Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Glaube, mein Rechner ist verseucht.

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 30.05.2015, 14:01   #1
brainInfect
 
Glaube, mein Rechner ist verseucht. - Standard

Glaube, mein Rechner ist verseucht.



Seit gestern ist er ohne jeden (offensichtlichen) Grund arschlangsam und braucht für die kleinsten Dinge (einen neuen Tab öffnen, surfen + downloaden, einen Ordner öffen, ..) kleine Ewigkeiten.

Wäre toll, wenn mir einer eurer Experten helfen würde und meinen Laptop mal eingehend prüft.

Gruß

Alt 30.05.2015, 14:05   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Glaube, mein Rechner ist verseucht. - Standard

Glaube, mein Rechner ist verseucht.



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 30.05.2015, 15:32   #3
brainInfect
 
Glaube, mein Rechner ist verseucht. - Standard

Glaube, mein Rechner ist verseucht.



Als ichs startete, poppte folgendes Fenster auf. Ich klickte auf "Ja" und ließ den Scan beginnen.



Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015
Ran by smoking caterpillar (administrator) on SMOKINGCATERPIL on 30-05-2015 15:15:26
Running from C:\Users\smoking caterpillar\Desktop
Loaded Profiles: smoking caterpillar (Available Profiles: smoking caterpillar)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Box Inc.) C:\Program Files\Box\Box Sync\SyncUpdaterService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(Dropbox, Inc.) C:\Users\smoking caterpillar\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Last.fm) C:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [RestrictRun] 0
HKU\S-1-5-21-3093878258-50056534-2936666279-1000\...\Run: [Rainlendar2] => C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe [2598496 2013-03-10] ()
HKU\S-1-5-21-3093878258-50056534-2936666279-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC)
HKU\S-1-5-21-3093878258-50056534-2936666279-1000\...\Policies\Explorer: [RestrictRun] 0
Startup: C:\Users\smoking caterpillar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-01-07]
ShortcutTarget: Dropbox.lnk -> C:\Users\smoking caterpillar\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [000BoxSyncFileLocked] -> {C253B817-3A00-475f-A5A3-6F2DD704B48D} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [000BoxSyncNotSynced] -> {19ACC806-F7AA-46AA-A80A-726A07CA6637} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [000BoxSyncProblem] -> {8CEE0157-49FA-4ACE-87AF-C01BCA971E26} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [000BoxSyncSynced] -> {B7AC9C6D-F15B-4B1A-A88D-F518D13861D9} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3093878258-50056534-2936666279-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3093878258-50056534-2936666279-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-04-22] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-19] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-19] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-19] (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-19] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\smoking caterpillar\AppData\Roaming\Mozilla\Firefox\Profiles\cnfbof9z.default-1414958804586
FF Homepage: about:home
FF NetworkProxy: "backup.ftp", "76.181.194.34"
FF NetworkProxy: "backup.ftp_port", 3128
FF NetworkProxy: "backup.socks", "76.181.194.34"
FF NetworkProxy: "backup.socks_port", 3128
FF NetworkProxy: "backup.ssl", "76.181.194.34"
FF NetworkProxy: "backup.ssl_port", 3128
FF NetworkProxy: "ftp", "212.82.126.32"
FF NetworkProxy: "ftp_port", 80
FF NetworkProxy: "http", "212.82.126.32"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "212.82.126.32"
FF NetworkProxy: "socks_port", 80
FF NetworkProxy: "ssl", "212.82.126.32"
FF NetworkProxy: "ssl_port", 80
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-18] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-19] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-06-28] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-06-28] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-06-28] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-18] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll [2014-11-26] (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-08-13] (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-19] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-04-22] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-04-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\smoking caterpillar\AppData\Roaming\Mozilla\Firefox\Profiles\ugu86ww1.default\searchplugins\{10EAE007-E823-4FBA-96D3-2A6A8ECF38BB}.xml [2012-10-02]
FF SearchPlugin: C:\Users\smoking caterpillar\AppData\Roaming\Mozilla\Firefox\Profiles\ugu86ww1.default\searchplugins\{822630B8-4A7C-4A90-93A7-EBA67A4B226F}.xml [2012-10-02]
FF SearchPlugin: C:\Users\smoking caterpillar\AppData\Roaming\Mozilla\Firefox\Profiles\ugu86ww1.default\searchplugins\{99712A85-9A13-483E-8B77-0E84CA887CE1}.xml [2012-10-02]
FF Extension: LavaFox V2-Purple - C:\Users\smoking caterpillar\AppData\Roaming\Mozilla\Firefox\Profiles\cnfbof9z.default-1414958804586\Extensions\zigboom555@aol.com [2015-05-02]
FF Extension: WOT - C:\Users\smoking caterpillar\AppData\Roaming\Mozilla\Firefox\Profiles\cnfbof9z.default-1414958804586\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-05-29]
FF Extension: Speed Dial - C:\Users\smoking caterpillar\AppData\Roaming\Mozilla\Firefox\Profiles\cnfbof9z.default-1414958804586\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2014-11-08]
FF Extension: CookieCuller - C:\Users\smoking caterpillar\AppData\Roaming\Mozilla\Firefox\Profiles\cnfbof9z.default-1414958804586\Extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi [2014-11-08]
FF Extension: Adblock Edge - C:\Users\smoking caterpillar\AppData\Roaming\Mozilla\Firefox\Profiles\cnfbof9z.default-1414958804586\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-11-02]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [18944 2013-09-26] (Box Inc.) [File not signed]
S4 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [498688 2011-06-14] (Red Bend Ltd.) [File not signed]
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
S4 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [986112 2011-06-14] (Intel(R) Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [317440 2010-10-15] (Intel(R) Corporation) [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-30 15:15 - 2015-05-30 15:16 - 00016258 _____ () C:\Users\smoking caterpillar\Desktop\FRST.txt
2015-05-30 15:14 - 2015-05-30 15:15 - 00000000 ____D () C:\FRST
2015-05-30 15:12 - 2015-05-30 15:12 - 02108928 _____ (Farbar) C:\Users\smoking caterpillar\Desktop\FRST64.exe
2015-05-24 09:51 - 2015-05-24 09:51 - 00000000 __SHD () C:\found.001
2015-05-23 17:56 - 2015-05-23 17:56 - 00002783 _____ () C:\Users\smoking caterpillar\AppData\Local\recently-used.xbel
