|
Neuer Postbank Trojaner. Wie muss ich vorgehen? Hallo , Donnerstag morgens loggte ich ins Postbankonlinebanking. Als erstes kam vor dem Hintergrund eine Meldung: Zollamt hat Ihnen aus Versehen 1500 € gut geschrieben. Bitte veranlassen sie eine Rücksendung. Sollte es nicht funktionieren, werden Sie ein Schreiben erhalten und sie nachträglich in einer Ihrer Filiale sie veranlassen. Zwei Kasten waren zu klicken: Rücksendung und Kontoübersicht Ich ging zur Kontoübersicht, sah tatsächich 1500 Euro gutgeschrieben. Merkwürdig war jedoch, dass ich auf dieser Seite nichts bewegen könnte. Ich wollte was überweisen, ging nicht, ebenso rückwirkend Umsatz einsehen. Da wurde ich stutzig und ging daraufhin zur Postbank. Mit Erstaunen zeigte mir die Beraterin ihr Bildschirm. Es kam keine 1500 Euro, weder noch eine Meldung. Sie rief überall an und bekam die Mitteilung dass es sich um ein Trojaner handelt. Mein Konto wurde gesperrt und ich erhalte neue Pin. Außerdem sollte ich mein Pc reinigen lassen von einem Fachmann. Sonst kommt es erneut. Wer hat die gleiche Erfahrung gemacht und kann mir den Tipp geben, den Trojaner selbst zu reinigen? Habe bisher nichts unternommen. Schon mal vielen Dank für Eure Tipps. :abklatsch: |
:hallo: Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...:abklatsch:
 Hinweis:Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden. Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert. Adware & Co. können wir sehr gut entfernen. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean :daumenhoc bekommst. Los geht's: Schritt 1 http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...t/frstscan.png Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Lesestoff Posten in CODE-Tags: So gehts... Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
|
hoffe hab richtig reingetan Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-11-2014 01 Ran by Visuellspektrum B.E at 2014-11-09 22:39:00 Running from C:\Users\Visuellspektrum B.E\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1} AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.11.15 - STMicroelectronics) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated) Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.6 - Adobe Systems Incorporated) Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Photoshop Lightroom 5.4 64-bit (HKLM\...\{558B5965-CC1B-4AF1-BA07-5D6832404050}) (Version: 5.4.0 - Adobe Systems Incorporated) Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated) Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd) AOL Deinstallation (HKLM-x32\...\AOL Deinstallation) (Version: - ) Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Brother MFL-Pro Suite MFC-9450CDN (HKLM-x32\...\{C83FB11D-9EC6-49D7-99A7-DDDB2264883C}) (Version: 1.0.1.0 - Brother Industries, Ltd.) Brother MFL-Pro Suite MFC-J265W (HKLM-x32\...\{FB83EAC4-E3F6-4666-B45B-44522F2344B6}) (Version: 1.0.3.0 - Brother Industries, Ltd.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: - Dell) Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.47 - Dell) Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0011 - Dell, Inc.) Dell Dock (HKLM-x32\...\Dell Dock) (Version: 2.0 - Stardock Corporation) Dell Dock (Version: 2.0 - Stardock Corporation) Hidden Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc) Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.) Dell System Detect (HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\9204f5692a8faf3b) (Version: 5.4.0.4 - Dell) Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.35 - Creative Technology Ltd) DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited) Flash Player Pro V5.4 (HKLM-x32\...\Flash Player Pro_is1) (Version: - FlashPlayerPro.com) Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{D16A2127-B927-4379-B153-3DEC091E4EEB}) (Version: 13.02.1000 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation) iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.) Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle) Java(TM) 6 Update 22 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416022FF}) (Version: 6.0.220 - Oracle) JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.50.2 - JMicron Technology Corp.) Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden KidiArt Studio (HKLM-x32\...\{8ECEBE50-337B-4C8A-B275-667A02E0130A}) (Version: 1.0.0.0 - VTech) KidiArt Studio (x32 Version: 1.0.0.0 - VTech) Hidden McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-001B-0000-0000-0000000FF1CE}_WordR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4659.1001 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office on Demand-Browser-Add-Ons (HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\Microsoft Office on Demand-Browser-Add-Ons) (Version: 15.0.4535.1511 - Microsoft Corporation) Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Word 2007 (HKLM-x32\...\WordR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SkyDrive (HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.4.6308.28 - PC-Doctor, Inc.) myMMX (HKLM-x32\...\myMMX) (Version: - nWise AB) NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5939 - NVIDIA Corporation) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation) NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.12.5939 - NVIDIA Corporation) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 3.5.9052 - ooVoo LLC.) Oovoo Toolbar (HKLM-x32\...\{4F564F32-5637-006A-76A7-A758B70C0700}) (Version: 12.7.0.2447 - APN, LLC) OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation) Paper Ball version 1.0_c_035 (HKLM-x32\...\Paper Ball_is1) (Version: 1.0_c_035 - ) PaperBall (HKLM-x32\...\{6fa59ebe-0bec-4e52-af59-4bd1b4687002}) (Version: 1.0.0.0 - Covus Freemium GmbH) PaperBall (x32 Version: 1.0.0.0 - Covus Freemium) Hidden Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden PhotoShowExpress (x32 Version: 2.0.028 - Sonic Solutions) Hidden Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.8.5 - Dell Inc.) QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) Ravensburger tiptoi (HKLM-x32\...\Ravensburger tiptoi) (Version: - ) RealPlayer (HKLM-x32\...\RealPlayer 12.0) (Version: - RealNetworks) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6194 - Realtek Semiconductor Corp.) RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation) Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.4.0 - Renesas Electronics Corporation) Hidden Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.40.0 - Roxio) Roxio File Backup (Version: 1.3.2 - Roxio) Hidden Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.4.11328 - Skype Technologies S.A.) Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.) Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated) SRWare Iron Version SRWare Iron 26.0.1450.0 (HKLM-x32\...\{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1) (Version: SRWare Iron 26.0.1450.0 - SRWare) Stellarium 0.10.6.1 (HKLM-x32\...\Stellarium_is1) (Version: - ) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.4.0 - Synaptics Incorporated) TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.24322 - TeamViewer) Überwachungstool für die Intel® Turbo-Boost-Technik (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-001B-0000-0000-0000000FF1CE}_WordR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_WordR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) Viewpoint Media Player (HKLM-x32\...\ViewpointMediaPlayer) (Version: - ) VLC media player 1.1.7 (HKLM-x32\...\VLC media player) (Version: 1.1.7 - VideoLAN) Web Check (HKLM-x32\...\Web Check) (Version: - ) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) Windows Utils (HKLM-x32\...\Windows Utils) (Version: - ) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-4203832084-4009304635-2263003785-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll No File CustomCLSID: HKU\S-1-5-21-4203832084-4009304635-2263003785-1000_Classes\CLSID\{225F8CFE-1B76-48E6-8E75-62CC471AFA28}\InprocServer32 -> C:\Users\Visuellspektrum B.E\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\Microsoft Office 15\RoamingOfficeActiveX.64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-4203832084-4009304635-2263003785-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll No File CustomCLSID: HKU\S-1-5-21-4203832084-4009304635-2263003785-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll No File CustomCLSID: HKU\S-1-5-21-4203832084-4009304635-2263003785-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\ooofilt_x64.dll No File CustomCLSID: HKU\S-1-5-21-4203832084-4009304635-2263003785-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Visuellspektrum B.E\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_1\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-4203832084-4009304635-2263003785-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl_x64.dll No File CustomCLSID: HKU\S-1-5-21-4203832084-4009304635-2263003785-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Visuellspektrum B.E\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_1\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-4203832084-4009304635-2263003785-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll No File CustomCLSID: HKU\S-1-5-21-4203832084-4009304635-2263003785-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Visuellspektrum B.E\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_1\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-4203832084-4009304635-2263003785-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Visuellspektrum B.E\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_1\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-4203832084-4009304635-2263003785-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Visuellspektrum B.E\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_1\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {05498078-136D-4F35-B169-42B207F39D07} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-4203832084-4009304635-2263003785-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-09-27] (RealNetworks, Inc.) Task: {08911BB1-4822-40E7-A473-BBE5D8B068CB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {140F04A5-AEF4-428E-868E-2D03135FAE14} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-23] (Google Inc.) Task: {1528A455-EBA0-4C4A-A875-294579BE9113} - System32\Tasks\{0D1A39DC-E792-449E-8A63-1A85953215EB} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=5.3.0.108&LastError=12002 Task: {2FD005E4-3B21-4590-B3D6-229E8BBA48E1} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-09-05] (PC-Doctor, Inc.) Task: {3550D332-EBA4-44F3-BFF2-666C7A8C7F48} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2013-09-05] (PC-Doctor, Inc.) Task: {4454CA92-4668-47C3-B347-333E744B4928} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-4203832084-4009304635-2263003785-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-09-27] (RealNetworks, Inc.) Task: {4CD8B1B8-C3C9-4968-8B84-6516F7247D5D} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-09-25] (Microsoft Corporation) Task: {51E9BB0C-7089-463B-B1A5-F0E42D371C47} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-4203832084-4009304635-2263003785-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-09-27] (RealNetworks, Inc.) Task: {53983F00-8D40-42CE-8298-8DF16ED244D9} - System32\Tasks\{104AF432-7622-45A2-9394-85C7F008C5C8} => Firefox.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/de/abandoninstall?page=tsProgressBar Task: {559E93D5-B078-415B-AD8C-EB7F892DD4FD} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe Task: {6EE451AE-D401-4B5E-8AA2-F693CCCD9444} - System32\Tasks\Software Updater Ui => C:\Program Files (x86)\SoftwareUpdater\SoftwareUpdater.Ui.exe [2013-12-18] () <==== ATTENTION Task: {7F332AF6-61AA-439B-A4B0-3A0ED31AF8D1} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\Visuellspektrum B.E\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <==== ATTENTION Task: {88CC6FAA-9885-41C8-A490-21E913FE0F1C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated) Task: {8A66D5D7-9CDC-45BC-80B0-B7044988B223} - System32\Tasks\Software Updater => C:\Program Files (x86)\SoftwareUpdater\SoftwareUpdater.Bootstrapper.exe [2013-12-19] () <==== ATTENTION Task: {9228E0AA-B5DB-4937-88CE-C97B3E9EC36E} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-4203832084-4009304635-2263003785-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-09-27] (RealNetworks, Inc.) Task: {98D8593C-379B-4096-829F-65C8DFA72052} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-09-25] (Microsoft Corporation) Task: {BEFB611B-55EB-435C-8169-C7972C6EDC04} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-23] (Google Inc.) Task: {C04ECBDF-0594-4C62-B596-93F97636FEF6} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4203832084-4009304635-2263003785-1000Core => C:\Users\Visuellspektrum B.E\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-13] (Facebook Inc.) Task: {FA62A255-341F-4C55-A389-A084AB793874} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4203832084-4009304635-2263003785-1000UA => C:\Users\Visuellspektrum B.E\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-13] (Facebook Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4203832084-4009304635-2263003785-1000Core.job => C:\Users\Visuellspektrum B.E\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4203832084-4009304635-2263003785-1000UA.job => C:\Users\Visuellspektrum B.E\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2010-03-05 16:21 - 2010-03-05 16:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll 2014-03-19 07:29 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2011-01-04 01:58 - 2010-08-12 01:19 - 00781536 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe 2010-03-05 16:21 - 2010-03-05 16:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll 2011-01-04 01:56 - 2010-09-24 17:21 - 00727664 _____ () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe 2014-10-17 12:36 - 2014-10-17 12:36 - 00472576 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\602ab9ddf3440af31bb4c168b59f2ba5\VistaBridgeLibrary.ni.dll 2013-04-23 18:43 - 2005-04-22 12:36 - 00143360 _____ () C:\Windows\system32\BrSNMP64.dll 2014-07-03 12:20 - 2014-07-03 12:20 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-07-03 12:19 - 2014-07-03 12:19 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2011-01-04 01:58 - 2010-08-12 01:19 - 00056544 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STCoreXml.dll 2011-01-04 01:58 - 2010-08-12 01:19 - 00113888 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll 2011-01-04 01:58 - 2010-08-12 01:19 - 00126176 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll 2014-10-17 12:32 - 2014-10-17 12:32 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3d576cbc4ffc5ad06fd61510c5d8f326\IsdiInterop.ni.dll 2011-01-04 01:54 - 2010-03-04 03:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2011-01-04 01:58 - 2010-08-12 01:19 - 01121504 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll 2011-01-04 01:58 - 2010-08-12 01:19 - 00077024 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll 2011-01-04 01:58 - 2010-08-12 01:19 - 00232672 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll 2011-01-04 01:58 - 2010-08-12 01:19 - 00072928 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll 2011-01-04 01:58 - 2010-08-12 01:19 - 00109792 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll 2011-01-04 01:58 - 2010-08-12 01:19 - 00119008 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll 2012-08-10 15:51 - 2012-08-10 15:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll 2011-06-09 23:37 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll 2013-08-16 14:13 - 2007-05-24 03:57 - 00094208 _____ () c:\program files (x86)\common files\aol\1376658552\ee\services\waolTrayMenuService\ver_0_9_1\waolTrayMenuService.dll 2014-10-28 23:58 - 2014-10-22 05:04 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll 2014-10-28 23:58 - 2014-10-22 05:04 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll 2014-10-28 23:58 - 2014-10-22 05:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll 2014-10-28 23:58 - 2014-10-22 05:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll 2014-10-28 23:58 - 2014-10-22 05:05 - 14902600 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: CommunityTray => "C:\Program Files (x86)\VTech\Community\System\Startup.exe" MSCONFIG\startupreg: Dell DataSafe Online => "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 MSCONFIG\startupreg: DellSupportCenter => "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" MSCONFIG\startupreg: Facebook Update => "C:\Users\Visuellspektrum B.E\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver MSCONFIG\startupreg: iTunesHelper => "C:\iTunesHelper.exe" MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: Tango => C:\Program Files (x86)\Tango\Tango.exe -r MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot ========================= Accounts: ========================== Administrator (S-1-5-21-4203832084-4009304635-2263003785-500 - Administrator - Disabled) Andere User (S-1-5-21-4203832084-4009304635-2263003785-1003 - Limited - Enabled) => C:\Users\Andere User Gast (S-1-5-21-4203832084-4009304635-2263003785-501 - Limited - Enabled) => C:\Users\Gast HomeGroupUser$ (S-1-5-21-4203832084-4009304635-2263003785-1002 - Limited - Enabled) Visuellspektrum B.E (S-1-5-21-4203832084-4009304635-2263003785-1000 - Administrator - Enabled) => C:\Users\Visuellspektrum B.E ==================== Faulty Device Manager Devices ============= Name: WAN Miniport (ATW) #2 Description: WAN Miniport (ATW) Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: America Online, Inc. Service: wanatw Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (11/09/2014 10:18:20 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: waol.exe, Version: 9.5.0.1, Zeitstempel: 0x4655457d Name des fehlerhaften Moduls: waol.dll, Version: 9.5.0.1, Zeitstempel: 0x46554579 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0001a6a3 ID des fehlerhaften Prozesses: 0x990 Startzeit der fehlerhaften Anwendung: 0xwaol.exe0 Pfad der fehlerhaften Anwendung: waol.exe1 Pfad des fehlerhaften Moduls: waol.exe2 Berichtskennung: waol.exe3 Error: (11/09/2014 09:56:29 PM) (Source: Windows Search Service) (EventID: 7010) (User: ) Description: Der Index kann nicht initialisiert werden. Details: Das System kann die angegebene Datei nicht finden. (HRESULT : 0x80070002) (0x80070002) Error: (11/09/2014 09:56:29 PM) (Source: Windows Search Service) (EventID: 3058) (User: ) Description: Die Anwendung kann nicht initialisiert werden. Kontext: Windows Anwendung Details: Das System kann die angegebene Datei nicht finden. (HRESULT : 0x80070002) (0x80070002) Error: (11/09/2014 09:56:29 PM) (Source: Windows Search Service) (EventID: 3028) (User: ) Description: Das Gatherer-Objekt kann nicht initialisiert werden. Kontext: Windows Anwendung, SystemIndex Katalog Details: Das System kann die angegebene Datei nicht finden. (HRESULT : 0x80070002) (0x80070002) Error: (11/09/2014 09:56:29 PM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden. Kontext: Windows Anwendung, SystemIndex Katalog Details: Das System kann die angegebene Datei nicht finden. (HRESULT : 0x80070002) (0x80070002) Error: (11/09/2014 09:50:59 PM) (Source: Windows Search Service) (EventID: 7010) (User: ) Description: Der Index kann nicht initialisiert werden. Details: Das System kann die angegebene Datei nicht finden. (HRESULT : 0x80070002) (0x80070002) Error: (11/09/2014 09:50:59 PM) (Source: Windows Search Service) (EventID: 3058) (User: ) Description: Die Anwendung kann nicht initialisiert werden. Kontext: Windows Anwendung Details: Das System kann die angegebene Datei nicht finden. (HRESULT : 0x80070002) (0x80070002) Error: (11/09/2014 09:50:59 PM) (Source: Windows Search Service) (EventID: 3028) (User: ) Description: Das Gatherer-Objekt kann nicht initialisiert werden. Kontext: Windows Anwendung, SystemIndex Katalog Details: Das System kann die angegebene Datei nicht finden. (HRESULT : 0x80070002) (0x80070002) Error: (11/09/2014 09:50:59 PM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden. Kontext: Windows Anwendung, SystemIndex Katalog Details: Das System kann die angegebene Datei nicht finden. (HRESULT : 0x80070002) (0x80070002) Error: (11/09/2014 09:44:36 PM) (Source: Windows Search Service) (EventID: 7010) (User: ) Description: Der Index kann nicht initialisiert werden. Details: Das System kann die angegebene Datei nicht finden. (HRESULT : 0x80070002) (0x80070002) System errors: ============= Error: (11/09/2014 10:38:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 35 Mal passiert. Error: (11/09/2014 10:38:43 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet: %%2 Error: (11/09/2014 10:36:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 34 Mal passiert. Error: (11/09/2014 10:36:18 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet: %%2 Error: (11/09/2014 10:35:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 33 Mal passiert. Error: (11/09/2014 10:35:58 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet: %%2 Error: (11/09/2014 10:35:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 32 Mal passiert. Error: (11/09/2014 10:35:54 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet: %%2 Error: (11/09/2014 10:35:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 31 Mal passiert. Error: (11/09/2014 10:35:50 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet: %%2 Microsoft Office Sessions: ========================= ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7 CPU Q 740 @ 1.73GHz Percentage of memory in use: 59% Total physical RAM: 4028.38 MB Available physical RAM: 1644.75 MB Total Pagefile: 8054.94 MB Available Pagefile: 5341.05 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:581.48 GB) (Free:506.99 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: ECE692C6) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=581.5 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Code: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-11-2014 01 |
