsapi.dll, ebanking, excel, firefox, flash player, geld, home, homepage, kaspersky, launch, monitor, mozilla, mp3, musik, onedrive, performance, prozesse, realtek, registry, scan, schädling, security, services.exe, software, svchost.exe, system, updates, warnung, windows |
+ R Taste und schreibe Combofix /Uninstall in das 
Linear-Darstellung