2015-05-13 03:11 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 03:11 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 23:32 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-12 23:32 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-12 23:32 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-12 23:32 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-12 23:32 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-12 23:32 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-12 23:32 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-12 23:32 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-12 23:32 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-12 23:32 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-12 23:32 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-12 23:32 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-12 23:32 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-12 23:32 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-12 23:32 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-12 23:32 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-12 23:32 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-12 23:32 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-12 23:32 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-12 23:32 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-12 23:32 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-12 23:32 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-12 23:32 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-12 23:32 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-12 23:32 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-12 23:32 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-12 23:32 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-12 23:32 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-12 23:32 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-12 23:32 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-12 23:32 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-12 23:32 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-12 23:32 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-12 23:32 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-12 23:32 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-12 23:32 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-12 23:32 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-12 23:32 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-12 23:32 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-12 23:32 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-12 23:32 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-12 23:32 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-12 23:32 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-12 23:32 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-12 23:32 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-12 23:32 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-12 23:32 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-12 23:32 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-12 23:32 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-12 23:32 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-12 23:32 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-12 23:32 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-12 23:32 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-12 23:32 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-12 23:32 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-12 23:32 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-12 23:32 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-12 23:32 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-12 23:32 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-12 23:32 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-12 23:32 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-12 23:32 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-12 23:32 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-12 23:32 - 2015-04-04 05:29 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-12 23:32 - 2015-04-04 05:29 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-12 23:32 - 2015-04-04 05:22 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-12 23:32 - 2015-04-04 05:22 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-12 23:32 - 2015-04-04 05:22 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-12 23:32 - 2015-04-04 05:22 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-12 23:32 - 2015-04-04 05:22 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-12 23:32 - 2015-04-04 05:22 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-12 23:32 - 2015-04-04 05:22 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-12 23:32 - 2015-04-04 05:22 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-12 23:32 - 2015-04-04 05:22 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-12 23:32 - 2015-04-04 05:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-12 23:32 - 2015-04-04 05:20 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-12 23:32 - 2015-04-04 05:20 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-12 23:32 - 2015-04-04 05:17 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-12 23:32 - 2015-04-04 05:17 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-12 23:32 - 2015-04-04 05:15 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-12 23:32 - 2015-04-04 05:05 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-12 23:32 - 2015-04-04 05:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-12 23:32 - 2015-04-04 05:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-12 23:32 - 2015-04-04 05:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-12 23:32 - 2015-04-04 05:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-12 23:32 - 2015-04-04 05:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-12 23:32 - 2015-04-04 05:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-12 23:32 - 2015-04-04 05:04 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-12 23:32 - 2015-04-04 05:04 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-12 23:32 - 2015-04-04 05:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-12 23:32 - 2015-04-04 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-12 23:32 - 2015-04-04 04:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-12 23:31 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-12 23:31 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-12 23:31 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-12 23:31 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-12 23:31 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-12 23:31 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-12 23:31 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-12 23:31 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-12 23:31 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-12 23:31 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-12 23:31 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-12 06:43 - 2015-05-12 06:43 - 00000000 __SHD () C:\found.000