OK bitte die FRST.txt auch noch in Code-Tags posten... :) |
[CODE]Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-11-2014 01 Ran by Visuellspektrum B.E (administrator) on VISUELLSPEKTRUM on 09-11-2014 22:36:55 Running from C:\Users\Visuellspektrum B.E\Desktop Loaded Profile: Visuellspektrum B.E (Available profiles: Visuellspektrum B.E & Andere User & Gast) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (AOL LLC) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (ooVoo LLC) C:\Program Files (x86)\ooVoo\ooVoo.exe (Dell) C:\Users\Visuellspektrum B.E\AppData\Local\Apps\2.0\4Y2M6VA0.Z2E\0X0RCQQN.7AZ\dell..tion_0f612f649c4a10af_0005.0004_3ddfe37344028d2c\DellSystemDetect.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Windows Net) C:\Users\Visuellspektrum B.E\AppData\Roaming\Windows Net Data\net.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (America Online, Inc.) C:\Program Files (x86)\Common Files\AOL\1376658552\ee\aolsoftware.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe (Apple Inc.) C:\iTunesHelper.exe (APN LLC.) C:\Users\Visuellspektrum B.E\AppData\Local\VNT\vntldr.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2247976 2010-07-15] (Synaptics Incorporated) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6486120 2010-09-03] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2120808 2010-09-03] (Realtek Semiconductor) HKLM\...\Run: [NVHotkey] => rundll32.exe C:\Windows\system32\nvHotkey.dll,Start HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1928976 2010-03-05] (Intel(R) Corporation) HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3206816 2010-08-04] (Dell Inc.) HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [727664 2010-09-24] () HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation) HKLM\...\Run: [friends] => C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.4\help\pt_br\current\root_ca.exe [289792 2014-10-28] (Firetrust) HKLM-x32\...\Run: [NUSB3MON] => c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation) HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-02-09] (Brother Industries, Ltd.) HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1376658552\ee\AOLSoftware.exe [50736 2006-09-26] (America Online, Inc.) HKLM-x32\...\Run: [ApnTBMon] => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [VNT] => C:\Program Files (x86)\VNT\vntldr.exe [202192 2013-11-08] (APN LLC.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.) HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [163040 2010-08-12] (Softthinks) HKLM-x32\...\RunOnce: [DSUpdateLauncher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe [161088 2010-07-21] () HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\Run: [ooVoo.exe] => C:\Program Files (x86)\ooVoo\oovoo.exe [36125760 2013-12-18] (ooVoo LLC) HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\Run: [DellSystemDetect] => C:\Users\Visuellspektrum B.E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\Run: [uqdfumrw] => C:\Users\Visuellspektrum B.E\AppData\Local\Temp\Vcducbofyj\awjkumrw.exe [103424 2014-10-14] () <===== ATTENTION HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\Run: [tionkcrz] => C:\Users\Visuellspektrum B.E\AppData\Local\Temp\Oitg\rwsjjjgkcrz.exe [103424 2014-10-15] (CJSC "Computing Forces") <===== ATTENTION HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\Run: [ifoxxwzr] => C:\Users\Visuellspektrum B.E\AppData\Local\Jnrik\thhsexwzr.exe HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\Run: [tfwywndb] => C:\Users\Visuellspektrum B.E\AppData\Roaming\Rmcevfwq\ierwweewndb.exe HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\Run: [liyezfcu] => C:\Users\Visuellspektrum B.E\AppData\Local\Hxnfs\ebxecdxzfcu.exe HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\Run: [hffgquir] => C:\Users\Visuellspektrum B.E\AppData\Local\Temp\Gamxoeew\uqrfiquir.exe <===== ATTENTION HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\Run: [xlazimaw] => C:\Users\Visuellspektrum B.E\AppData\Local\Temp\Woiadfgj\pwarfaimaw.exe [92160 2014-11-07] () <===== ATTENTION HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\Run: [explorer64login] => C:\Users\Visuellspektrum B.E\AppData\Local\Temp\Explorer64\explorer64login.exe [100352 2014-11-08] () <===== ATTENTION HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\Run: [win] => C:\Users\Visuellspektrum B.E\AppData\Local\Win\win.exe [100352 2014-11-08] () HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\Run: [chrome64wave] => C:\Users\Visuellspektrum B.E\AppData\Roaming\Chrome64\chrome64wave.exe [72704 2014-11-08] () HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\Run: [system64-print32] => C:\Users\Visuellspektrum B.E\AppData\Local\System64\system64-print32.exe [100352 2014-11-08] () HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\Run: [perl32runner32] => C:\Users\Visuellspektrum B.E\AppData\Local\Perl32\perl32runner32.exe HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\RunOnce: [Uninstall C:\Users\Visuellspektrum B.E\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Visuellspektrum B.E\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\RunOnce: [Uninstall C:\Users\Visuellspektrum B.E\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Visuellspektrum B.E\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910" HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\Andere User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Visuellspektrum B.E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Visuellspektrum B.E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk ShortcutTarget: net.lnk -> C:\Users\Visuellspektrum B.E\AppData\Roaming\Windows Net Data\net.exe (Windows Net) Startup: C:\Users\Visuellspektrum B.E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=90897426-6fb0-c93d-05d0-a97508e41d6e&searchtype=ds&q={searchTerms}&installDate=17/11/2013 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8 HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=90897426-6fb0-c93d-05d0-a97508e41d6e&searchtype=ds&q={searchTerms}&installDate=17/11/2013 URLSearchHook: HKCU - (No Name) - {1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} - No File SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - DefaultScope {3AF3AFA2-BC78-4539-B980-D9B9BC0E3244} URL = SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=90897426-6fb0-c93d-05d0-a97508e41d6e&searchtype=ds&q={searchTerms}&installDate=17/11/2013 SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - DefaultScope {3AF3AFA2-BC78-4539-B980-D9B9BC0E3244} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311336&CUI=UN18303927224961151&UM=2 SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKCU - {13674696-600A-44DD-A8F8-E801732B1483} URL = SearchScopes: HKCU - {3AF3AFA2-BC78-4539-B980-D9B9BC0E3244} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311336&CUI=UN18303927224961151&UM=2 SearchScopes: HKCU - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = hxxp://suche.aol.de/suche/web/search.jsp?q={searchTerms} BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: AOL Toolbar Launcher -> {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} -> C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Web Check -> {E155F23C-9931-47c6-A619-20E6FCA86D75} -> C:\Program Files (x86)\Web Check\WebCheck.dll (Web Check) Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM-x32 - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC) Toolbar: HKCU - No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Visuellspektrum B.E\AppData\Roaming\Mozilla\Firefox\Profiles\yjafk0m5.default FF NewTab: about:blank FF DefaultSearchEngine: Conduit Search FF DefaultSearchUrl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311336&CUI=UN97404443626523320&UM=2&SearchSource=3&q={searchTerms} FF SelectedSearchEngine: Conduit Search FF Homepage: about:home FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311336&SearchSource=2&CUI=UN97404443626523320&UM=2&q= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @real.com/nppl3260;version=12.0.1.669 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprjplug;version=12.0.1.669 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=12.0.1.669 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.669 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpjplug;version=12.0.1.669 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-4203832084-4009304635-2263003785-1000: @microsoft.com/Office on Demand;version=1 -> C:\Users\Visuellspektrum B.E\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\Microsoft Office 15\npofficeondemand.dll (Microsoft Corporation) FF Plugin HKU\S-1-5-21-4203832084-4009304635-2263003785-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Visuellspektrum B.E\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin Prog-2263003785-1000\...\RunOnce: [Uninstall C:\Users\Visuellspektrum B.E\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Visuellspektrum B.E\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910" HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\Andere User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Visuellspektrum B.E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Visuellspektrum B.E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk ShortcutTarget: net.lnk -> C:\Users\Visuellspektrum B.E\AppData\Roaming\Windows Net Data\net.exe (Windows Net) Startup: C:\Users\Visuellspektrum B.E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=90897426-6fb0-c93d-05d0-a97508e41d6e&searchtype=ds&q={searchTerms}&installDate=17/11/2013 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8 HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=90897426-6fb0-c93d-05d0-a97508e41d6e&searchtype=ds&q={searchTerms}&installDate=17/11/2013 URLSearchHook: HKCU - (No Name) - {1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} - No File SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - DefaultScope {3AF3AFA2-BC78-4539-B980-D9B9BC0E3244} URL = SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=90897426-6fb0-c93d-05d0-a97508e41d6e&searchtype=ds&q={searchTerms}&installDate=17/11/2013 SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - DefaultScope {3AF3AFA2-BC78-4539-B980-D9B9BC0E3244} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311336&CUI=UN18303927224961151&UM=2 SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKCU - {13674696-600A-44DD-A8F8-E801732B1483} URL = SearchScopes: HKCU - {3AF3AFA2-BC78-4539-B980-D9B9BC0E3244} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311336&CUI=UN18303927224961151&UM=2 SearchScopes: HKCU - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = hxxp://suche.aol.de/suche/web/search.jsp?q={searchTerms} BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: AOL Toolbar Launcher -> {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} -> C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Web Check -> {E155F23C-9931-47c6-A619-20E6FCA86D75} -> C:\Program Files (x86)\Web Check\WebCheck.dll (Web Check) Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM-x32 - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC) Toolbar: HKCU - No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Visuellspektrum B.E\AppData\Roaming\Mozilla\Firefox\Profiles\yjafk0m5.default FF NewTab: about:blank FF DefaultSearchEngine: Conduit Search FF DefaultSearchUrl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311336&CUI=UN97404443626523320&UM=2&SearchSource=3&q={searchTerms} FF SelectedSearchEngine: Conduit Search FF Homepage: about:home FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311336&SearchSource=2&CUI=UN97404443626523320&UM=2&q= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @real.com/nppl3260;version=12.0.1.669 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprjplug;version=12.0.1.669 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=12.0.1.669 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.669 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpjplug;version=12.0.1.669 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-4203832084-4009304635-2263003785-1000: @microsoft.com/Office on Demand;version=1 -> C:\Users\Visuellspektrum B.E\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\Microsoft Office 15\npofficeondemand.dll (Microsoft Corporation) FF Plugin HKU\S-1-5-21-4203832084-4009304635-2263003785-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Visuellspektrum B.E\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin Prog-2263003785-1000\...\RunOnce: [Uninstall C:\Users\Visuellspektrum B.E\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Visuellspektrum B.E\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910" HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\Andere User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Visuellspektrum B.E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Visuellspektrum B.E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk ShortcutTarget: net.lnk -> C:\Users\Visuellspektrum B.E\AppData\Roaming\Windows Net Data\net.exe (Windows Net) Startup: C:\Users\Visuellspektrum B.E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=90897426-6fb0-c93d-05d0-a97508e41d6e&searchtype=ds&q={searchTerms}&installDate=17/11/2013 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8 HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=90897426-6fb0-c93d-05d0-a97508e41d6e&searchtype=ds&q={searchTerms}&installDate=17/11/2013 URLSearchHook: HKCU - (No Name) - {1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} - No File SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - DefaultScope {3AF3AFA2-BC78-4539-B980-D9B9BC0E3244} URL = SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=90897426-6fb0-c93d-05d0-a97508e41d6e&searchtype=ds&q={searchTerms}&installDate=17/11/2013 SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - DefaultScope {3AF3AFA2-BC78-4539-B980-D9B9BC0E3244} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311336&CUI=UN18303927224961151&UM=2 SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKCU - {13674696-600A-44DD-A8F8-E801732B1483} URL = SearchScopes: HKCU - {3AF3AFA2-BC78-4539-B980-D9B9BC0E3244} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311336&CUI=UN18303927224961151&UM=2 SearchScopes: HKCU - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = hxxp://suche.aol.de/suche/web/search.jsp?q={searchTerms} BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: AOL Toolbar Launcher -> {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} -> C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Web Check -> {E155F23C-9931-47c6-A619-20E6FCA86D75} -> C:\Program Files (x86)\Web Check\WebCheck.dll (Web Check) Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM-x32 - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC) Toolbar: HKCU - No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Visuellspektrum B.E\AppData\Roaming\Mozilla\Firefox\Profiles\yjafk0m5.default FF NewTab: about:blank FF DefaultSearchEngine: Conduit Search FF DefaultSearchUrl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311336&CUI=UN97404443626523320&UM=2&SearchSource=3&q={searchTerms} FF SelectedSearchEngine: Conduit Search FF Homepage: about:home FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311336&SearchSource=2&CUI=UN97404443626523320&UM=2&q= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @real.com/nppl3260;version=12.0.1.669 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprjplug;version=12.0.1.669 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=12.0.1.669 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.669 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpjplug;version=12.0.1.669 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-4203832084-4009304635-2263003785-1000: @microsoft.com/Office on Demand;version=1 -> C:\Users\Visuellspektrum B.E\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\Microsoft Office 15\npofficeondemand.dll (Microsoft Corporation) FF Plugin HKU\S-1-5-21-4203832084-4009304635-2263003785-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Visuellspektrum B.E\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin Prog-2263003785-1000\...\RunOnce: [Uninstall C:\Users\Visuellspektrum B.E\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Visuellspektrum B.E\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910" HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\Andere User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Visuellspektrum B.E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Visuellspektrum B.E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk ShortcutTarget: net.lnk -> C:\Users\Visuellspektrum B.E\AppData\Roaming\Windows Net Data\net.exe (Windows Net) Startup: C:\Users\Visuellspektrum B.E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=90897426-6fb0-c93d-05d0-a97508e41d6e&searchtype=ds&q={searchTerms}&installDate=17/11/2013 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8 HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=90897426-6fb0-c93d-05d0-a97508e41d6e&searchtype=ds&q={searchTerms}&installDate=17/11/2013 URLSearchHook: HKCU - (No Name) - {1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} - No File SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - DefaultScope {3AF3AFA2-BC78-4539-B980-D9B9BC0E3244} URL = SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=90897426-6fb0-c93d-05d0-a97508e41d6e&searchtype=ds&q={searchTerms}&installDate=17/11/2013 SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - DefaultScope {3AF3AFA2-BC78-4539-B980-D9B9BC0E3244} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311336&CUI=UN18303927224961151&UM=2 SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKCU - {13674696-600A-44DD-A8F8-E801732B1483} URL = SearchScopes: HKCU - {3AF3AFA2-BC78-4539-B980-D9B9BC0E3244} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311336&CUI=UN18303927224961151&UM=2 SearchScopes: HKCU - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = hxxp://suche.aol.de/suche/web/search.jsp?q={searchTerms} BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: AOL Toolbar Launcher -> {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} -> C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Web Check -> {E155F23C-9931-47c6-A619-20E6FCA86D75} -> C:\Program Files (x86)\Web Check\WebCheck.dll (Web Check) Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM-x32 - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC) Toolbar: HKCU - No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Visuellspektrum B.E\AppData\Roaming\Mozilla\Firefox\Profiles\yjafk0m5.default FF NewTab: about:blank FF DefaultSearchEngine: Conduit Search FF DefaultSearchUrl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311336&CUI=UN97404443626523320&UM=2&SearchSource=3&q={searchTerms} FF SelectedSearchEngine: Conduit Search FF Homepage: about:home FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311336&SearchSource=2&CUI=UN97404443626523320&UM=2&q= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vis |