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-30 15:16 - 2012-10-02 20:00 - 00000000 ____D () C:\Users\smoking caterpillar\AppData\Local\Last.fm
2015-05-30 14:43 - 2009-07-14 06:45 - 00022512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-30 14:43 - 2009-07-14 06:45 - 00022512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-30 14:39 - 2010-11-21 08:50 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2015-05-30 14:39 - 2010-11-21 08:50 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2015-05-30 14:39 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-30 14:38 - 2012-10-01 21:19 - 02017366 _____ () C:\Windows\WindowsUpdate.log
2015-05-30 14:34 - 2014-10-11 12:19 - 00000000 ___RD () C:\Users\smoking caterpillar\Dropbox
2015-05-30 14:34 - 2014-10-11 12:11 - 00000000 ____D () C:\Users\smoking caterpillar\AppData\Roaming\Dropbox
2015-05-30 14:33 - 2015-03-02 07:31 - 00000000 ____D () C:\Users\smoking caterpillar\.rainlendar2
2015-05-30 14:33 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-30 14:33 - 2009-07-14 06:51 - 00199099 _____ () C:\Windows\setupact.log
2015-05-30 14:24 - 2012-10-02 18:24 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-27 16:57 - 2012-10-02 20:10 - 00000000 ____D () C:\Users\smoking caterpillar\AppData\Roaming\vlc
2015-05-26 20:33 - 2015-04-26 11:46 - 00000000 ____D () C:\Users\smoking caterpillar\Desktop\Praktikum
2015-05-25 04:16 - 2012-11-15 20:11 - 00000000 ____D () C:\Users\smoking caterpillar\AppData\Roaming\Mipony
2015-05-25 00:44 - 2014-12-06 15:01 - 00000000 ____D () C:\Users\smoking caterpillar\AppData\Local\Captcha_Brotherhood
2015-05-23 18:22 - 2012-11-27 03:58 - 00000000 ____D () C:\Users\smoking caterpillar\.gimp-2.8
2015-05-23 17:53 - 2014-02-21 21:07 - 00000000 ____D () C:\Users\smoking caterpillar\AppData\Local\gtk-2.0
2015-05-20 16:08 - 2012-10-02 17:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-20 06:40 - 2012-10-06 21:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-05-17 14:30 - 2015-03-22 03:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-15 23:46 - 2012-12-10 19:22 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-13 11:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-05-13 08:53 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-13 08:53 - 2009-07-14 06:45 - 00389040 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-13 08:51 - 2014-04-11 03:00 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-13 08:51 - 2014-04-11 03:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-13 03:37 - 2010-11-21 09:00 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-13 03:34 - 2013-06-24 08:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-05-13 03:34 - 2013-06-21 13:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-13 03:33 - 2012-10-04 00:03 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-13 03:33 - 2012-10-04 00:03 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-05-13 03:32 - 2012-10-04 00:02 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-05-13 03:32 - 2012-10-04 00:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-05-13 03:28 - 2013-07-24 08:32 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-13 03:21 - 2012-10-02 17:28 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-13 03:07 - 2014-04-11 03:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-09 21:42 - 2013-11-04 17:53 - 00000000 ____D () C:\Users\smoking caterpillar\AppData\Roaming\Aquamarin Haushaltsbuch
2015-05-08 15:56 - 2014-10-11 12:18 - 00000000 ____D () C:\Users\smoking caterpillar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-02 22:33 - 2013-06-21 13:49 - 00000000 ____D () C:\Users\smoking caterpillar\AppData\Local\Microsoft Help