Schritt 1 http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...t/frstscan.png Bitte starte FRST erneut, und drücke auf Scan. Bitte poste mir den Inhalt des Logs. Lesestoff Posten in CODE-Tags: So gehts... Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
|
komme leider nicht durch, habs...aber trojaner board sperrte wegen den seitenaufrufe...blabla..und ich habe dem admin angeschrieben..soll ich es hier privat machen? |
Hä? Bitte was? |
mein beitrag wird nicht weitergeleitet. sperre bekommen wegen zuviele seitenaufrufe??? Code: Ihr Seitenaufruf konnte aufgrund eines fehlenden Securitytokens nicht verarbeitet werden.Ran by Visuellspektrum B.E (administrator) on VISUELLSPEKTRUM on 09-11-2014 22:36:55 Running from C:\Users\Visuellspektrum B.E\Desktop Loaded Profile: Visuellspektrum B.E (Available profiles: Visuellspektrum B.E & Andere User & Gast) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (AOL LLC) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (ooVoo LLC) C:\Program Files (x86)\ooVoo\ooVoo.exe (Dell) C:\Users\Visuellspektrum B.E\AppData\Local\Apps\2.0\4Y2M6VA0.Z2E\0X0RCQQN.7AZ\dell..tion_0f612f649c4a10af_0005.0004_3ddfe37344028d2c\DellSystemDetect.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Windows Net) C:\Users\Visuellspektrum B.E\AppData\Roaming\Windows Net Data\net.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (America Online, Inc.) C:\Program Files (x86)\Common Files\AOL\1376658552\ee\aolsoftware.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe (Apple Inc.) C:\iTunesHelper.exe (APN LLC.) C:\Users\Visuellspektrum B.E\AppData\Local\VNT\vntldr.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2247976 2010-07-15] (Synaptics Incorporated) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6486120 2010-09-03] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2120808 2010-09-03] (Realtek Semiconductor) HKLM\...\Run: [NVHotkey] => rundll32.exe C:\Windows\system32\nvHotkey.dll,Start HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1928976 2010-03-05] (Intel(R) Corporation) HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3206816 2010-08-04] (Dell Inc.) HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [727664 2010-09-24] () HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation) HKLM\...\Run: [friends] => C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.4\help\pt_br\current\root_ca.exe [289792 2014-10-28] (Firetrust) HKLM-x32\...\Run: [NUSB3MON] => c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation) HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-02-09] (Brother Industries, Ltd.) HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1376658552\ee\AOLSoftware.exe [50736 2006-09-26] (America Online, Inc.) HKLM-x32\...\Run: [ApnTBMon] => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [VNT] => C:\Program Files (x86)\VNT\vntldr.exe [202192 2013-11-08] (APN LLC.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.) HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [163040 2010-08-12] (Softthinks) HKLM-x32\...\RunOnce: [DSUpdateLauncher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe [161088 2010-07-21] () HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\Run: [ooVoo.exe] => C:\Program Files (x86)\ooVoo\oovoo.exe [36125760 2013-12-18] (ooVoo LLC) HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\Run: [DellSystemDetect] => C:\Users\Visuellspektrum B.E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\Run: [uqdfumrw] => C:\Users\Visuellspektrum B.E\AppData\Local\Temp\Vcducbofyj\awjkumrw.exe [103424 2014-10-14] () <===== ATTENTION HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\Run: [tionkcrz] => C:\Users\Visuellspektrum B.E\AppData\Local\Temp\Oitg\rwsjjjgkcrz.exe [103424 2014-10-15] (CJSC "Computing Forces") <===== ATTENTION HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\Run: [ifoxxwzr] => C:\Users\Visuellspektrum B.E\AppData\Local\Jnrik\thhsexwzr.exe HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\Run: [tfwywndb] => C:\Users\Visuellspektrum B.E\AppData\Roaming\Rmcevfwq\ierwweewndb.exe HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\Run: [liyezfcu] => C:\Users\Visuellspektrum B.E\AppData\Local\Hxnfs\ebxecdxzfcu.exe HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\Run: [hffgquir] => C:\Users\Visuellspektrum B.E\AppData\Local\Temp\Gamxoeew\uqrfiquir.exe <===== ATTENTION HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\Run: [xlazimaw] => C:\Users\Visuellspektrum B.E\AppData\Local\Temp\Woiadfgj\pwarfaimaw.exe [92160 2014-11-07] () <===== ATTENTION HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\Run: [explorer64login] => C:\Users\Visuellspektrum B.E\AppData\Local\Temp\Explorer64\explorer64login.exe [100352 2014-11-08] () <===== ATTENTION HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\Run: [win] => C:\Users\Visuellspektrum B.E\AppData\Local\Win\win.exe [100352 2014-11-08] () HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\Run: [chrome64wave] => C:\Users\Visuellspektrum B.E\AppData\Roaming\Chrome64\chrome64wave.exe [72704 2014-11-08] () HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\Run: [system64-print32] => C:\Users\Visuellspektrum B.E\AppData\Local\System64\system64-print32.exe [100352 2014-11-08] () HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\Run: [perl32runner32] => C:\Users\Visuellspektrum B.E\AppData\Local\Perl32\perl32runner32.exe HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\RunOnce: [Uninstall C:\Users\Visuellspektrum B.E\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Visuellspektrum B.E\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\RunOnce: [Uninstall C:\Users\Visuellspektrum B.E\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Visuellspektrum B.E\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910" HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\Andere User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Visuellspektrum B.E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Visuellspektrum B.E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk ShortcutTarget: net.lnk -> C:\Users\Visuellspektrum B.E\AppData\Roaming\Windows Net Data\net.exe (Windows Net) Startup: C:\Users\Visuellspektrum B.E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=90897426-6fb0-c93d-05d0-a97508e41d6e&searchtype=ds&q={searchTerms}&installDate=17/11/2013 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8 HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=90897426-6fb0-c93d-05d0-a97508e41d6e&searchtype=ds&q={searchTerms}&installDate=17/11/2013 URLSearchHook: HKCU - (No Name) - {1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} - No File SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - DefaultScope {3AF3AFA2-BC78-4539-B980-D9B9BC0E3244} URL = SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=90897426-6fb0-c93d-05d0-a97508e41d6e&searchtype=ds&q={searchTerms}&installDate=17/11/2013 SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - DefaultScope {3AF3AFA2-BC78-4539-B980-D9B9BC0E3244} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311336&CUI=UN18303927224961151&UM=2 SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKCU - {13674696-600A-44DD-A8F8-E801732B1483} URL = SearchScopes: HKCU - {3AF3AFA2-BC78-4539-B980-D9B9BC0E3244} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311336&CUI=UN18303927224961151&UM=2 SearchScopes: HKCU - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = hxxp://suche.aol.de/suche/web/search.jsp?q={searchTerms} BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: AOL Toolbar Launcher -> {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} -> C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Web Check -> {E155F23C-9931-47c6-A619-20E6FCA86D75} -> C:\Program Files (x86)\Web Check\WebCheck.dll (Web Check) Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM-x32 - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC) Toolbar: HKCU - No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Visuellspektrum B.E\AppData\Roaming\Mozilla\Firefox\Profiles\yjafk0m5.default FF NewTab: about:blank FF DefaultSearchEngine: Conduit Search FF DefaultSearchUrl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311336&CUI=UN97404443626523320&UM=2&SearchSource=3&q={searchTerms} FF SelectedSearchEngine: Conduit Search FF Homepage: about:home FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311336&SearchSource=2&CUI=UN97404443626523320&UM=2&q= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @real.com/nppl3260;version=12.0.1.669 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprjplug;version=12.0.1.669 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=12.0.1.669 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.669 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpjplug;version=12.0.1.669 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-4203832084-4009304635-2263003785-1000: @microsoft.com/Office on Demand;version=1 -> C:\Users\Visuellspektrum B.E\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\Microsoft Office 15\npofficeondemand.dll (Microsoft Corporation) FF Plugin HKU\S-1-5-21-4203832084-4009304635-2263003785-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Visuellspektrum B.E\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86!6.4.6013.0910\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Visuellspektrum B.E\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\RunOnce: [Uninstall C:\Users\Visuellspektrum B.E\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Visuellspektrum B.E\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910" HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\Andere User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Visuellspektrum B.E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Visuellspektrum B.E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk ShortcutTarget: net.lnk -> C:\Users\Visuellspektrum B.E\AppData\Roaming\Windows Net Data\net.exe (Windows Net) Startup: C:\Users\Visuellspektrum B.E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=90897426-6fb0-c93d-05d0-a97508e41d6e&searchtype=ds&q={searchTerms}&installDate=17/11/2013 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8 HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=90897426-6fb0-c93d-05d0-a97508e41d6e&searchtype=ds&q={searchTerms}&installDate=17/11/2013 URLSearchHook: HKCU - (No Name) - {1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} - No File SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - DefaultScope {3AF3AFA2-BC78-4539-B980-D9B9BC0E3244} URL = SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=90897426-6fb0-c93d-05d0-a97508e41d6e&searchtype=ds&q={searchTerms}&installDate=17/11/2013 SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - DefaultScope {3AF3AFA2-BC78-4539-B980-D9B9BC0E3244} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311336&CUI=UN18303927224961151&UM=2 SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKCU - {13674696-600A-44DD-A8F8-E801732B1483} URL = SearchScopes: HKCU - {3AF3AFA2-BC78-4539-B980-D9B9BC0E3244} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311336&CUI=UN18303927224961151&UM=2 SearchScopes: HKCU - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = hxxp://suche.aol.de/suche/web/search.jsp?q={searchTerms} BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: AOL Toolbar Launcher -> {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} -> C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Web Check -> {E155F23C-9931-47c6-A619-20E6FCA86D75} -> C:\Program Files (x86)\Web Check\WebCheck.dll (Web Check) Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM-x32 - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC) Toolbar: HKCU - No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Visuellspektrum B.E\AppData\Roaming\Mozilla\Firefox\Profiles\yjafk0m5.default FF NewTab: about:blank FF DefaultSearchEngine: Conduit Search FF DefaultSearchUrl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311336&CUI=UN97404443626523320&UM=2&SearchSource=3&q={searchTerms} FF SelectedSearchEngine: Conduit Search FF Homepage: about:home FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311336&SearchSource=2&CUI=UN97404443626523320&UM=2&q= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @real.com/nppl3260;version=12.0.1.669 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprjplug;version=12.0.1.669 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=12.0.1.669 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.669 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpjplug;version=12.0.1.669 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-4203832084-4009304635-2263003785-1000: @microsoft.com/Office on Demand;version=1 -> C:\Users\Visuellspektrum B.E\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\Microsoft Office 15\npofficeondemand.dll (Microsoft Corporation) FF Plugin HKU\S-1-5-21-4203832084-4009304635-2263003785-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Visuellspektrum B.E\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86!6.4.6013.0910\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Visuellspektrum B.E\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\RunOnce: [Uninstall C:\Users\Visuellspektrum B.E\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Visuellspektrum B.E\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910" HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\Andere User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Visuellspektrum B.E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Visuellspektrum B.E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk ShortcutTarget: net.lnk -> C:\Users\Visuellspektrum B.E\AppData\Roaming\Windows Net Data\net.exe (Windows Net) Startup: C:\Users\Visuellspektrum B.E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=90897426-6fb0-c93d-05d0-a97508e41d6e&searchtype=ds&q={searchTerms}&installDate=17/11/2013 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8 HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=90897426-6fb0-c93d-05d0-a97508e41d6e&searchtype=ds&q={searchTerms}&installDate=17/11/2013 URLSearchHook: HKCU - (No Name) - {1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} - No File SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - DefaultScope {3AF3AFA2-BC78-4539-B980-D9B9BC0E3244} URL = SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=90897426-6fb0-c93d-05d0-a97508e41d6e&searchtype=ds&q={searchTerms}&installDate=17/11/2013 SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - DefaultScope {3AF3AFA2-BC78-4539-B980-D9B9BC0E3244} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311336&CUI=UN18303927224961151&UM=2 SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKCU - {13674696-600A-44DD-A8F8-E801732B1483} URL = SearchScopes: HKCU - {3AF3AFA2-BC78-4539-B980-D9B9BC0E3244} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311336&CUI=UN18303927224961151&UM=2 SearchScopes: HKCU - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = hxxp://suche.aol.de/suche/web/search.jsp?q={searchTerms} BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: AOL Toolbar Launcher -> {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} -> C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Web Check -> {E155F23C-9931-47c6-A619-20E6FCA86D75} -> C:\Program Files (x86)\Web Check\WebCheck.dll (Web Check) Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM-x32 - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC) Toolbar: HKCU - No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Visuellspektrum B.E\AppData\Roaming\Mozilla\Firefox\Profiles\yjafk0m5.default FF NewTab: about:blank FF DefaultSearchEngine: Conduit Search FF DefaultSearchUrl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311336&CUI=UN97404443626523320&UM=2&SearchSource=3&q={searchTerms} FF SelectedSearchEngine: Conduit Search FF Homepage: about:home FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311336&SearchSource=2&CUI=UN97404443626523320&UM=2&q= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @real.com/nppl3260;version=12.0.1.669 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprjplug;version=12.0.1.669 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=12.0.1.669 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.669 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpjplug;version=12.0.1.669 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-4203832084-4009304635-2263003785-1000: @microsoft.com/Office on Demand;version=1 -> C:\Users\Visuellspektrum B.E\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\Microsoft Office 15\npofficeondemand.dll (Microsoft Corporation) FF Plugin HKU\S-1-5-21-4203832084-4009304635-2263003785-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Visuellspektrum B.E\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86!6.4.6013.0910\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Visuellspektrum B.E\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\RunOnce: [Uninstall C:\Users\Visuellspektrum B.E\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Visuellspektrum B.E\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910" HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\Andere User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Visuellspektrum B.E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Visuellspektrum B.E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk ShortcutTarget: net.lnk -> C:\Users\Visuellspektrum B.E\AppData\Roaming\Windows Net Data\net.exe (Windows Net) Startup: C:\Users\Visuellspektrum B.E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=90897426-6fb0-c93d-05d0-a97508e41d6e&searchtype=ds&q={searchTerms}&installDate=17/11/2013 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8 HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=90897426-6fb0-c93d-05d0-a97508e41d6e&searchtype=ds&q={searchTerms}&installDate=17/11/2013 URLSearchHook: HKCU - (No Name) - {1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} - No File SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - DefaultScope {3AF3AFA2-BC78-4539-B980-D9B9BC0E3244} URL = SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=90897426-6fb0-c93d-05d0-a97508e41d6e&searchtype=ds&q={searchTerms}&installDate=17/11/2013 SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - DefaultScope {3AF3AFA2-BC78-4539-B980-D9B9BC0E3244} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311336&CUI=UN18303927224961151&UM=2 SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKCU - {13674696-600A-44DD-A8F8-E801732B1483} URL = SearchScopes: HKCU - {3AF3AFA2-BC78-4539-B980-D9B9BC0E3244} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311336&CUI=UN18303927224961151&UM=2 SearchScopes: HKCU - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = hxxp://suche.aol.de/suche/web/search.jsp?q={searchTerms} BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: AOL Toolbar Launcher -> {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} -> C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Web Check -> {E155F23C-9931-47c6-A619-20E6FCA86D75} -> C:\Program Files (x86)\Web Check\WebCheck.dll (Web Check) Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM-x32 - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC) Toolbar: HKCU - No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Visuellspektrum B.E\AppData\Roaming\Mozilla\Firefox\Profiles\yjafk0m5.default FF NewTab: about:blank FF DefaultSearchEngine: Conduit Search FF DefaultSearchUrl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311336&CUI=UN97404443626523320&UM=2&SearchSource=3&q={searchTerms} FF SelectedSearchEngine: Conduit Search FF Homepage: about:home FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311336&SearchSource=2&CUI=UN97404443626523320&UM=2&q= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vis |
:wtf: Naja. Du musst mir das FRST.txt hier posten. |
oben eingefügt...schwitz...richtig? richtig? hats geklappt? |
Zitat:
Das Log ist nicht vollständig. Du solltest Dir außerdem überlegen ob Du nicht besser neuinstallieren willst. Scheinbar machst Du ja Online-Banking mit dem PC. Das ist nämlich Deine Entscheidung. Passwörter usw. hast Du ja hoffentlich von einem anderen PC aus schon geändert oder? Mach das bitte auf jeden Fall: Bitte lasse die Datei aus der Code-Box bei http://deeprybka.trojaner-board.de/b...virustotal.png überprüfen.
Mach das bitte mit denen hier auch (würde mich interessieren was da alles läuft.) Code: C:\Users\Visuellspektrum B.E\AppData\Local\Temp\Oitg\rwsjjjgkcrz.exe |
C:\Users\Visuellspektrum B.E\AppData\Local\Jnrik\thhsexwzr.exe existiert nicht :pfeiff: C:\Users\Visuellspektrum B.E\AppData\Local\Temp\Oitg\rwsjjjgkcrz.exe Der ja: https://www.virustotal.com/de/file/b8952d493910732764cb6843e9a780e92293addbb624f0f938aada67761589a9/analysis/1415578509/ C:\Users\Visuellspektrum B.E\AppData\Roaming\Rmcevfwq\ierwweewndb.exe existiert nicht C:\Users\Visuellspektrum B.E\AppData\Local\Hxnfs\ebxecdxzfcu.exe existiert auch nicht Richtig gemacht bisher? Und das mit den Passwörtern ,wie meinst du das? Bin grad am Lapi, Pc ist woanders ja. Bei dem soll ich alle Passwörter ändern, nicht am Lapi? Wird eh geknackt? Ich erhalte neue Pin von der Postbank. Ist die Gefahr gross, dass es erneut geknackt wird, da der Trojaner immer noch hier ist? Soll ich für ALLES neue Passwörter einsetzen? |
Ich meine das mit den Passwortänderungen so, dass Du von einem anderen PC (welcher nicht infiziert ist) oder von nem Handy aus, alle Deine sensiblen Online-Passwörter ändern sollst (Paypal, Email, Ebay usw.). Wenn Du mit der Bereinigung hier beginnen möchtest, dann poste bitte die Logs komplett in Code-Tags. ;) |
kann leider nicht den Frst senden...wird nicht weitergeleitet. Mir fiel was auf: Ich ging zur Systemsteuerung und dann zu Anmeldeinformationen und fand fremde Eingänge, eiinmal einer aus Iran, einer Mal da und da...hab sie alle gelöscht und ABER bei einem , der kam wieder heute rein. Wie kann ich ihn endgültig sperren? |
Sorry, ohne Logs kann ich schlecht helfen. Entweder posten oder anhängen. Zitat:
|
FRST Logfile: FRST Logfile: Code: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-11-2014 01--- --- --- es gab zuviele seite, daher wurde es nicht übertragen. hab dann hier per # eingefügt, kopiert..dann stück für stück nachgeschickt. hoffe es klappt nun..:-) |
Naja, wenn Du wirklich bereinigen willst...dann machen wir so weiter: Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
|
Ich soll Skpi wählen...hier gibt's 3 zum Anklicken Skip / Copy to quarantine / Delete also klicke ich Skip |
So ist es...:) |
Nach dem Skip kam dann There are unproccessed malware object dann start scan.... ich guck mal auf C/... |
Ok...:) |
Die Datei, die Sie anhängen möchten, ist zu groß. Die maximale Dateigröße für diesen Dateityp beträgt 97,7 KB. Ihre Datei ist 234,9 KB groß. was nun.... |
Copy & paste |
00:27:02.0493 0x14a8 TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34 00:27:06.0108 0x14a8 ============================================================ 00:27:06.0108 0x14a8 Current date / time: 2014/11/14 00:27:06.0108 00:27:06.0108 0x14a8 SystemInfo: 00:27:06.0108 0x14a8 00:27:06.0108 0x14a8 OS Version: 6.1.7601 ServicePack: 1.0 00:27:06.0108 0x14a8 Product type: Workstation 00:27:06.0108 0x14a8 ComputerName: VISUELLSPEKTRUM 00:27:06.0108 0x14a8 UserName: Visuellspektrum B.E 00:27:06.0108 0x14a8 Windows directory: C:\Windows 00:27:06.0108 0x14a8 System windows directory: C:\Windows 00:27:06.0108 0x14a8 Running under WOW64 00:27:06.0108 0x14a8 Processor architecture: Intel x64 00:27:06.0108 0x14a8 Number of processors: 8 00:27:06.0108 0x14a8 Page size: 0x1000 00:27:06.0108 0x14a8 Boot type: Normal boot 00:27:06.0108 0x14a8 ============================================================ 00:27:06.0365 0x14a8 KLMD registered as C:\Windows\system32\drivers\45306180.sys 00:27:06.0880 0x14a8 System UUID: {1392FE88-96D1-62D4-112D-3696EAE75F54} 00:27:07.0919 0x14a8 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 ( 596.17 Gb ), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 00:27:07.0934 0x14a8 ============================================================ 00:27:07.0934 0x14a8 \Device\Harddisk0\DR0: 00:27:07.0934 0x14a8 MBR partitions: 00:27:07.0934 0x14a8 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1D4C000 00:27:07.0934 0x14a8 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D5F9C5, BlocksNum 0x48AF80EB 00:27:07.0934 0x14a8 ============================================================ 00:27:07.0934 0x14a8 C: <-> \Device\Harddisk0\DR0\Partition2 00:27:07.0934 0x14a8 ============================================================ 00:27:07.0934 0x14a8 Initialize success 00:27:07.0934 0x14a8 ============================================================ 00:27:10.0918 0x2c6c ============================================================ 00:27:10.0918 0x2c6c Scan started 00:27:10.0918 0x2c6c Mode: Manual; 00:27:10.0918 0x2c6c ============================================================ 00:27:10.0918 0x2c6c KSN ping started 00:27:13.0368 0x2c6c KSN ping finished: true 00:27:14.0067 0x2c6c ================ Scan system memory ======================== 00:27:14.0067 0x2c6c System memory - ok 00:27:14.0067 0x2c6c ================ Scan services ============================= 00:27:14.0308 0x2c6c [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 00:27:14.0324 0x2c6c 1394ohci - ok 00:27:14.0360 0x2c6c [ 7A505465BBB1EB8B5AD4D76E8749383B, 999FBBFAF8CCF68D8B7EB5C4F23A5FC00F911FDD0ED192BE9C51F1BC4BE0EA51 ] Acceler C:\Windows\system32\DRIVERS\Accelern.sys 00:27:14.0360 0x2c6c Acceler - ok 00:27:14.0453 0x2c6c [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys 00:27:14.0456 0x2c6c ACPI - ok 00:27:14.0487 0x2c6c [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 00:27:14.0487 0x2c6c AcpiPmi - ok 00:27:14.0630 0x2c6c [ C5679E5186B2FC95BC76A8A9870D5456, 70AC61850B811A0A902532F098AE1D5DF4622455E56C78B89D4ABDBE4A061A48 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 00:27:14.0630 0x2c6c AdobeARMservice - ok 00:27:14.0838 0x2c6c [ D51145F6B0CE987850F13A61DAD5E531, 67CB6AB8C42781FA717CBEF81F3C658747E3B7814383056A56EDA99583FDBFD5 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 00:27:14.0856 0x2c6c AdobeFlashPlayerUpdateSvc - ok 00:27:14.0903 0x2c6c [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 00:27:14.0903 0x2c6c adp94xx - ok 00:27:14.0968 0x2c6c [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 00:27:14.0968 0x2c6c adpahci - ok 00:27:14.0999 0x2c6c [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 00:27:14.0999 0x2c6c adpu320 - ok 00:27:15.0030 0x2c6c [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 00:27:15.0030 0x2c6c AeLookupSvc - ok 00:27:15.0126 0x2c6c [ D1E343BC00136CE03C4D403194D06A80, 94F2543164A2CEA179EDE53E1294EE24391A59CAEFF83BA5CE9385E8E686E89C ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe 00:27:15.0126 0x2c6c AERTFilters - ok 00:27:15.0225 0x2c6c [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys 00:27:15.0240 0x2c6c AFD - ok 00:27:15.0258 0x2c6c [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys 00:27:15.0258 0x2c6c agp440 - ok 00:27:15.0321 0x2c6c [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe 00:27:15.0321 0x2c6c ALG - ok 00:27:15.0370 0x2c6c [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys 00:27:15.0370 0x2c6c aliide - ok 00:27:15.0433 0x2c6c [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys 00:27:15.0433 0x2c6c amdide - ok 00:27:15.0451 0x2c6c [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 00:27:15.0451 0x2c6c AmdK8 - ok 00:27:15.0466 0x2c6c [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 00:27:15.0466 0x2c6c AmdPPM - ok 00:27:15.0513 0x2c6c [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys 00:27:15.0513 0x2c6c amdsata - ok 00:27:15.0547 0x2c6c [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 00:27:15.0547 0x2c6c amdsbs - ok 00:27:15.0578 0x2c6c [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys 00:27:15.0578 0x2c6c amdxata - ok 00:27:15.0677 0x2c6c [ 85180CF88C5EBAD73B452A43A004CA51, 24D25495DC21293FC1F37EE7E7C2A4725E66D3D25BE05D7EDF4BB4F444C65526 ] AOL ACS C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe 00:27:15.0677 0x2c6c AOL ACS - ok 00:27:15.0723 0x2c6c APNMCP - ok 00:27:15.0835 0x2c6c [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys 00:27:15.0835 0x2c6c AppID - ok 00:27:15.0884 0x2c6c [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll 00:27:15.0884 0x2c6c AppIDSvc - ok 00:27:15.0949 0x2c6c [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll 00:27:15.0949 0x2c6c Appinfo - ok 00:27:16.0061 0x2c6c [ 6B73E94F9FE82D45781B8C8A09483082, C35EEAE7457168387A7C77A315524A3703ABDE49D9F23F59057315D9249D3473 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 00:27:16.0061 0x2c6c Apple Mobile Device - ok 00:27:16.0077 0x2c6c [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys 00:27:16.0077 0x2c6c arc - ok 00:27:16.0092 0x2c6c [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 00:27:16.0092 0x2c6c arcsas - ok 00:27:16.0256 0x2c6c [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 00:27:16.0318 0x2c6c aspnet_state - ok 00:27:16.0334 0x2c6c [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 00:27:16.0334 0x2c6c AsyncMac - ok 00:27:16.0383 0x2c6c [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys 00:27:16.0383 0x2c6c atapi - ok 00:27:16.0479 0x2c6c [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 00:27:16.0495 0x2c6c AudioEndpointBuilder - ok 00:27:16.0510 0x2c6c [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv C:\Windows\System32\Audiosrv.dll 00:27:16.0526 0x2c6c AudioSrv - ok 00:27:16.0622 0x2c6c [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll 00:27:16.0622 0x2c6c AxInstSV - ok 00:27:16.0687 0x2c6c [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 00:27:16.0687 0x2c6c b06bdrv - ok 00:27:16.0718 0x2c6c [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 00:27:16.0718 0x2c6c b57nd60a - ok 00:27:16.0749 0x2c6c [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll 00:27:16.0765 0x2c6c BDESVC - ok 00:27:16.0783 0x2c6c [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys 00:27:16.0783 0x2c6c Beep - ok 00:27:16.0861 0x2c6c [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll 00:27:16.0879 0x2c6c BFE - ok 00:27:16.0926 0x2c6c [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll 00:27:16.0957 0x2c6c BITS - ok 00:27:16.0991 0x2c6c bjdkpcji - ok 00:27:17.0006 0x2c6c [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 00:27:17.0006 0x2c6c blbdrive - ok 00:27:17.0134 0x2c6c [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 00:27:17.0134 0x2c6c Bonjour Service - ok 00:27:17.0183 0x2c6c [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 00:27:17.0183 0x2c6c bowser - ok 00:27:17.0230 0x2c6c bpjnxbfz - ok 00:27:17.0261 0x2c6c [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 00:27:17.0261 0x2c6c BrFiltLo - ok 00:27:17.0279 0x2c6c [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 00:27:17.0279 0x2c6c BrFiltUp - ok 00:27:17.0310 0x2c6c [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll 00:27:17.0310 0x2c6c Browser - ok 00:27:17.0357 0x2c6c [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys 00:27:17.0357 0x2c6c Brserid - ok 00:27:17.0391 0x2c6c [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 00:27:17.0391 0x2c6c BrSerWdm - ok 00:27:17.0406 0x2c6c [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 00:27:17.0438 0x2c6c BrUsbSer - ok 00:27:17.0487 0x2c6c [ EA7E57F87D6FEE5FD6C5F813C04E8CD2, 1EB84F4DEE3034FAFBEA2A3F84EECE036E803872DA94D54E958E9F2F09519E88 ] BrYNSvc C:\Program Files (x86)\Browny02\BrYNSvc.exe 00:27:17.0502 0x2c6c BrYNSvc - ok 00:27:17.0518 0x2c6c [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 00:27:17.0518 0x2c6c BTHMODEM - ok 00:27:17.0599 0x2c6c [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll 00:27:17.0614 0x2c6c bthserv - ok 00:27:17.0630 0x2c6c [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 00:27:17.0630 0x2c6c cdfs - ok 00:27:17.0679 0x2c6c [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 00:27:17.0679 0x2c6c cdrom - ok 00:27:17.0741 0x2c6c [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll 00:27:17.0757 0x2c6c CertPropSvc - ok 00:27:17.0773 0x2c6c [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys 00:27:17.0773 0x2c6c circlass - ok 00:27:17.0806 0x2c6c [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys 00:27:17.0822 0x2c6c CLFS - ok 00:27:17.0999 0x2c6c [ 871EEE78F98D6E31C80FD39433A8FE2F, 67602F597FADA1E7102BC373287A4A78339E057D37FCEAD0B2502F70450EC7CE ] ClickToRunSvc C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe 00:27:18.0045 0x2c6c ClickToRunSvc - ok 00:27:18.0141 0x2c6c [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 00:27:18.0141 0x2c6c clr_optimization_v2.0.50727_32 - ok 00:27:18.0191 0x2c6c [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 00:27:18.0206 0x2c6c clr_optimization_v2.0.50727_64 - ok 00:27:18.0318 0x2c6c [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 00:27:18.0365 0x2c6c clr_optimization_v4.0.30319_32 - ok 00:27:18.0383 0x2c6c [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 00:27:18.0399 0x2c6c clr_optimization_v4.0.30319_64 - ok 00:27:18.0445 0x2c6c [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 00:27:18.0445 0x2c6c CmBatt - ok 00:27:18.0510 0x26a8 Object required for P2P: [ D51145F6B0CE987850F13A61DAD5E531 ] AdobeFlashPlayerUpdateSvc 00:27:18.0510 0x2c6c [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys 00:27:18.0526 0x2c6c cmdide - ok 00:27:18.0573 0x2c6c [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys 00:27:18.0588 0x2c6c CNG - ok 00:27:18.0619 0x2c6c [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 00:27:18.0619 0x2c6c Compbatt - ok 00:27:18.0666 0x2c6c [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 00:27:18.0666 0x2c6c CompositeBus - ok 00:27:18.0682 0x2c6c COMSysApp - ok 00:27:18.0700 0x2c6c [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 00:27:18.0700 0x2c6c crcdisk - ok 00:27:18.0747 0x2c6c [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\Windows\system32\cryptsvc.dll 00:27:18.0762 0x2c6c CryptSvc - ok 00:27:18.0794 0x2c6c [ FBE228ABEAB2BE13B9C3A3A112D4D8DC, A9FF2DC38CBE00AAD904BB7EC74480953D513E46FDE607A7773FF5A2A25B8C15 ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys 00:27:18.0794 0x2c6c CtClsFlt - ok 00:27:18.0939 0x2c6c [ FD557A50A65E44041CD2FCEF4BEB04DB, 746D5958F7198895D35A23566D3736D993D57726BF59D91421D8091C48926A26 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE 00:27:18.0955 0x2c6c cvhsvc - ok 00:27:18.0986 0x2c6c cypvewap - ok 00:27:19.0019 0x2c6c [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll 00:27:19.0035 0x2c6c DcomLaunch - ok 00:27:19.0066 0x2c6c [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll 00:27:19.0082 0x2c6c defragsvc - ok 00:27:19.0116 0x2c6c [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys 00:27:19.0116 0x2c6c DfsC - ok 00:27:19.0131 0x2c6c [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll 00:27:19.0147 0x2c6c Dhcp - ok 00:27:19.0162 0x2c6c [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys 00:27:19.0162 0x2c6c discache - ok 00:27:19.0209 0x2c6c [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys 00:27:19.0212 0x2c6c Disk - ok 00:27:19.0274 0x2c6c [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll 00:27:19.0290 0x2c6c Dnscache - ok 00:27:19.0401 0x2c6c [ 0840ABBBDF438691EE65A20040635CBE, F83597ECECFADBA45242B683A19A01ADF84203B016301B64530C7BE8234175E8 ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe 00:27:19.0401 0x2c6c DockLoginService - ok 00:27:19.0451 0x2c6c [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll 00:27:19.0466 0x2c6c dot3svc - ok 00:27:19.0482 0x2c6c [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll 00:27:19.0497 0x2c6c DPS - ok 00:27:19.0562 0x2c6c [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 00:27:19.0562 0x2c6c drmkaud - ok 00:27:19.0630 0x2c6c [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 00:27:19.0645 0x2c6c DXGKrnl - ok 00:27:19.0692 0x2c6c [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll 00:27:19.0692 0x2c6c EapHost - ok 00:27:19.0822 0x2c6c [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 00:27:19.0884 0x2c6c ebdrv - ok 00:27:19.0918 0x2c6c [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS C:\Windows\System32\lsass.exe 00:27:19.0996 0x2c6c EFS - ok 00:27:20.0061 0x2c6c [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 00:27:20.0077 0x2c6c ehRecvr - ok 00:27:20.0092 0x2c6c [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe 00:27:20.0108 0x2c6c ehSched - ok 00:27:20.0141 0x2c6c [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 00:27:20.0157 0x2c6c elxstor - ok 00:27:20.0204 0x2c6c [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys 00:27:20.0219 0x2c6c ErrDev - ok 00:27:20.0256 0x2c6c [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll 00:27:20.0271 0x2c6c EventSystem - ok 00:27:20.0463 0x2c6c [ B56D9602DB5FE1C116B1CA5EFD8E2E50, 34F52939089A98860E659BEF6AB8275BC50C33CC282DD3D34E13909BB7E3E575 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe 00:27:20.0495 0x2c6c EvtEng - ok 00:27:20.0544 0x2c6c [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys 00:27:20.0544 0x2c6c exfat - ok 00:27:20.0575 0x2c6c [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys 00:27:20.0575 0x2c6c fastfat - ok 00:27:20.0640 0x2c6c [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe 00:27:20.0656 0x2c6c Fax - ok 00:27:20.0702 0x2c6c [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys 00:27:20.0702 0x2c6c fdc - ok 00:27:20.0721 0x2c6c [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll 00:27:20.0736 0x2c6c fdPHost - ok 00:27:20.0752 0x2c6c [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll 00:27:20.0752 0x2c6c FDResPub - ok 00:27:20.0767 0x2c6c [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 00:27:20.0767 0x2c6c FileInfo - ok 00:27:20.0783 0x2c6c [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 00:27:20.0783 0x2c6c Filetrace - ok 00:27:20.0799 0x2c6c [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 00:27:20.0799 0x2c6c flpydisk - ok 00:27:20.0832 0x2c6c [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 00:27:20.0848 0x2c6c FltMgr - ok 00:27:20.0895 0x2c6c [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll 00:27:20.0928 0x2c6c FontCache - ok 00:27:21.0006 0x2c6c [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 00:27:21.0006 0x2c6c FontCache3.0.0.0 - ok 00:27:21.0087 0x2c6c [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 00:27:21.0087 0x2c6c FsDepends - ok 00:27:21.0102 0x26a8 Object send P2P result: true 00:27:21.0121 0x2c6c [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 00:27:21.0121 0x2c6c Fs_Rec - ok 00:27:21.0152 0x2c6c [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 00:27:21.0152 0x2c6c fvevol - ok 00:27:21.0199 0x2c6c [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 00:27:21.0199 0x2c6c gagp30kx - ok 00:27:21.0235 0x2c6c [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 00:27:21.0235 0x2c6c GEARAspiWDM - ok 00:27:21.0297 0x2c6c [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll 00:27:21.0313 0x2c6c gpsvc - ok 00:27:21.0393 0x2c6c [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 00:27:21.0409 0x2c6c gupdate - ok 00:27:21.0458 0x2c6c [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 00:27:21.0458 0x2c6c gupdatem - ok 00:27:21.0489 0x2c6c [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 00:27:21.0489 0x2c6c hcw85cir - ok 00:27:21.0570 0x2c6c [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 00:27:21.0570 0x2c6c HDAudBus - ok 00:27:21.0601 0x2c6c [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys 00:27:21.0601 0x2c6c HECIx64 - ok 00:27:21.0619 0x2c6c [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 00:27:21.0619 0x2c6c HidBatt - ok 00:27:21.0635 0x2c6c [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 00:27:21.0650 0x2c6c HidBth - ok 00:27:21.0682 0x2c6c [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 00:27:21.0682 0x2c6c HidIr - ok 00:27:21.0713 0x2c6c [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll 00:27:21.0715 0x2c6c hidserv - ok 00:27:21.0762 0x2c6c [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\drivers\hidusb.sys 00:27:21.0762 0x2c6c HidUsb - ok 00:27:21.0809 0x2c6c [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll 00:27:21.0809 0x2c6c hkmsvc - ok 00:27:21.0843 0x2c6c [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll 00:27:21.0858 0x2c6c HomeGroupListener - ok 00:27:21.0889 0x2c6c [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 00:27:21.0905 0x2c6c HomeGroupProvider - ok 00:27:21.0970 0x2c6c [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 00:27:21.0970 0x2c6c HpSAMD - ok 00:27:22.0035 0x2c6c [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys 00:27:22.0050 0x2c6c HTTP - ok 00:27:22.0097 0x2c6c [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 00:27:22.0097 0x2c6c hwpolicy - ok 00:27:22.0146 0x2c6c [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 00:27:22.0146 0x2c6c i8042prt - ok 00:27:22.0243 0x2c6c [ ABBF174CB394F5C437410A788B7E404A, 95554F675329E7062F0936E4E902FEFF2456CAD95D6C9B60DCC213EF6E4C62D8 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 00:27:22.0243 0x2c6c iaStor - ok 00:27:22.0385 0x2c6c [ 31A0E93CDF29007D6C6FFFB632F375ED, CA464928E9868B9A09C324DBBC8DA41A01C5C486B43578FC695250D523DE555B ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe 00:27:22.0385 0x2c6c IAStorDataMgrSvc - ok 00:27:22.0401 0x2c6c [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 00:27:22.0419 0x2c6c iaStorV - ok 00:27:22.0482 0x2c6c [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 00:27:22.0513 0x2c6c idsvc - ok 00:27:22.0578 0x2c6c IEEtwCollectorService - ok 00:27:22.0609 0x2c6c [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 00:27:22.0609 0x2c6c iirsp - ok 00:27:22.0656 0x2c6c [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll 00:27:22.0671 0x2c6c IKEEXT - ok 00:27:22.0796 0x2c6c [ 491DADCC74327FABC85E0AB80AF8F204, 6E2CCC161EBDE932F800C90DACD59568E10851FC74236D33ECBC654B1FBA71EA ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 00:27:22.0845 0x2c6c IntcAzAudAddService - ok 00:27:22.0877 0x2c6c [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys 00:27:22.0892 0x2c6c intelide - ok 00:27:22.0926 0x2c6c [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 00:27:22.0926 0x2c6c intelppm - ok 00:27:22.0957 0x2c6c [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll 00:27:22.0957 0x2c6c IPBusEnum - ok 00:27:23.0004 0x2c6c [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 00:27:23.0019 0x2c6c IpFilterDriver - ok 00:27:23.0069 0x2c6c [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 00:27:23.0084 0x2c6c iphlpsvc - ok 00:27:23.0118 0x2c6c [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 00:27:23.0134 0x2c6c IPMIDRV - ok 00:27:23.0149 0x2c6c [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys 00:27:23.0165 0x2c6c IPNAT - ok 00:27:23.0243 0x2c6c [ 0FA89CB1B99AD494CE36DD2DE717D696, 5B35B26C625306A7AD5A00FCAC46FD6D60061F1C8171352B5EF1C916A667AC92 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 00:27:23.0258 0x2c6c iPod Service - ok 00:27:23.0290 0x2c6c [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys 00:27:23.0290 0x2c6c IRENUM - ok 00:27:23.0305 0x2c6c ireyrvls - ok 00:27:23.0336 0x2c6c [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys 00:27:23.0336 0x2c6c isapnp - ok 00:27:23.0399 0x2c6c [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys E779, 440ECE9999FF17A70792E530A03A9D38F44C6245F06C47C988474E110C42168C ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys 00:27:23.0464 0x2c6c JMCR - ok 00:27:23.0479 0x2c6c [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys 00:27:23.0479 0x2c6c kbdclass - ok 00:27:23.0511 0x2c6c [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 00:27:23.0511 0x2c6c kbdhid - ok 00:27:23.0529 0x2c6c [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso C:\Windows\system32\lsass.exe 00:27:23.0529 0x2c6c KeyIso - ok 00:27:23.0560 0x2c6c [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 00:27:23.0560 0x2c6c KSecDD - ok 00:27:23.0591 0x2c6c [ 41774FF331F609EF442B7398EE6202B1, AD67DA06A74895C384F4A1F1CF47050DAEE9C6CE8AD12F1A116FC977B6C3A864 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 00:27:23.0591 0x2c6c KSecPkg - ok 00:27:23.0622 0x2c6c [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 00:27:23.0622 0x2c6c ksthunk - ok 00:27:23.0669 0x2c6c [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll 00:27:23.0685 0x2c6c KtmRm - ok 00:27:23.0700 0x2c6c kwyjdkfc - ok 00:27:23.0750 0x2c6c [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll 00:27:23.0765 0x2c6c LanmanServer - ok 00:27:23.0812 0x2c6c [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 00:27:23.0828 0x2c6c LanmanWorkstation - ok 00:27:23.0861 0x2c6c [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 00:27:23.0861 0x2c6c lltdio - ok 00:27:23.0908 0x2c6c [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll 00:27:23.0908 0x2c6c lltdsvc - ok 00:27:23.0939 0x2c6c [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll 00:27:23.0939 0x2c6c lmhosts - ok 00:27:24.0002 0x2c6c [ 23D990150D56B670A62B21B9ABDD45EE, BB9DBC0D02474976420321162C3AB1FDF975FA0494B1030488B03BC98A65F888 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 00:27:24.0017 0x2c6c LMS - ok 00:27:24.0048 0x2c6c logxmmoa - ok 00:27:24.0095 0x2c6c [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 00:27:24.0095 0x2c6c LSI_FC - ok 00:27:24.0160 0x2c6c [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 00:27:24.0176 0x2c6c LSI_SAS - ok 00:27:24.0225 0x2c6c [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 00:27:24.0225 0x2c6c LSI_SAS2 - ok 00:27:24.0241 0x2c6c [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 00:27:24.0256 0x2c6c LSI_SCSI - ok 00:27:24.0272 0x2c6c [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys 00:27:24.0272 0x2c6c luafv - ok 00:27:24.0303 0x2c6c mbcrpyut - ok 00:27:24.0433 0x2c6c [ 1704A8189EE5580AB147CFD25C5C8770, DFA076FD36B5CC844D4BE3B865E9A1F809E14CCB1D78D82A2D8D8EE38210E6EB ] McComponentHostService C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe 00:27:24.0448 0x2c6c McComponentHostService - ok 00:27:24.0495 0x2c6c [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 00:27:24.0495 0x2c6c Mcx2Svc - ok 00:27:24.0511 0x2c6c [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 00:27:24.0511 0x2c6c megasas - ok 00:27:24.0529 0x2c6c [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 00:27:24.0529 0x2c6c MegaSR - ok 00:27:24.0719 0x2c6c [ 42D6DB8B6B340EBDA04C910D0C5CE51C, 00E6F36C3E4B5128A93932621DD935DEE4878C998E62CCB868A2E12701C119A2 ] microsoft_skydrive C:\Windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\nph_insulin\capi2.exe 00:27:24.0862 0x2c6c microsoft_skydrive - ok 00:27:24.0893 0x2c6c [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll 00:27:24.0893 0x2c6c MMCSS - ok 00:27:24.0926 0x2c6c [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys 00:27:24.0926 0x2c6c Modem - ok 00:27:24.0973 0x2c6c [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 00:27:24.0973 0x2c6c monitor - ok 00:27:25.0004 0x2c6c [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 00:27:25.0004 0x2c6c mouclass - ok 00:27:25.0054 0x2c6c [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 00:27:25.0054 0x2c6c mouhid - ok 00:27:25.0119 0x2c6c [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 00:27:25.0121 0x2c6c mountmgr - ok 00:27:25.0248 0x2c6c [ 6439D1E559D08BD8A1465A8943357053, 0E300508C22D12FBA3BE566B722F574CBE1B4A1A305356B92B8EA8B86267071B ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys 00:27:25.0264 0x2c6c MpFilter - ok 00:27:25.0311 0x2c6c [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys 00:27:25.0311 0x2c6c mpio - ok 00:27:25.0521 0x2c6c [ 6DDB2BEFF00EA756FF0F65132330D4F4, A50749C3FDB57B686F91109CC55DF05300A6DF224B58649CE514506D074EADC9 ] MpKslcafc224f c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7587C0C0-6B36-4747-8F64-DBB36113111E}\MpKslcafc224f.sys 00:27:25.0521 0x2c6c MpKslcafc224f - ok 00:27:25.0552 0x2c6c [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 00:27:25.0552 0x2c6c mpsdrv - ok 00:27:25.0617 0x2c6c [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll 00:27:25.0648 0x2c6c MpsSvc - ok 00:27:25.0695 0x2c6c [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 00:27:25.0695 0x2c6c MRxDAV - ok 00:27:25.0729 0x2c6c [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 00:27:25.0729 0x2c6c mrxsmb - ok 00:27:25.0776 0x2c6c [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 00:27:25.0776 0x2c6c mrxsmb10 - ok 00:27:25.0791 0x2c6c [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 00:27:25.0791 0x2c6c mrxsmb20 - ok 00:27:25.0825 0x2c6c [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys 00:27:25.0825 0x2c6c msahci - ok 00:27:25.0841 0x2c6c [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys 00:27:25.0841 0x2c6c msdsm - ok 00:27:25.0872 0x2c6c [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe 00:27:25.0887 0x2c6c MSDTC - ok 00:27:25.0921 0x2c6c [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys 00:27:25.0921 0x2c6c Msfs - ok 00:27:25.0952 0x2c6c [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 00:27:25.0952 0x2c6c mshidkmdf - ok 00:27:25.0968 0x2c6c [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 00:27:25.0968 0x2c6c msisadrv - ok 00:27:26.0017 0x2c6c [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 00:27:26.0017 0x2c6c MSiSCSI - ok 00:27:26.0017 0x2c6c msiserver - ok 00:27:26.0048 0x2c6c [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 00:27:26.0048 0x2c6c MSKSSRV - ok 00:27:26.0160 0x2c6c [ F0D5494D8B177C37E16966262F5D0F68, DD63427DFFD9DD2BEC8336F6AD1BEFE347012331631DC5FEC65E83B1EACDBC67 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe 00:27:26.0160 0x2c6c MsMpSvc - ok 00:27:26.0191 0x2c6c [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 00:27:26.0191 0x2c6c MSPCLOCK - ok 00:27:26.0191 0x2c6c [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 00:27:26.0191 0x2c6c MSPQM - ok 00:27:26.0225 0x2c6c [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 00:27:26.0241 0x2c6c MsRPC - ok 00:27:26.0287 0x2c6c [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 00:27:26.0303 0x2c6c mssmbios - ok 00:27:26.0337 0x2c6c [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 00:27:26.0337 0x2c6c MSTEE - ok 00:27:26.0384 0x2c6c [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 00:27:26.0384 0x2c6c MTConfig - ok 00:27:26.0417 0x2c6c [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys 00:27:26.0417 0x2c6c Mup - ok 00:27:26.0511 0x2c6c [ A9BC2302FBDF52C8AF4E2FC966288D21, 4CBDCDCC2BA8133BDC0BA1A1EB47FB9241CAACF93544BAD37175417DA9E616D6 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe 00:27:26.0511 0x2c6c MyWiFiDHCPDNS - ok 00:27:26.0545 0x2c6c mznekkmt - ok 00:27:26.0641 0x2c6c [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll 00:27:26.0656 0x2c6c napagent - ok 00:27:26.0719 0x2c6c [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 00:27:26.0721 0x2c6c NativeWifiP - ok 00:27:26.0960 0x2c6c [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys 00:27:26.0991 0x2c6c NDIS - ok 00:27:27.0007 0x2c6c [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 00:27:27.0007 0x2c6c NdisCap - ok 00:27:27.0072 0x2c6c [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 00:27:27.0072 0x2c6c NdisTapi - ok 00:27:27.0103 0x2c6c [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 00:27:27.0103 0x2c6c Ndisuio - ok 00:27:27.0155 0x2c6c [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 00:27:27.0155 0x2c6c NdisWan - ok 00:27:27.0282 0x2c6c [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 00:27:27.0298 0x2c6c NDProxy - ok 00:27:27.0298 0x2c6c [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 00:27:27.0298 0x2c6c NetBIOS - ok 00:27:27.0363 0x2c6c [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 00:27:27.0378 0x2c6c NetBT - ok 00:27:27.0394 0x2c6c [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon C:\Windows\system32\lsass.exe 00:27:27.0394 0x2c6c Netlogon - ok 00:27:27.0428 0x2c6c [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll 00:27:27.0443 0x2c6c Netman - ok 00:27:27.0524 0x2c6c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 00:27:27.0555 0x2c6c NetMsmqActivator - ok 00:27:27.0570 0x2c6c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 00:27:27.0586 0x2c6c NetPipeActivator - ok 00:27:27.0602 0x2c6c [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll 00:27:27.0620 0x2c6c netprofm - ok 00:27:27.0620 0x2c6c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 00:27:27.0620 0x2c6c NetTcpActivator - ok 00:27:27.0635 0x2c6c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 3AE5, 35F8C0DFCF14780F86AD9A476A7AE22A98589B27ED9C7E109945CBBD227E6E2B ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys 00:27:28.0067 0x2c6c NETw5s64 - ok 00:27:28.0116 0x2c6c [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 00:27:28.0116 0x2c6c nfrd960 - ok 00:27:28.0178 0x2c6c [ F9EEFFC65C68A45001D1349E652B8B6F, E5F223129416083A12A85D48C65B2C8D1BF1124110399938E144308C89F9241D ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys 00:27:28.0178 0x2c6c NisDrv - ok 00:27:28.0243 0x2c6c [ 9690F420A99364C1E5C439914B0DE25C, 6C6E0B27C4255001FE5F1EAD911DE1A8BF922C405B0C8031A6BD253CEB1D02A6 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe 00:27:28.0243 0x2c6c NisSrv - ok 00:27:28.0337 0x2c6c [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll 00:27:28.0339 0x2c6c NlaSvc - ok 00:27:28.0355 0x2c6c [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys 00:27:28.0370 0x2c6c Npfs - ok 00:27:28.0451 0x2c6c [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll 00:27:28.0451 0x2c6c nsi - ok 00:27:28.0482 0x2c6c [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 00:27:28.0482 0x2c6c nsiproxy - ok 00:27:28.0563 0x2c6c [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 00:27:28.0609 0x2c6c Ntfs - ok 00:27:28.0625 0x2c6c [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys 00:27:28.0628 0x2c6c Null - ok 00:27:28.0692 0x2c6c [ 285ACEC1B13A15BA520AAE06BACB9CFF, A6F576763818D4EAB2CDA3857F2963F61FDA67D7B581C52E1EB1DDB32FD642C3 ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys 00:27:28.0692 0x2c6c nusb3hub - ok 00:27:28.0726 0x2c6c [ F6D625FF7B56BB6EA063F0D3A5BBC996, 830196E96C120367BDA8C0EC9D7B85A642D41E8108189B1A72193299A6C005B1 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys 00:27:28.0726 0x2c6c nusb3xhc - ok 00:27:28.0757 0x2c6c [ 1F07B814C0BB5AABA703ABFF1F31F2E8, 07F578686CAE0FAB5462B472A03DD1BC5DFE0D5DA6307895534CECC330C3D220 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys 00:27:28.0773 0x2c6c NVHDA - ok 00:27:29.0178 0x2c6c [ 011F0596D167D073E6813AE88E7947A9, 2EF87754BE6477DAEF0B1C60C5BA5B6E038D2687EDCBE0A15B1A0862FF8D81BE ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 00:27:29.0560 0x2c6c nvlddmkm - ok 00:27:29.0638 0x2c6c [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys 00:27:29.0638 0x2c6c nvraid - ok 00:27:29.0669 0x2c6c [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys 00:27:29.0669 0x2c6c nvstor - ok 00:27:29.0700 0x2c6c [ E72422F9C55078DFA298AC7AA0A87970, F6CB073B5BCD66E77BAF45E1FA3F8A6AE337728F7AE21FF53319669FA82A0C82 ] nvsvc C:\Windows\system32\nvvsvc.exe 00:27:29.0700 0x2c6c nvsvc - ok 00:27:29.0778 0x2c6c [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 00:27:29.0778 0x2c6c nv_agp - ok 00:27:29.0872 0x2c6c [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 00:27:29.0872 0x2c6c odserv - ok 00:27:29.0903 0x2c6c [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 00:27:29.0903 0x2c6c ohci1394 - ok 00:27:29.0965 0x2c6c [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 00:27:29.0965 0x2c6c ose - ok 00:27:30.0199 0x2c6c [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 00:27:30.0309 0x2c6c