==================== Files in the root of some directories =======

2014-02-28 17:55 - 2014-12-07 13:05 - 0023978 _____ () C:\Users\smoking caterpillar\AppData\Roaming\Notepad2.ini
2015-03-22 03:23 - 2015-03-22 03:23 - 0000043 _____ () C:\Users\smoking caterpillar\AppData\Roaming\WB.CFG
2012-10-02 00:32 - 2012-10-02 00:32 - 0003584 _____ () C:\Users\smoking caterpillar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-07 23:44 - 2013-10-07 23:44 - 0001480 _____ () C:\Users\smoking caterpillar\AppData\Local\RecConfig.xml
2015-05-23 17:56 - 2015-05-23 17:56 - 0002783 _____ () C:\Users\smoking caterpillar\AppData\Local\recently-used.xbel
2013-10-05 22:14 - 2013-10-05 22:14 - 0007605 _____ () C:\Users\smoking caterpillar\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\smoking caterpillar\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbkja5g.dll
C:\Users\smoking caterpillar\AppData\Local\Temp\install_flashplayer17x32au_ltr5x64d_awc_aih.exe
C:\Users\smoking caterpillar\AppData\Local\Temp\jre-8u45-windows-au.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-24 03:38

==================== End of log ============================
         
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by smoking caterpillar at 2015-05-30 15:16:49
Running from C:\Users\smoking caterpillar\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3093878258-50056534-2936666279-500 - Administrator - Disabled)
Gast (S-1-5-21-3093878258-50056534-2936666279-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3093878258-50056534-2936666279-1005 - Limited - Enabled)
smoking caterpillar (S-1-5-21-3093878258-50056534-2936666279-1000 - Administrator - Enabled) => C:\Users\smoking caterpillar

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.)
Box Sync (HKLM\...\{EEB8F356-B3D4-4FB6-815D-DBADA7E71E4F}) (Version: 4.0.3234.0 - Box, Inc.)
Captcha Brotherhood (HKLM-x32\...\{CCD438F0-5D72-4945-9E72-6560C7E5E0D0}) (Version: 1.2.0 - Brotherhood Software)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 1.82 - NCH Software)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.88 - DivX, LLC)
Dropbox (HKU\S-1-5-21-3093878258-50056534-2936666279-1000\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
FileZilla Client 3.10.0 (HKLM-x32\...\FileZilla Client) (Version: 3.10.0 - Tim Kosse)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Intel WiMAX Tutorial (HKLM\...\{4F26C164-9373-4974-8F43-E0F2176AF937}) (Version: 1.5.3.1 - Intel Corporation)
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{5C1DA3D9-F590-4317-A4FB-274F658E504B}) (Version: 6.05.0000 - Intel Corporation)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
K-Lite Codec Pack 10.8.0 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.8.0 - )
Last.fm Scrobbler 2.1.37 (HKLM-x32\...\LastFM_is1) (Version:  - Last.fm)
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
MiPony 2.2.3 (HKLM-x32\...\MiPony) (Version: 2.2.3 - )
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.7.0 (x86 de)) (Version: 31.7.0 - Mozilla)
Notepad2 (Notepad Replacement) (HKLM\...\Notepad2) (Version: 4.2.25  - Florian Balmer)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF24 Creator 6.8.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Shutdown Timer (HKLM\...\{0B1BBEE3-C10D-44BE-A6BE-EEC867315F87}) (Version: 3.3.4 - Sinvise Systems)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{CBCC2FD8-7DFE-4752-95B5-2E447C226F45}) (Version:  - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VLC media player 2.0.2 (HKLM\...\VLC media player) (Version: 2.0.2 - VideoLAN)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-3093878258-50056534-2936666279-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