osppsvc - ok 00:27:30.0355 0x2c6c [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 00:27:30.0371 0x2c6c p2pimsvc - ok 00:27:30.0387 0x2c6c [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll 00:27:30.0402 0x2c6c p2psvc - ok 00:27:30.0433 0x2c6c [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys 00:27:30.0449 0x2c6c Parport - ok 00:27:30.0465 0x2c6c [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys 00:27:30.0465 0x2c6c partmgr - ok 00:27:30.0480 0x2c6c [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll 00:27:30.0480 0x2c6c PcaSvc - ok 00:27:30.0543 0x2c6c [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys 00:27:30.0543 0x2c6c pci - ok 00:27:30.0574 0x2c6c [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys 00:27:30.0574 0x2c6c pciide - ok 00:27:30.0605 0x2c6c [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 00:27:30.0605 0x2c6c pcmcia - ok 00:27:30.0636 0x2c6c [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys 00:27:30.0636 0x2c6c pcw - ok 00:27:30.0652 0x2c6c [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys 00:27:30.0667 0x2c6c PEAUTH - ok 00:27:30.0761 0x2c6c [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe 00:27:30.0761 0x2c6c PerfHost - ok 00:27:30.0839 0x2c6c [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll 00:27:30.0870 0x2c6c pla - ok 00:27:30.0917 0x2c6c [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 00:27:30.0917 0x2c6c PlugPlay - ok 00:27:30.0948 0x2c6c [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 00:27:30.0948 0x2c6c PNRPAutoReg - ok 00:27:30.0979 0x2c6c [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 00:27:30.0979 0x2c6c PNRPsvc - ok 00:27:31.0011 0x2c6c [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 00:27:31.0026 0x2c6c PolicyAgent - ok 00:27:31.0057 0x2c6c [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll 00:27:31.0057 0x2c6c Power - ok 00:27:31.0089 0x2c6c [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 00:27:31.0104 0x2c6c PptpMiniport - ok 00:27:31.0135 0x2c6c [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys 00:27:31.0135 0x2c6c Processor - ok 00:27:31.0198 0x2c6c [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll 00:27:31.0198 0x2c6c ProfSvc - ok 00:27:31.0213 0x2c6c [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe 00:27:31.0213 0x2c6c ProtectedStorage - ok 00:27:31.0276 0x2c6c [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys 00:27:31.0291 0x2c6c Psched - ok 00:27:31.0323 0x2c6c [ 87B04878A6D59D6C79251DC960C674C1, 3EB8DB0624E646F0A65D0381408D35CF9FDC5ABFC30DF6431F4070A8EB68447C ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys 00:27:31.0323 0x2c6c PxHlpa64 - ok 00:27:31.0354 0x2c6c [ 0928BD20273625622722FE1DE5BBDE57, 5313C222F8810D3A62CCE64482B5E50E58BBE2A2C298A23C84A454C34324AC52 ] qicflt C:\Windows\system32\DRIVERS\qicflt.sys 00:27:31.0354 0x2c6c qicflt - ok 00:27:31.0463 0x2c6c [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 00:27:31.0494 0x2c6c ql2300 - ok 00:27:31.0510 0x2c6c [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 00:27:31.0510 0x2c6c ql40xx - ok 00:27:31.0557 0x2c6c [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll 00:27:31.0572 0x2c6c QWAVE - ok 00:27:31.0572 0x2c6c [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 00:27:31.0572 0x2c6c QWAVEdrv - ok 00:27:31.0588 0x2c6c [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 00:27:31.0603 0x2c6c RasAcd - ok 00:27:31.0650 0x2c6c [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 00:27:31.0650 0x2c6c RasAgileVpn - ok 00:27:31.0666 0x2c6c [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll 00:27:31.0666 0x2c6c RasAuto - ok 00:27:31.0697 0x2c6c [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 00:27:31.0713 0x2c6c Rasl2tp - ok 00:27:31.0775 0x2c6c [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll 00:27:31.0791 0x2c6c RasMan - ok 00:27:31.0806 0x2c6c [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 00:27:31.0806 0x2c6c RasPppoe - ok 00:27:31.0837 0x2c6c [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 00:27:31.0837 0x2c6c RasSstp - ok 00:27:31.0900 0x2c6c [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 00:27:31.0915 0x2c6c rdbss - ok 00:27:31.0931 0x2c6c [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 00:27:31.0931 0x2c6c rdpbus - ok 00:27:31.0962 0x2c6c [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 00:27:31.0962 0x2c6c RDPCDD - ok 00:27:32.0009 0x2c6c [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 00:27:32.0009 0x2c6c RDPENCDD - ok 00:27:32.0025 0x2c6c [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 00:27:32.0025 0x2c6c RDPREFMP - ok 00:27:32.0071 0x2c6c [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys 00:27:32.0087 0x2c6c RdpVideoMiniport - ok 00:27:32.0118 0x2c6c [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 00:27:32.0134 0x2c6c RDPWD - ok 00:27:32.0181 0x2c6c [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 00:27:32.0196 0x2c6c rdyboost - ok 00:27:32.0274 0x2c6c [ 0AA473966357C4A41B5EB19649EB6E5E, D4F1EADDECE41481332CBF03B8CAB4AC6AB048834DF013DB30757E7941F306FE ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe 00:27:32.0290 0x2c6c RegSrvc - ok 00:27:32.0321 0x2c6c [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll 00:27:32.0321 0x2c6c RemoteAccess - ok 00:27:32.0352 0x2c6c [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll 00:27:32.0368 0x2c6c RemoteRegistry - ok 00:27:32.0430 0x2c6c [ 7B04C9843921AB1F695FB395422C5360, C9B02BE0384357FD242613C2A12029B45322AF9A795CD69F33500CA7530899A7 ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys 00:27:32.0430 0x2c6c RimUsb - ok 00:27:32.0617 0x2c6c [ BDDC447AB46625A54619808575D5CB46, 5321343BFB972A111D27DED7A3F3A3520E0C77104E6139ADC7765C76A459ED9C ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe 00:27:32.0649 0x2c6c RoxMediaDB12OEM - ok 00:27:32.0695 0x2c6c [ CE203243ADF512540249DF9C264F12DD, 7BC0A6E9A422D832DDF046F28EA0F80A879A007B7116C4B830D6A39DCDD09EF5 ] RoxWatch12 C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe 00:27:32.0695 0x2c6c RoxWatch12 - ok 00:27:32.0711 0x2c6c [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 00:27:32.0727 0x2c6c RpcEptMapper - ok 00:27:32.0742 0x2c6c [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe 00:27:32.0742 0x2c6c RpcLocator - ok 00:27:32.0789 0x2c6c [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll 00:27:32.0805 0x2c6c RpcSs - ok 00:27:32.0836 0x2c6c [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 00:27:32.0836 0x2c6c rspndr - ok 00:27:32.0929 0x2c6c [ EE082E06A82FF630351D1E0EBBD3D8D0, 537F1A4108BDA72E8DD271466E7B7FCF39D4D55E4129AB35A409AB7AF2E7D219 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 00:27:32.0945 0x2c6c RTL8167 - ok 00:27:32.0945 0x2c6c rvqhafqh - ok 00:27:32.0961 0x2c6c [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs C:\Windows\system32\lsass.exe 00:27:32.0961 0x2c6c SamSs - ok 00:27:32.0992 0x2c6c [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 00:27:32.0992 0x2c6c sbp2port - ok 00:27:33.0054 0x2c6c [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll 00:27:33.0070 0x2c6c SCardSvr - ok 00:27:33.0085 0x2c6c [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 00:27:33.0085 0x2c6c scfilter - ok 00:27:33.0148 0x2c6c [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll 00:27:33.0163 0x2c6c Schedule - ok 00:27:33.0195 0x2c6c [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll 00:27:33.0210 0x2c6c SCPolicySvc - ok 00:27:33.0226 0x2c6c [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus C:\Windows\system32\drivers\sdbus.sys 00:27:33.0241 0x2c6c sdbus - ok 00:27:33.0288 0x2c6c [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll 00:27:33.0304 0x2c6c SDRSVC - ok 00:27:33.0319 0x2c6c [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys 00:27:33.0319 0x2c6c secdrv - ok 00:27:33.0351 0x2c6c [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll 00:27:33.0351 0x2c6c seclogon - ok 00:27:33.0366 0x2c6c [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll 00:27:33.0366 0x2c6c SENS - ok 00:27:33.0397 0x2c6c [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll 00:27:33.0397 0x2c6c SensrSvc - ok 00:27:33.0429 0x2c6c [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 00:27:33.0429 0x2c6c Serenum - ok 00:27:33.0444 0x2c6c [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys 00:27:33.0444 0x2c6c Serial - ok 00:27:33.0522 0x2c6c [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 00:27:33.0522 0x2c6c sermouse - ok 00:27:33.0569 0x2c6c [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll 00:27:33.0585 0x2c6c SessionEnv - ok 00:27:33.0600 0x2c6c [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys 00:27:33.0600 0x2c6c sffdisk - ok 00:27:33.0647 0x2c6c [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 00:27:33.0647 0x2c6c sffp_mmc - ok 00:27:33.0663 0x2c6c [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys 00:27:33.0663 0x2c6c sffp_sd - ok 00:27:33.0694 0x2c6c [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 00:27:33.0694 0x2c6c sfloppy - ok 00:27:33.0756 0x2c6c [ 2046AA7491DE7EFA4D70E615D9BC9D09, A8763D059AD68D5842C407FA9644E0B129BEF0F63CD87E62B80B05441EDC3489 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys 00:27:33.0772 0x2c6c Sftfs - ok 00:27:33.0850 0x2c6c [ 77C5A741A7452812F278EF2C18478862, 0B763679EB7EFB8ED9DCE7B429706E939BB65BA6BCF1BAE0E0426D4E87074B8C ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe 00:27:33.0850 0x2c6c sftlist - ok 00:27:33.0881 0x2c6c [ 0E0446BC4D51BE4263ACB7E33491191C, 2AD039FB440560658C4E06F67CC192EF71577EF3FF789A43C08430CE5EAE5A70 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys 00:27:33.0897 0x2c6c Sftplay - ok 00:27:33.0912 0x2c6c [ C5FB982CD266E604ED3142102C26D62C, A6BC0D72E98F924274ECAD49C85F0775D1CD45B97CD43F53DF3992B560835FC5 ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys 00:27:33.0912 0x2c6c Sftredir - ok 00:27:34.0021 0x2c6c [ E1974A92AC0914A3859359A0A8C82C68, 4908917F72D6E531B44488F06A05915F0DA9767758E44C886F5F93F46BA79654 ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE 00:27:34.0037 0x2c6c SftService - ok 00:27:34.0053 0x2c6c [ 2575511AF67AA1FA068CCC4918E2C2A3, 3152FF5AC2CF6FE966DA59B1B33E22F9BD9B6BB4310441870528364BA9501A4D ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys 00:27:34.0068 0x2c6c Sftvol - ok 00:27:34.0099 0x2c6c [ 39B1D0A636A400304565D4521FAD6D77, 1F01DB35B5A477AA7A77585C9304E6B5F3E67807531305BCA93A7F494CED8F59 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe 00:27:34.0115 0x2c6c sftvsa - ok 00:27:34.0287 0x2c6c [ E2266AFC49C3F48C02FE5B3FBA1E872D, FABC970301901B72BD8AE9EF88A058899CBFB16083F6FDDC8D24F53E8E6A4747 ] share C:\Windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\nph_insulin\destination.exe 00:27:34.0287 0x2c6c share - ok 00:27:34.0365 0x2c6c [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll 00:27:34.0380 0x2c6c SharedAccess - ok 00:27:34.0427 0x2c6c [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 00:27:34.0427 0x2c6c ShellHWDetection - ok 00:27:34.0474 0x2c6c [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 00:27:34.0474 0x2c6c SiSRaid2 - ok 00:27:34.0489 0x2c6c [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 00:27:34.0489 0x2c6c SiSRaid4 - ok 00:27:34.0599 0x2c6c [ 050A4112B00BCA2E13314CDE48C1DEEE, 86C679CD494DEEB984372BF954EFBB8982AC7995FBF89FCF83BC228991D1B825 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 00:27:34.0599 0x2c6c SkypeUpdate - ok 00:27:34.0661 0x2c6c [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys 00:27:34.0661 0x2c6c Smb - ok 00:27:34.0708 0x2c6c [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 00:27:34.0708 0x2c6c SNMPTRAP - ok 00:27:34.0739 0x2c6c [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys 00:27:34.0739 0x2c6c spldr - ok 00:27:34.0817 0x2c6c [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe 00:27:34.0817 0x2c6c Spooler - ok 00:27:34.0957 0x2c6c [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe 00:27:35.0051 0x2c6c sppsvc - ok 00:27:35.0067 0x2c6c [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll 00:27:35.0067 0x2c6c sppuinotify - ok 00:27:35.0098 0x2c6c [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys 00:27:35.0113 0x2c6c srv - ok 00:27:35.0129 0x2c6c [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 00:27:35.0145 0x2c6c srv2 - ok 00:27:35.0160 0x2c6c [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 00:27:35.0160 0x2c6c srvnet - ok 00:27:35.0207 0x2c6c [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 00:27:35.0223 0x2c6c SSDPSRV - ok 00:27:35.0254 0x2c6c [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll 00:27:35.0254 0x2c6c SstpSvc - ok 00:27:35.0285 0x2c6c [ 92E7F6666633D2DD91D527503DAA7BE0, E97C7FFCAF2C7A83B270B6C797A91C2731FEA26874FE1E59B4CB55D5D98744BB ] stdcfltn C:\Windows\system32\DRIVERS\stdcfltn.sys 00:27:35.0285 0x2c6c stdcfltn - ok 00:27:35.0394 0x2c6c [ C6539A0CB1EBFF488D3D4B070C4F17F8, F889F58BF2ABDAD91E814D7F72879EFA735F672E6B8BAC22D8B3E390D3D93926 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 00:27:35.0441 0x2c6c [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 00:27:35.0441 0x2c6c stexstor - ok 00:27:35.0488 0x2c6c [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys 00:27:35.0488 0x2c6c StillCam - ok 00:27:35.0566 0x2c6c [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll 00:27:35.0581 0x2c6c stisvc - ok 00:27:35.0628 0x2c6c [ 9E182DD94496550A22A392CC1A8E0F52, 6F630982F7AFDF409F24BB0D9815592000FC8A47200F4FEC4A5C5ED241810244 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe 00:27:35.0628 0x2c6c stllssvr - ok 00:27:35.0659 0x2c6c [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys 00:27:35.0659 0x2c6c swenum - ok 00:27:35.0691 0x2c6c [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll 00:27:35.0706 0x2c6c swprv - ok 00:27:35.0784 0x2c6c [ 36F506C894E1EA59C65FAF6398BDF49A, 70B7CA69958796C3AFA1ACA4C3BF054CBFEE84DC73A55D395EFED4A80B5399A2 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 00:27:35.0815 0x2c6c SynTP - ok 00:27:35.0893 0x2c6c [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll 00:27:35.0940 0x2c6c SysMain - ok 00:27:36.0018 0x2c6c [ C7A3D0DA9A546B9127A88CDFC514A531, 7234E42EC90A393626B5F528151952F248F790AD40BB6B966EC4FB5D9BB6059C ] SystemStoreService C:\Program Files (x86)\SoftwareUpdater\SystemStore.exe 00:27:36.0034 0x2c6c SystemStoreService - ok 00:27:36.0096 0x2c6c [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll 00:27:36.0096 0x2c6c TabletInputService - ok 00:27:36.0127 0x2c6c [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll 00:27:36.0127 0x2c6c TapiSrv - ok 00:27:36.0159 0x2c6c [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll 00:27:36.0159 0x2c6c TBS - ok 00:27:36.0283 0x2c6c [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 00:27:36.0330 0x2c6c Tcpip - ok 00:27:36.0393 0x2c6c [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 00:27:36.0424 0x2c6c TCPIP6 - ok 00:27:36.0471 0x2c6c [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 00:27:36.0471 0x2c6c tcpipreg - ok 00:27:36.0502 0x2c6c [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 00:27:36.0502 0x2c6c TDPIPE - ok 00:27:36.0564 0x2c6c [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 00:27:36.0564 0x2c6c TDTCP - ok 00:27:36.0595 0x2c6c [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 00:27:36.0595 0x2c6c tdx - ok 00:27:36.0829 0x2c6c [ 9CC341BE32EEC138702795768DE9DE99, 61F580B40075680C72E40286BC6D69E94653A0F5574FFE08B46A9011AC88C58B ] TeamViewer9 C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe 00:27:36.0954 0x2c6c TeamViewer9 - ok 00:27:36.0985 0x2c6c [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys 00:27:36.0985 0x2c6c TermDD - ok 00:27:37.0032 0x2c6c [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll 00:27:37.0048 0x2c6c TermService - ok 00:27:37.0079 0x2c6c [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll 00:27:37.0079 0x2c6c Themes - ok 00:27:37.0110 0x2c6c [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll 00:27:37.0110 0x2c6c THREADORDER - ok 00:27:37.0110 0x2c6c [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll 00:27:37.0126 0x2c6c TrkWks - ok 00:27:37.0219 0x2c6c [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 00:27:37.0219 0x2c6c TrustedInstaller - ok 00:27:37.0251 0x2c6c [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 00:27:37.0251 0x2c6c tssecsrv - ok 00:27:37.0360 0x2c6c [ 17C6B51CBCCDED95B3CC14E22791F85E, EE417C19E9B2C258D62A74F1F2421AFFBAC67ACD62481CAA08F5B6A3439C1D7C ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 00:27:37.0360 0x2c6c TsUsbFlt - ok 00:27:37.0407 0x2c6c [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 00:27:37.0407 0x2c6c tunnel - ok 00:27:37.0453 0x2c6c [ 825E7A1F48FB8BCFBA27C178AAB4E275, 94F039917B52BEFFFE383E14A6169AE81B6E79C30BA7DD017A9CFE15708A1605 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys 00:27:37.0453 0x2c6c TurboB - ok 00:27:37.0500 0x2c6c [ B206BE1174D5964D49A56BB6C4E0524A, 9D7DA11220B69E2EDEA9E55EC0E4CB554DD7F638ABF49B76353CE5A5C75965B8 ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe 00:27:37.0500 0x2c6c TurboBoost - ok 00:27:37.0563 0x2c6c [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 00:27:37.0563 0x2c6c uagp35 - ok 00:27:37.0594 0x2c6c [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 00:27:37.0609 0x2c6c udfs - ok 00:27:37.0625 0x2c6c [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe 00:27:37.0625 0x2c6c UI0Detect - ok 00:27:37.0687 0x2c6c [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 00:27:37.0703 0x2c6c uliagpkx - ok 00:27:37.0734 0x2c6c [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\drivers\umbus.sys 00:27:37.0734 0x2c6c umbus - ok 00:27:37.0765 0x2c6c [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 00:27:37.0765 0x2c6c UmPass - ok 00:27:37.0937 0x2c6c [ CBDEE152D73200EE49031A26310B9D3E, 92E22235446F8DB3BFE97EDE7DE7D33F43EAC5957C5B41ACCEC4EBFD19BFF819 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 00:27:37.0984 0x2c6c UNS - ok 00:27:38.0015 0x2c6c [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll 00:27:38.0031 0x2c6c upnphost - ok 00:27:38.0077 0x2c6c [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 00:27:38.0077 0x2c6c USBAAPL64 - ok 00:27:38.0155 0x2c6c [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 00:27:38.0155 0x2c6c usbaudio - ok 00:27:38.0202 0x2c6c [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 00:27:38.0202 0x2c6c usbccgp - ok 00:27:38.0233 0x2c6c [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys 00:27:38.0233 0x2c6c usbcir - ok 00:27:38.0265 0x2c6c [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\drivers\usbehci.sys 00:27:38.0265 0x2c6c usbehci - ok 00:27:38.0311 0x2c6c [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 00:27:38.0327 0x2c6c usbhub - ok 00:27:38.0358 0x2c6c [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys 00:27:38.0358 0x2c6c usbohci - ok 00:27:38.0405 0x2c6c [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 00:27:38.0405 0x2c6c usbprint - ok 00:27:38.0452 0x2c6c [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 00:27:38.0467 0x2c6c USBSTOR - ok 00:27:38.0499 0x2c6c [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 00:27:38.0499 0x2c6c usbuhci - ok 00:27:38.0530 0x2c6c [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 00:27:38.0530 0x2c6c usbvideo - ok 00:27:38.0545 0x2c6c [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll 00:27:38.0545 0x2c6c UxSms - ok 00:27:38.0561 0x2c6c uzdhxgpw - ok 00:27:38.0577 0x2c6c [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc C:\Windows\system32\lsass.exe 00:27:38.0592 0x2c6c VaultSvc - ok 00:27:38.0639 0x2c6c [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 00:27:38.0639 0x2c6c vdrvroot - ok 00:27:38.0686 0x2c6c [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe 00:27:38.0701 0x2c6c vds - ok 00:27:38.0717 0x2c6c [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 00:27:38.0733 0x2c6c vga - ok 00:27:38.0733 0x2c6c [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys 00:27:38.0748 0x2c6c VgaSave - ok 00:27:38.0764 0x2c6c [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 00:27:38.0764 0x2c6c vhdmp - ok 00:27:38.0811 0x2c6c [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys 00:27:38.0811 0x2c6c viaide - ok 00:27:38.0857 0x2c6c [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys 00:27:38.0857 0x2c6c volmgr - ok 00:27:38.0889 0x2c6c [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 00:27:38.0904 0x2c6c volmgrx - ok 00:27:38.0920 0x2c6c [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys 00:27:38.0935 0x2c6c volsnap - ok 00:27:38.0935 0x2c6c vparxfrs - ok 00:27:38.0967 0x2c6c [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 00:27:38.0982 0x2c6c vsmraid - ok 00:27:39.0045 0x2c6c [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe 00:27:39.0076 0x2c6c VSS - ok 00:27:39.0107 0x2c6c [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 00:27:39.0107 0x2c6c vwifibus - ok 00:27:39.0107 0x2c6c [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 00:27:39.0107 0x2c6c vwififlt - ok 00:27:39.0169 0x2c6c [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 00:27:39.0185 0x2c6c vwifimp - ok 00:27:39.0232 0x2c6c [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll 00:27:39.0247 0x2c6c W32Time - ok 00:27:39.0263 0x2c6c [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 00:27:39.0263 0x2c6c WacomPen - ok 00:27:39.0294 0x2c6c [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 00:27:39.0294 0x2c6c WANARP - ok 00:27:39.0310 0x2c6c [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 00:27:39.0310 0x2c6c Wanarpv6 - ok 00:27:39.0388 0x2c6c [ ECEB715BECE47E101DDEC06B11126066, 6BD577D6EABD48B1BA31955DB3DEEE68528EA54375CA64D233B723D161B45CBA ] wanatw C:\Windows\system32\DRIVERS\wanatw64.sys 00:27:39.0388 0x2c6c wanatw - ok 00:27:39.0481 0x2c6c [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe 00:27:39.0513 0x2c6c wbengine - ok 00:27:39.0544 0x2c6c [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 00:27:39.0544 0x2c6c WbioSrvc - ok 00:27:39.0591 0x2c6c [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll 00:27:39.0591 0x2c6c wcncsvc - ok 00:27:39.0606 0x2c6c [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 00:27:39.0622 0x2c6c WcsPlugInService - ok 00:27:39.0637 0x2c6c [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys 00:27:39.0637 0x2c6c Wd - ok 00:27:39.0684 0x2c6c [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 00:27:39.0700 0x2c6c Wdf01000 - ok 00:27:39.0762 0x2c6c [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll 00:27:39.0778 0x2c6c WdiServiceHost - ok 00:27:39.0778 0x2c6c [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll 00:27:39.0793 0x2c6c WdiSystemHost - ok 00:27:39.0840 0x2c6c [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll 00:27:39.0856 0x2c6c WebClient - ok 00:27:39.0871 0x2c6c [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll 00:27:39.0871 0x2c6c Wecsvc - ok 00:27:39.0903 0x2c6c [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll 00:27:39.0903 0x2c6c wercplsupport - ok 00:27:39.0918 0x2c6c [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll 00:27:39.0918 0x2c6c WerSvc - ok 00:27:39.0949 0x2c6c [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 00:27:39.0949 0x2c6c WfpLwf - ok 00:27:40.0027 0x2c6c [ B14EF15BD757FA488F9C970EEE9C0D35, F27DF2D47E7076786AE7C396583D7A1C56B93E766711066C900964FC7313E794 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys 00:27:40.0027 0x2c6c WimFltr - ok 00:27:40.0043 0x2c6c [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys 00:27:40.0059 0x2c6c WIMMount - ok 00:27:40.0074 0x2c6c WinDefend - ok 00:27:40.0105 0x2c6c WinHttpAutoProxySvc - ok 00:27:40.0168 0x2c6c [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 00:27:40.0183 0x2c6c Winmgmt - ok 00:27:40.0355 0x2c6c [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll 00:27:40.0402 0x2c6c WinRM - ok 00:27:40.0464 0x2c6c [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 00:27:40.0464 0x2c6c WinUsb - ok 00:27:40.0527 0x2c6c [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll 00:27:40.0558 0x2c6c Wlansvc - ok 00:27:40.0714 0x2c6c [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 00:27:40.0776 0x2c6c wlidsvc - ok 00:27:40.0792 0x2c6c [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 00:27:40.0792 0x2c6c WmiAcpi - ok 00:27:40.0839 0x2c6c [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 00:27:40.0839 0x2c6c wmiApSrv - ok 00:27:40.0870 0x2c6c WMPNetworkSvc - ok 00:27:40.0901 0x2c6c [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll 00:27:40.0901 0x2c6c WPCSvc - ok 00:27:40.0932 0x2c6c [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 00:27:40.0932 0x2c6c WPDBusEnum - ok 00:27:40.0948 0x2c6c wrccyqbi - ok 00:27:40.0979 0x2c6c [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 00:27:40.0979 0x2c6c ws2ifsl - ok 00:27:41.0010 0x2c6c [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll 00:27:41.0010 0x2c6c wscsvc - ok 00:27:41.0010 0x2c6c WSearch - ok 00:27:41.0135 0x2c6c [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv C:\Windows\system32\wuaueng.dll 00:27:41.0197 0x2c6c wuauserv - ok 00:27:41.0229 0x2c6c [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 00:27:41.0229 0x2c6c WudfPf - ok 00:27:41.0291 0x2c6c [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 00:27:41.0291 0x2c6c WUDFRd - ok 00:27:41.0322 0x2c6c [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 00:27:41.0322 0x2c6c wudfsvc - ok 00:27:41.0353 0x2c6c [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll 00:27:41.0369 0x2c6c WwanSvc - ok 00:27:41.0385 0x2c6c ================ Scan global =============================== 00:27:41.0416 0x2c6c [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll 00:27:41.0447 0x2c6c [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll 00:27:41.0463 0x2c6c [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll 00:27:41.0494 0x2c6c [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll 00:27:41.0525 0x2c6c [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe 00:27:41.0525 0x2c6c [ Global ] - ok 00:27:41.0525 0x2c6c ================ Scan MBR ================================== 00:27:41.0541 0x2c6c [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0 00:27:41.0837 0x2c6c \Device\Harddisk0\DR0 - ok 00:27:41.0837 0x2c6c ================ Scan VBR ================================== 00:27:41.0837 0x2c6c [ C390E3589D88C13E2E4B367DD63B5E22 ] \Device\Harddisk0\DR0\Partition1 00:27:41.0837 0x2c6c \Device\Harddisk0\DR0\Partition1 - ok 00:27:41.0837 0x2c6c [ AEE47885D25CCB3430C6EE0DBCC87E6F ] \Device\Harddisk0\DR0\Partition2 00:27:41.0868 0x2c6c \Device\Harddisk0\DR0\Partition2 - ok 00:27:41.0868 0x2c6c ================ Scan generic autorun ====================== 00:27:41.0868 0x2c6c SynTPEnh - ok 00:27:42.0149 0x2c6c [ AB729318BD85B82FC4313DCF5DA93C8E, 30677159794FB4D99787C1D795F5CA8E6C97CBE9BF8932E8E1AE2851497D1E37 ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe 00:27:42.0274 0x2c6c RTHDVCPL - ok 00:27:42.0367 0x2c6c [ 7EB0AE9D61C9CD6FCE90F0E69804487A, 43C5BCC02BC49A1A6A39B16BFAAC5FBBA1C5EAFB1A18BDE87ABB5B6F1B5D4D4F ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe 00:27:42.0414 0x2c6c RtHDVBg - ok 00:27:42.0414 0x2c6c NVHotkey - ok 00:27:42.0508 0x2c6c [ F2C49A7AA03FC231BE87A65E50D0B6F6, 549A188E8F1E2CA1E4A82EC4F5D7B45C24BAB2B1177EA848183D72F97E198E38 ] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe 00:27:42.0555 0x2c6c IntelWireless - ok 00:27:42.0679 0x2c6c [ 0AD61A3C844EEFE88780749E362D1E57, 5F2EF864827F65130B3292F49A2AFEC45006980D061978DAB31A6ECB1F2A0200 ] c:\Program Files\Dell\QuickSet\QuickSet.exe 00:27:42.0742 0x2c6c QuickSet - ok 00:27:42.0804 0x2c6c [ A358C6D2F299ACDE00D40C605BA5FEDC, FFAE3A508C8756D67E7C37870E53A621D0F174A66E48BBD30B03F2DAF1C0BFB8 ] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe 00:27:42.0820 0x2c6c FreeFallProtection - ok 00:27:42.0929 0x2c6c [ A6AAD37CDCAE75CB62D039E3A4D8F5E3, 4FF763B0D129175BA1B1E794BA313E6C63F7A89D377C786BF5E730AF2A1D95D1 ] c:\Program Files\Microsoft Security Client\msseces.exe 00:27:42.0945 0x2c6c MSC - ok 00:27:43.0085 0x2c6c [ 960167F792324B884AB6600A1C8392DA, 21FE20A2BC6751DD4165009A8CE273EB5FEBAF1D45EE13C3D77EFF0E1616D2AD ] C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.4\help\pt_br\current\fault.exe 00:27:43.0085 0x2c6c friends - ok 00:27:43.0132 0x2c6c [ 51C8885B6A00904C0252704C9FB0F43A, BF2F58E6697DB10F3D6FB3859FADC2CE1D3CDD318E487E02FDC2BE171AF6CA29 ] c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe 00:27:43.0147 0x2c6c NUSB3MON - ok 00:27:43.0210 0x2c6c [ 25107F58D1B8F60D67D1EE95798C0DE8, C3B5205E8818576EBF33E3B9FD8664A498714B823D9128FC1CA0A64F81499263 ] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe 00:27:43.0210 0x2c6c IAStorIcon - ok 00:27:43.0319 0x2c6c [ 4DE3EF07E0854547309C6B40235A9D44, F73D8E6D98583865D1C8DB728058D83C72A3908E21E04EF313FCB829C040A1EC ] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe 00:27:43.0335 0x2c6c ControlCenter3 - ok 00:27:43.0428 0x2c6c [ 640609646D2E6F805E89238F0ADD3A1A, 6E919DD8C93B4F1B7AA00404DDF11FDAA7C050C49028480C8E28F2DF99E99FED ] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe 00:27:43.0491 0x2c6c BrStsMon00 - ok 00:27:43.0569 0x2c6c [ 4D5D968FE6AE6BF94A807F73F7FF6B3D, 3D5D5D775EE251C2B903AA8DA804AE4D1632DD59A8A0A36C545FE984FCFE06DD ] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe 00:27:43.0600 0x2c6c BrMfcWnd - ok 00:27:43.0693 0x2c6c [ 47EA5F76FAB723C61AB4A0D79BAD512C, A7A38EB0A7068B160E6949945EF639F999A06AE35746F6E79C7350745798E5C9 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe 00:27:43.0725 0x2c6c Adobe ARM - ok 00:27:43.0818 0x2c6c [ C482C535CBFEFE722EC1EB7F11F680A3, D7374A4BFEF274F7E33FDA40AA8ED8D8F78448E745A27032FE80475D5B1FAA63 ] C:\Program Files (x86)\Common Files\AOL\1376658552\ee\AOLSoftware.exe 00:27:43.0818 0x2c6c HostManager - ok 00:27:43.0818 0x2c6c ApnTBMon - ok 00:27:43.0865 0x2c6c [ F0CE006E1D14F45959985A05F8E81204, D9FE67DB4CEDB3B09A48C305DDE983A15695EE41C68CE222880D002C0D5D7688 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe 00:27:43.0881 0x2c6c APSDaemon - ok 00:27:43.0943 0x2c6c [ 5B6E8E09BE6401A7E022F52FDFCB2FF8, 471C556CF9405BBB380A8CEFE945C126B954B7C94F79CC72441B51F80141FC5E ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 00:27:43.0959 0x2c6c SunJavaUpdateSched - ok 00:27:43.0990 0x2c6c [ A043F2DCB3DE6A01317FD7DDDAA53736, 7BF8BECC4AB5C21C5524F15EA3C5FF48EA2AE44AFCBADB443CFEBB72E2037A09 ] C:\Program Files (x86)\VNT\vntldr.exe 00:27:43.0990 0x2c6c VNT - ok 00:27:44.0099 0x2c6c [ 08E7173D1B74095335052459200CB1EA, 5B6EB8A65B5F451BF6115EB7CD1355E5870E6D764F22D767D13216BF17C5668F ] C:\Program Files (x86)\QuickTime\QTTask.exe 00:27:44.0099 0x2c6c QuickTime Task - ok 00:27:44.0177 0x2c6c [ 603668084332DDB58D8C5AACE30B04FC, B6FA6BBE18D433F41F96640726444B7CB9D669BAE87A545E1408391B9469EDB9 ] C:\iTunesHelper.exe 00:27:44.0193 0x2c6c iTunesHelper - ok 00:27:44.0271 0x2c6c [ 6CE36EE8D47C825A8D0C56C846CF636F, 62611B4D1CB67E93BFEFCCE605D33A72C3AF2C362B904B571A9E671A178F73E1 ] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe 00:27:44.0271 0x2c6c Launcher - ok 00:27:44.0317 0x2c6c [ B99C05C2C0AA671642962CBCCE138660, 3F17B69E226E15E216CCA07A5602529643B315C02C5CAB4C597DA948F105465E ] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe 00:27:44.0317 0x2c6c DSUpdateLauncher - ok 00:27:44.0411 0x2c6c [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe 00:27:44.0427 0x2c6c Sidebar - ok 00:27:44.0458 0x2c6c [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe 00:27:44.0473 0x2c6c mctadmin - ok 00:27:44.0489 0x2c6c [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe 00:27:44.0520 0x2c6c Sidebar - ok 00:27:44.0520 0x2c6c [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe 00:27:44.0536 0x2c6c mctadmin - ok 00:27:44.0551 0x2c6c ooVoo.exe - ok 00:27:44.0692 0x2c6c [ 40ADA4963225D142B831D0551151210E, 3E6DB8F6FBFED4CC81FA6BF8E4280F4B02A2BDBBD10396F2887412D1DF2137CE ] C:\Users\Visuellspektrum B.E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms 00:27:44.0692 0x2c6c DellSystemDetect - ok 00:27:44.0848 0x2c6c [ 1F7E04F6CDF9F556BB7666D711E1474F, B8952D493910732764CB6843E9A780E92293ADDBB624F0F938AADA67761589A9 ] C:\Users\Visuellspektrum B.E\AppData\Local\Temp\Vcducbofyj\awjkumrw.exe 00:27:44.0848 0x2c6c Suspicious file ( NoAccess ): C:\Users\Visuellspektrum B.E\AppData\Local\Temp\Vcducbofyj\awjkumrw.exe. md5: 1F7E04F6CDF9F556BB7666D711E1474F, sha256: B8952D493910732764CB6843E9A780E92293ADDBB624F0F938AADA67761589A9 00:27:44.0879 0x2c6c uqdfumrw - detected Trojan-Spy.Win32.ZBot.gen ( 0 ) 00:27:52.0196 0x2d5c Object required for P2P: [ 960167F792324B884AB6600A1C8392DA ] C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.4\help\pt_br\current\fault.exe 00:27:52.0274 0x2c6c uqdfumrw ( Trojan-Spy.Win32.ZBot.gen ) - infected 00:27:52.0274 0x2c6c Force sending object to P2P due to detect: C:\Users\Visuellspektrum B.E\AppData\Local\Temp\Vcducbofyj\awjkumrw.exe 00:27:54.0754 0x2d5c Object send P2P result: true 00:27:54.0832 0x2c6c Object send P2P result: true 00:27:57.0328 0x2c6c Have new async UDS detects: 1 00:27:57.0328 0x2c6c friends - detected UDS:DangerousObject.Multi.Generic ( 0 ) 00:27:57.0328 0x2c6c friends ( UDS:DangerousObject.Multi.Generic ) - infected 00:27:57.0328 0x2c6c Force sending object to P2P due to detect: C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.4\help\pt_br\current\fault.exe 00:27:59.0886 0x2c6c Object send P2P result: true 00:28:02.0367 0x2c6c [ 1F7E04F6CDF9F556BB7666D711E1474F, B8952D493910732764CB6843E9A780E92293ADDBB624F0F938AADA67761589A9 ] C:\Users\Visuellspektrum B.E\AppData\Local\Temp\Oitg\rwsjjjgkcrz.exe 00:28:02.0382 0x2c6c tionkcrz - ok 00:28:02.0382 0x2c6c Have new async UDS detects: 1 00:28:02.0382 0x2c6c tionkcrz - detected UDS:DangerousObject.Multi.Generic ( 0 ) 00:28:02.0382 0x2c6c tionkcrz ( UDS:DangerousObject.Multi.Generic ) - infected 00:28:02.0382 0x2c6c Force sending object to P2P due to detect: C:\Users\Visuellspektrum B.E\AppData\Local\Temp\Oitg\rwsjjjgkcrz.exe 00:28:04.0972 0x2c6c Object send P2P result: true 00:28:07.0437 0x2c6c ifoxxwzr - ok 00:28:07.0452 0x2c6c tfwywndb - ok 00:28:07.0452 0x2c6c liyezfcu - ok 00:28:07.0468 0x2c6c hffgquir - ok 00:28:07.0530 0x2c6c [ 274AC3CC062F4F2F8145A6CE71CA8D6D, BE413F0A246F292D5834CF9AA9995E81687EEBF2553C5CEC160258DD7A28F08F ] C:\Users\Visuellspektrum B.E\AppData\Local\System64\system64-print32.exe 00:28:07.0530 0x2c6c Suspicious file ( NoAccess ): C:\Users\Visuellspektrum B.E\AppData\Local\System64\system64-print32.exe. md5: 274AC3CC062F4F2F8145A6CE71CA8D6D, sha256: BE413F0A246F292D5834CF9AA9995E81687EEBF2553C5CEC160258DD7A28F08F 00:28:07.0530 0x2c6c system64-print32 - detected LockedFile.Multi.Generic ( 1 ) 00:28:09.0995 0x2c6c Detect turned to UDS exact due to KSN untrusted 00:28:09.0995 0x2c6c system64-print32 ( UDS:DangerousObject.Multi.Generic ) - infected 00:28:09.0995 0x2c6c Force sending object to P2P due to detect: C:\Users\Visuellspektrum B.E\AppData\Local\System64\system64-print32.exe 00:28:12.0554 0x2c6c Object send P2P result: true 00:28:15.0065 0x2c6c [ 4C4592B7490BFA070C9720FD7B0D9A93, 0E9C758DB7578B638E281E95EA146BA7D8488449978B081BE7080C45642E9BBC ] C:\Users\VISUEL~1.E\AppData\Local\Temp\Hzqfxlacja\bgjjqimaw.exe 00:28:15.0065 0x2c6c Suspicious file ( NoAccess ): C:\Users\VISUEL~1.E\AppData\Local\Temp\Hzqfxlacja\bgjjqimaw.exe. md5: 4C4592B7490BFA070C9720FD7B0D9A93, sha256: 0E9C758DB7578B638E281E95EA146BA7D8488449978B081BE7080C45642E9BBC 00:28:15.0081 0x2c6c xlazimaw - detected Trojan-Spy.Win32.ZBot.gen ( 0 ) 00:28:17.0514 0x2c6c xlazimaw ( Trojan-Spy.Win32.ZBot.gen ) - infected 00:28:17.0514 0x2c6c Force sending object to P2P due to detect: C:\Users\VISUEL~1.E\AppData\Local\Temp\Hzqfxlacja\bgjjqimaw.exe 00:28:20.0073 0x2c6c Object send P2P result: true 00:28:22.0569 0x2c6c [ B492067250ABA2678B671313039D352B, 1A37AC1784189D561D27565C638120FF8A27A4DF5DD3A9438B18071C4413407C ] C:\Users\Visuellspektrum B.E\AppData\Local\Temp\Chrome64\chrome64wave.exe 00:28:22.0569 0x2c6c Suspicious file ( NoAccess ): C:\Users\Visuellspektrum B.E\AppData\Local\Temp\Chrome64\chrome64wave.exe. md5: B492067250ABA2678B671313039D352B, sha256: 1A37AC1784189D561D27565C638120FF8A27A4DF5DD3A9438B18071C4413407C 00:28:22.0584 0x2c6c chrome64wave - detected Trojan-Spy.Win32.ZBot.gen ( 0 ) 00:28:25.0049 0x2c6c Object required for P2P: [ B492067250ABA2678B671313039D352B ] C:\Users\Visuellspektrum B.E\AppData\Local\Temp\Chrome64\chrome64wave.exe 00:28:27.0623 0x2c6c Object send P2P result: true 00:28:27.0623 0x2c6c chrome64wave ( Trojan-Spy.Win32.ZBot.gen ) - infected 00:28:27.0623 0x2c6c Force sending object to P2P due to detect: C:\Users\Visuellspektrum B.E\AppData\Local\Temp\Chrome64\chrome64wave.exe 00:28:30.0213 0x2c6c Object send P2P result: true 00:28:32.0693 0x2c6c [ 02B7736BCF35092A37CCD521658379CD, 6C70ABDE08D2995214E5B504BDB99D12693BBCA6038E7557E351C9A7DB40D2FA ] C:\Users\Visuellspektrum B.E\AppData\Local\Temp\Perl32\perl32runner32.exe 00:28:32.0693 0x2c6c Suspicious file ( NoAccess ): C:\Users\Visuellspektrum B.E\AppData\Local\Temp\Perl32\perl32runner32.exe. md5: 02B7736BCF35092A37CCD521658379CD, sha256: 6C70ABDE08D2995214E5B504BDB99D12693BBCA6038E7557E351C9A7DB40D2FA 00:28:32.0709 0x2c6c perl32runner32 - detected Trojan-Spy.Win32.ZBot.gen ( 0 ) 00:28:35.0174 0x2c6c perl32runner32 ( Trojan-Spy.Win32.ZBot.gen ) - infected 00:28:35.0174 0x2c6c Force sending object to P2P due to detect: C:\Users\Visuellspektrum B.E\AppData\Local\Temp\Perl32\perl32runner32.exe 00:28:38.0138 0x2c6c Object send P2P result: true 00:28:40.0774 0x2c6c [ 960167F792324B884AB6600A1C8392DA, 21FE20A2BC6751DD4165009A8CE273EB5FEBAF1D45EE13C3D77EFF0E1616D2AD ] C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.4\help\pt_br\current\index.exe 00:28:40.0774 0x2c6c friends - ok 00:28:40.0774 0x2c6c Object required for P2P: [ 960167F792324B884AB6600A1C8392DA ] C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.4\help\pt_br\current\index.exe 00:28:43.0426 0x2c6c Object send P2P result: true 00:28:43.0426 0x2c6c Have new async UDS detects: 1 00:28:43.0426 0x2c6c friends - detected UDS:DangerousObject.Multi.Generic ( 0 ) 00:28:43.0426 0x2c6c friends ( UDS:DangerousObject.Multi.Generic ) - infected 00:28:43.0426 0x2c6c Force sending object to P2P due to detect: C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.4\help\pt_br\current\index.exe 00:28:45.0969 0x2c6c Object send P2P result: true 00:28:48.0527 0x2c6c [ 274AC3CC062F4F2F8145A6CE71CA8D6D, BE413F0A246F292D5834CF9AA9995E81687EEBF2553C5CEC160258DD7A28F08F ] C:\Users\Visuellspektrum B.E\AppData\Roaming\Antivir32signal\win.exe 00:28:48.0527 0x2c6c Suspicious file ( NoAccess ): C:\Users\Visuellspektrum B.E\AppData\Roaming\Antivir32signal\win.exe. md5: 274AC3CC062F4F2F8145A6CE71CA8D6D, sha256: BE413F0A246F292D5834CF9AA9995E81687EEBF2553C5CEC160258DD7A28F08F 00:28:48.0527 0x2c6c win - detected LockedFile.Multi.Generic ( 1 ) 00:28:48.0527 0x2c6c Detect turned to UDS exact due to KSN untrusted 00:28:48.0527 0x2c6c win ( UDS:DangerousObject.Multi.Generic ) - infected 00:28:48.0527 0x2c6c Force sending object to P2P due to detect: C:\Users\Visuellspektrum B.E\AppData\Roaming\Antivir32signal\win.exe 00:28:51.0678 0x2c6c Object send P2P result: true 00:29:06.0015 0x2c6c [ 274AC3CC062F4F2F8145A6CE71CA8D6D, BE413F0A246F292D5834CF9AA9995E81687EEBF2553C5CEC160258DD7A28F08F ] C:\Users\Visuellspektrum B.E\AppData\Roaming\Explorer64\explorer64login.exe 00:29:06.0030 0x2c6c Suspicious file ( NoAccess ): C:\Users\Visuellspektrum B.E\AppData\Roaming\Explorer64\explorer64login.exe. md5: 274AC3CC062F4F2F8145A6CE71CA8D6D, sha256: BE413F0A246F292D5834CF9AA9995E81687EEBF2553C5CEC160258DD7A28F08F 00:29:06.0030 0x2c6c explorer64login - detected LockedFile.Multi.Generic ( 1 ) 00:29:06.0030 0x2c6c Detect turned to UDS exact due to KSN untrusted 00:29:06.0030 0x2c6c explorer64login ( UDS:DangerousObject.Multi.Generic ) - infected 00:29:06.0030 0x2c6c Force sending object to P2P due to detect: C:\Users\Visuellspektrum B.E\AppData\Roaming\Explorer64\explorer64login.exe 00:29:11.0288 0x2c6c Object send P2P result: true 00:29:13.0877 0x2c6c [ 5746BD7E255DD6A8AFA06F7C42C1BA41, DB06C3534964E3FC79D2763144BA53742D7FA250CA336F4A0FE724B75AAFF386 ] C:\Windows\system32\cmd.exe 00:29:13.0893 0x2c6c Uninstall C:\Users\Visuellspektrum B.E\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64 - ok 00:29:13.0908 0x2c6c [ 5746BD7E255DD6A8AFA06F7C42C1BA41, DB06C3534964E3FC79D2763144BA53742D7FA250CA336F4A0FE724B75AAFF386 ] C:\Windows\system32\cmd.exe 00:29:13.0908 0x2c6c Uninstall C:\Users\Visuellspektrum B.E\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910 - ok 00:29:14.0049 0x2c6c [ C84F100FF7A65DF5FAD4682041CA51E4, 580BADC917C497F526B42174C1CA89045760807EB170A6449B6D14BCE475C993 ] C:\Program Files (x86)\AOL 9.0 VR\AOL.EXE 00:29:14.0049 0x2c6c AOL Fast Start - ok 00:29:14.0127 0x2c6c [ 966FE904599B9A0F80EA498851180829, A95A67DF82FD40A0173C08919E7AB4B3CC207C8B8E07D850CC9C8AD0A44BF0CB ] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 00:29:14.0142 0x2c6c GoogleChromeAutoLaunch_95998DA8AA06BA0E1CB0911F871E1ECB - ok 00:29:14.0142 0x2c6c [ C84F100FF7A65DF5FAD4682041CA51E4, 580BADC917C497F526B42174C1CA89045760807EB170A6449B6D14BCE475C993 ] C:\Program Files (x86)\AOL 9.0 VR\AOL.EXE 00:29:14.0142 0x2c6c AOL Fast Start - ok 00:29:14.0158 0x2c6c Waiting for KSN requests completion. In queue: 5 00:29:15.0172 0x2c6c Waiting for KSN requests completion. In queue: 5 00:29:16.0186 0x2c6c Waiting for KSN requests completion. In queue: 5 00:29:17.0216 0x2c6c AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.6.305.0 ), 0x61000 ( enabled : updated ) 00:29:17.0309 0x2c6c Win FW state via NFP2: enabled 00:29:19.0758 0x2c6c ============================================================ 00:29:19.0758 0x2c6c Scan finished 00:29:19.0758 0x2c6c ============================================================ 00:29:19.0774 0x1554 Detected object count: 10 00:29:19.0774 0x1554 Actual detected object count: 10 00:30:48.0523 0x1554 uqdfumrw ( Trojan-Spy.Win32.ZBot.gen ) - skipped by user 00:30:48.0523 0x1554 uqdfumrw ( Trojan-Spy.Win32.ZBot.gen ) - User select action: Skip 00:30:48.0523 0x1554 friends ( UDS:DangerousObject.Multi.Generic ) - skipped by user 00:30:48.0523 0x1554 friends ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip 00:30:48.0523 0x1554 tionkcrz ( UDS:DangerousObject.Multi.Generic ) - skipped by user 00:30:48.0523 0x1554 tionkcrz ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip 00:30:48.0523 0x1554 system64-print32 ( UDS:DangerousObject.Multi.Generic ) - skipped by user 00:30:48.0523 0x1554 system64-print32 ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip 00:30:48.0523 0x1554 xlazimaw ( Trojan-Spy.Win32.ZBot.gen ) - skipped by user 00:30:48.0523 0x1554 xlazimaw ( Trojan-Spy.Win32.ZBot.gen ) - User select action: Skip 00:30:48.0523 0x1554 chrome64wave ( Trojan-Spy.Win32.ZBot.gen ) - skipped by user 00:30:48.0523 0x1554 chrome64wave ( Trojan-Spy.Win32.ZBot.gen ) - User select action: Skip 00:30:48.0523 0x1554 perl32runner32 ( Trojan-Spy.Win32.ZBot.gen ) - skipped by user 00:30:48.0523 0x1554 perl32runner32 ( Trojan-Spy.Win32.ZBot.gen ) - User select action: Skip 00:30:48.0523 0x1554 friends ( UDS:DangerousObject.Multi.Generic ) - skipped by user 00:30:48.0523 0x1554 friends ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip 00:30:48.0523 0x1554 win ( UDS:DangerousObject.Multi.Generic ) - skipped by user 00:30:48.0523 0x1554 win ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip 00:30:48.0538 0x1554 explorer64login ( UDS:DangerousObject.Multi.Generic ) - skipped by user 00:30:48.0538 0x1554 explorer64login ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip 00:31:23.0279 0x1848 Deinitialize success :heilig: fertig... |
Nun fall ch in die heia...muss morgen früh zur op...gucke danach rein :dankeschoen: |
Hast die Anweisung aber zum TDSS-Killer nicht befolgt. Code: 00:27:10.0918 0x2c6c Scan startedBitte Scan mit den richtigen Einstellungen wiederholen. |
Code: 12:46:54.0107 0x2958 TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34Code: 12:47:21.0184 0x16bc [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys12:47:24.0460 0x16bc fdPHost - ok 12:47:24.0476 0x16bc [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll 12:47:24.0476 0x16bc FDResPub - ok 12:47:24.0492 0x16bc [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 12:47:24.0492 0x16bc FileInfo - ok 12:47:24.0523 0x16bc [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 12:47:24.0523 0x16bc Filetrace - ok 12:47:24.0523 0x16bc [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 12:47:24.0523 0x16bc flpydisk - ok 12:47:24.0554 0x16bc [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 12:47:24.0554 0x16bc FltMgr - ok 12:47:24.0616 0x16bc [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll 12:47:24.0648 0x16bc FontCache - ok 12:47:24.0726 0x16bc [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 12:47:24.0726 0x16bc FontCache3.0.0.0 - ok 12:47:24.0741 0x16bc [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 12:47:24.0757 0x16bc FsDepends - ok 12:47:24.0774 0x16bc [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 12:47:24.0790 0x16bc Fs_Rec - ok 12:47:24.0821 0x16bc [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 12:47:24.0821 0x16bc fvevol - ok 12:47:24.0852 0x16bc [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 12:47:24.0852 0x16bc gagp30kx - ok 12:47:24.0884 0x16bc [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 12:47:24.0884 0x16bc GEARAspiWDM - ok 12:47:24.0946 0x16bc [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll 12:47:24.0962 0x16bc gpsvc - ok 12:47:25.0040 0x16bc [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 12:47:25.0040 0x16bc gupdate - ok 12:47:25.0055 0x16bc [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 12:47:25.0055 0x16bc gupdatem - ok 12:47:25.0071 0x16bc [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 12:47:25.0071 0x16bc hcw85cir - ok 12:47:25.0118 0x16bc [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 12:47:25.0133 0x16bc HDAudBus - ok 12:47:25.0164 0x16bc [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys 12:47:25.0164 0x16bc HECIx64 - ok 12:47:25.0180 0x16bc [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 12:47:25.0180 0x16bc HidBatt - ok 12:47:25.0196 0x16bc [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 12:47:25.0211 0x16bc HidBth - ok 12:47:25.0227 0x16bc [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 12:47:25.0227 0x16bc HidIr - ok 12:47:25.0274 0x16bc [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll 12:47:25.0274 0x16bc hidserv - ok 12:47:25.0274 0x2964 Object send P2P result: true 12:47:25.0320 0x16bc [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\drivers\hidusb.sys 12:47:25.0320 0x16bc HidUsb - ok 12:47:25.0367 0x16bc [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll 12:47:25.0367 0x16bc hkmsvc - ok 12:47:25.0398 0x16bc [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll 12:47:25.0414 0x16bc HomeGroupListener - ok 12:47:25.0445 0x16bc [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 12:47:25.0445 0x16bc HomeGroupProvider - ok 12:47:25.0492 0x16bc [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 12:47:25.0508 0x16bc HpSAMD - ok 12:47:25.0586 0x16bc [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys 12:47:25.0601 0x16bc HTTP - ok 12:47:25.0632 0x16bc [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 12:47:25.0632 0x16bc hwpolicy - ok 12:47:25.0664 0x16bc [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 12:47:25.0664 0x16bc i8042prt - ok 12:47:25.0728 0x16bc [ ABBF174CB394F5C437410A788B7E404A, 95554F675329E7062F0936E4E902FEFF2456CAD95D6C9B60DCC213EF6E4C62D8 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 12:47:25.0744 0x16bc iaStor - ok 12:47:25.0855 0x16bc [ 31A0E93CDF29007D6C6FFFB632F375ED, CA464928E9868B9A09C324DBBC8DA41A01C5C486B43578FC695250D523DE555B ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe 12:47:25.0855 0x16bc IAStorDataMgrSvc - ok 12:47:25.0870 0x16bc [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 12:47:25.0886 0x16bc iaStorV - ok 12:47:25.0948 0x16bc [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 12:47:25.0964 0x16bc idsvc - ok 12:47:26.0011 0x16bc IEEtwCollectorService - ok 12:47:26.0042 0x16bc [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 12:47:26.0042 0x16bc iirsp - ok 12:47:26.0104 0x16bc [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll 12:47:26.0120 0x16bc IKEEXT - ok 12:47:26.0260 0x16bc [ 491DADCC74327FABC85E0AB80AF8F204, 6E2CCC161EBDE932F800C90DACD59568E10851FC74236D33ECBC654B1FBA71EA ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 12:47:26.0307 0x16bc IntcAzAudAddService - ok 12:47:26.0354 0x16bc [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys 12:47:26.0354 0x16bc intelide - ok 12:47:26.0401 0x16bc [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 12:47:26.0401 0x16bc intelppm - ok 12:47:26.0432 0x16bc [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll 12:47:26.0432 0x16bc IPBusEnum - ok 12:47:26.0479 0x16bc [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 12:47:26.0479 0x16bc IpFilterDriver - ok 12:47:26.0526 0x16bc [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 12:47:26.0526 0x16bc iphlpsvc - ok 12:47:26.0557 0x16bc [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 12:47:26.0572 0x16bc IPMIDRV - ok 12:47:26.0604 0x16bc [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys 12:47:26.0604 0x16bc IPNAT - ok 12:47:26.0650 0x16bc [ 0FA89CB1B99AD494CE36DD2DE717D696, 5B35B26C625306A7AD5A00FCAC46FD6D60061F1C8171352B5EF1C916A667AC92 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 12:47:26.0666 0x16bc iPod Service - ok 12:47:26.0713 0x16bc [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys 12:47:26.0713 0x16bc IRENUM - ok 12:47:26.0728 0x16bc ireyrvls - ok 12:47:26.0744 0x16bc [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys 12:47:26.0760 0x16bc isapnp - ok 12:47:26.0793 0x16bc [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 12:47:26.0808 0x16bc iScsiPrt - ok 12:47:26.0824 0x16bc jdghtads - ok 12:47:26.0855 0x16bc [ 08ED99A8271CF0B808C595D88ECEE779, 440ECE9999FF17A70792E530A03A9D38F44C6245F06C47C988474E110C42168C ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys 12:47:26.0871 0x16bc JMCR - ok 12:47:26.0886 0x16bc [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys 12:47:26.0886 0x16bc kbdclass - ok 12:47:26.0918 0x16bc [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 12:47:26.0918 0x16bc kbdhid - ok 12:47:26.0949 0x16bc [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso C:\Windows\system32\lsass.exe 12:47:26.0949 0x16bc KeyIso - ok 12:47:26.0980 0x16bc [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 12:47:26.0996 0x16bc KSecDD - ok 12:47:27.0011 0x16bc [ 41774FF331F609EF442B7398EE6202B1, AD67DA06A74895C384F4A1F1CF47050DAEE9C6CE8AD12F1A116FC977B6C3A864 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 12:47:27.0027 0x16bc KSecPkg - ok 12:47:27.0042 0x16bc [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 12:47:27.0042 0x16bc ksthunk - ok 12:47:27.0105 0x16bc [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll 12:47:27.0120 0x16bc KtmRm - ok 12:47:27.0152 0x16bc kwyjdkfc - ok 12:47:27.0183 0x16bc [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll 12:47:27.0183 0x16bc LanmanServer - ok 12:47:27.0214 0x16bc [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 12:47:27.0214 0x16bc LanmanWorkstation - ok 12:47:27.0261 0x16bc [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 12:47:27.0261 0x16bc lltdio - ok 12:47:27.0292 0x16bc [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll 12:47:27.0308 0x16bc lltdsvc - ok 12:47:27.0323 0x16bc [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll 12:47:27.0323 0x16bc lmhosts - ok 12:47:27.0386 0x16bc [ 23D990150D56B670A62B21B9ABDD45EE, BB9DBC0D02474976420321162C3AB1FDF975FA0494B1030488B03BC98A65F888 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 12:47:27.0386 0x16bc LMS - ok 12:47:27.0401 0x16bc logxmmoa - ok 12:47:27.0417 0x16bc [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 12:47:27.0432 0x16bc LSI_FC - ok 12:47:27.0464 0x16bc [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 12:47:27.0464 0x16bc LSI_SAS - ok 12:47:27.0479 0x16bc [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 12:47:27.0479 0x16bc LSI_SAS2 - ok 12:47:27.0495 0x16bc [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 12:47:27.0510 0x16bc LSI_SCSI - ok 12:47:27.0526 0x16bc [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys 12:47:27.0526 0x16bc luafv - ok 12:47:27.0542 0x16bc mbcrpyut - ok 12:47:27.0620 0x16bc [ 1704A8189EE5580AB147CFD25C5C8770, DFA076FD36B5CC844D4BE3B865E9A1F809E14CCB1D78D82A2D8D8EE38210E6EB ] McComponentHostService C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe 12:47:27.0620 0x16bc McComponentHostService - ok 12:47:27.0651 0x16bc [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 12:47:27.0666 0x16bc Mcx2Svc - ok 12:47:27.0682 0x16bc [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 12:47:27.0682 0x16bc megasas - ok 12:47:27.0698 0x16bc [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 12:47:27.0698 0x16bc MegaSR - ok 12:47:27.0729 0x16bc [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll 12:47:27.0744 0x16bc MMCSS - ok 12:47:27.0760 0x16bc [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys 12:47:27.0760 0x16bc Modem - ok 12:47:27.0808 0x16bc [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 12:47:27.0809 0x16bc monitor - ok 12:47:27.0856 0x16bc [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 12:47:27.0856 0x16bc mouclass - ok 12:47:27.0887 0x16bc [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 12:47:27.0887 0x16bc mouhid - ok 12:47:27.0934 0x16bc [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 12:47:27.0934 0x16bc mountmgr - ok 12:47:27.0996 0x16bc [ 6439D1E559D08BD8A1465A8943357053, 0E300508C22D12FBA3BE566B722F574CBE1B4A1A305356B92B8EA8B86267071B ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys 12:47:27.0996 0x16bc MpFilter - ok 12:47:28.0058 0x16bc [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys 12:47:28.0058 0x16bc mpio - ok 12:47:28.0277 0x16bc [ 6DDB2BEFF00EA756FF0F65132330D4F4, A50749C3FDB57B686F91109CC55DF05300A6DF224B58649CE514506D074EADC9 ] MpKslcafc224f c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7587C0C0-6B36-4747-8F64-DBB36113111E}\MpKslcafc224f.sys 12:47:28.0277 0x16bc MpKslcafc224f - ok 12:47:28.0308 0x16bc [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 12:47:28.0308 0x16bc mpsdrv - ok 12:47:28.0370 0x16bc [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll 12:47:28.0386 0x16bc MpsSvc - ok 12:47:28.0433 0x16bc [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 12:47:28.0433 0x16bc MRxDAV - ok 12:47:28.0464 0x16bc [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 12:47:28.0464 0x16bc mrxsmb - ok 12:47:28.0526 0x16bc [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 12:47:28.0542 0x16bc mrxsmb10 - ok 12:47:28.0542 0x16bc [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 12:47:28.0558 0x16bc mrxsmb20 - ok 12:47:28.0589 0x16bc [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys 12:47:28.0589 0x16bc msahci - ok 12:47:28.0604 0x16bc [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys 12:47:28.0604 0x16bc msdsm - ok 12:47:28.0620 0x16bc [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe 12:47:28.0636 0x16bc MSDTC - ok 12:47:28.0682 0x16bc [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys 12:47:28.0682 0x16bc Msfs - ok 12:47:28.0698 0x16bc [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 12:47:28.0698 0x16bc mshidkmdf - ok 12:47:28.0729 0x16bc [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 12:47:28.0729 0x16bc msisadrv - ok 12:47:28.0760 0x16bc [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 12:47:28.0776 0x16bc MSiSCSI - ok 12:47:28.0776 0x16bc msiserver - ok 12:47:28.0807 0x16bc [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 12:47:28.0807 0x16bc MSKSSRV - ok 12:47:28.0887 0x16bc [ F0D5494D8B177C37E16966262F5D0F68, DD63427DFFD9DD2BEC8336F6AD1BEFE347012331631DC5FEC65E83B1EACDBC67 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe 12:47:28.0887 0x16bc MsMpSvc - ok 12:47:28.0903 0x16bc [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 12:47:28.0903 0x16bc MSPCLOCK - ok 12:47:28.0903 0x16bc [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 12:47:28.0903 0x16bc MSPQM - ok 12:47:28.0950 0x16bc [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 12:47:28.0950 0x16bc MsRPC - ok 12:47:28.0981 0x16bc [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 12:47:28.0981 0x16bc mssmbios - ok 12:47:28.0996 0x16bc [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 12:47:28.0996 0x16bc MSTEE - ok 12:47:29.0012 0x16bc [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 12:47:29.0012 0x16bc MTConfig - ok 12:47:29.0043 0x16bc [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys 12:47:29.0043 0x16bc Mup - ok 12:47:29.0090 0x16bc [ A9BC2302FBDF52C8AF4E2FC966288D21, 4CBDCDCC2BA8133BDC0BA1A1EB47FB9241CAACF93544BAD37175417DA9E616D6 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe Code: 12:47:29.0106 0x16bc MyWiFiDHCPDNS - okCode: 12:47:32.0667 0x16bc PNRPAutoReg - okCode: 12:47:37.0068 0x16bc TapiSrv - okCode: 12:47:40.0546 0x16bc WerSvc - ok |
Code: 12:47:58.0026 0x16bc hffgquir - okCode: 12:51:10.0046 0x22f4 atapi - okCode: 12:51:15.0507 0x22f4 LanmanServer - okCode: 12:51:17.0379 0x22f4 NetBIOS - okCode: 12:51:21.0015 0x22f4 rdbss - okCode: 12:51:25.0393 0x22f4 TurboBoost - ok |
Code: 12:51:30.0847 0x22f4 SunJavaUpdateSched - okCode: 12:54:53.0930 0x0a84 APNMCP - okCode: 12:55:06.0610 0x0a84 [ 0FA89CB1B99AD494CE36DD2DE717D696, 5B35B26C625306A7AD5A00FCAC46FD6D60061F1C8171352B5EF1C916A667AC92 ] iPod Service C:\Program Files\iPod\bin\iPodService.exeCode: 12:55:11.0884 0x0a84 NisSrv - okCode: 12:55:19.0425 0x0a84 sbp2port - ok |
Code: 12:55:25.0385 0x0a84 udfs - ok |
Ich weiß ehrlich gesagt nicht was Du meinst. :) Wir legen aber jetzt mal los: Scan mit Combofix
|
| Alle Zeitangaben in WEZ +1. Es ist jetzt 06:12 Uhr. |
Copyright ©2000-2025, Trojaner-Board