27-05-2015 02:35:46 Geplanter Prüfpunkt
27-05-2015 14:16:28 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2014-12-10 15:28 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0311A0CE-5DEB-42E9-8FFD-77FA09F39190} - System32\Tasks\{57DE9D6B-0882-4BD7-ABA2-F81A351032B2} => pcalua.exe -a "C:\Users\smoking caterpillar\Desktop\httpq_v3.0_win_installer.exe" -d "C:\Users\smoking caterpillar\Desktop"
Task: {0D0F74DE-8245-42C0-A928-734AF66C6BAF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {4480DF2B-BE9E-4265-A8F6-B8D0B6463F54} - System32\Tasks\{A2413FBC-F606-442B-A65E-CEB5513CFAE8} => pcalua.exe -a "C:\Users\smoking caterpillar\Desktop\DeepBurner19.exe" -d "C:\Users\smoking caterpillar\Desktop"
Task: {6D63B34F-A3EC-49AE-A775-1DA1478703B1} - System32\Tasks\{BF1FC3AF-DB5D-4852-976C-261341060581} => pcalua.exe -a "C:\Users\smoking caterpillar\Desktop\Install_ICQ6.exe" -d "C:\Users\smoking caterpillar\Desktop"
Task: {7FA54300-76BF-4D55-BFE8-CC77F2ABC8F6} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe [2009-09-23] ()
Task: {9773D4EB-C093-49EE-8EA0-B92FA58910CD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {BB96A6BA-9DA6-45A5-A3D8-10449F0F449A} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {D4FACB97-30F5-4E16-9843-07E9D7E705FF} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2014-10-06] ()
Task: {DAD3D603-9F91-45DE-A964-3BE34A3FE9BF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {E536B87C-E6DD-4174-A34C-774BC2C65C2D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {FC9D033E-8999-4D68-A0AF-6B55808F5B0B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-18] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2013-09-26 14:40 - 2013-09-26 14:40 - 00080896 _____ () C:\Program Files\Box\Box Sync\SystemWrapper.dll
2014-12-08 12:10 - 2014-12-08 12:10 - 00102176 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2011-04-10 10:40 - 2011-04-10 10:40 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-03-10 19:58 - 2013-03-10 19:58 - 02598496 _____ () C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
2014-01-10 07:26 - 2014-01-10 07:26 - 01861968 _____ () C:\PROGRAM FILES (X86)\DIVX\DIVX UPDATE\DIVXUPDATE.EXE
2012-05-16 21:01 - 2012-05-16 21:01 - 00140800 _____ () C:\Program Files (x86)\Rainlendar2\lua52.dll
2013-03-10 19:59 - 2013-03-10 19:59 - 00215648 _____ () C:\Program Files (x86)\Rainlendar2\plugins\iCalendarPlugin.dll
2012-06-17 15:22 - 2012-06-17 15:22 - 00012800 _____ () C:\Program Files (x86)\Rainlendar2\lfs.dll
2015-05-30 14:33 - 2015-05-30 14:33 - 00043008 _____ () c:\Users\smoking caterpillar\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbkja5g.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\smoking caterpillar\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\smoking caterpillar\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\smoking caterpillar\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\smoking caterpillar\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00010240 _____ () C:\Users\smoking caterpillar\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00726016 _____ () C:\Users\smoking caterpillar\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00010240 _____ () C:\Users\smoking caterpillar\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00417280 _____ () C:\Program Files (x86)\Winamp\nsutil.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00078848 _____ () C:\Program Files (x86)\Winamp\nde.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00064512 _____ () C:\Program Files (x86)\Winamp\zlib.dll
2015-05-30 14:33 - 2015-05-30 14:33 - 00010752 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\auth.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00069120 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\burnlib.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00013824 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\dsp_sps.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00006656 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\enc_fhgaac.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00004096 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\enc_flac.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00005632 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\enc_lame.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00004096 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\enc_vorbis.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00004096 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\enc_wav.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00006144 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\enc_wma.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00023552 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\gen_classicart.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00007168 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\gen_crasher.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00023040 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\gen_ff.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00004096 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\gen_find_on_disk.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00011776 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\gen_hotkeys.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00041984 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\gen_jumpex.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00041984 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\gen_jumpex_original.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00021504 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\gen_ml.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00009728 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\gen_nopro.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00007168 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\gen_orgler.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00014848 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\gen_play_remove.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00011776 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\gen_skinmanager.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00010240 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\gen_timerestore.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00008192 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\gen_tray.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00010752 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\gen_undo.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00005120 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\in_avi.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00014336 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\in_cdda.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00006656 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\in_dshow.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00005632 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\in_flac.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00003584 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\in_flv.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00003584 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\in_linein.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00020480 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\in_midi.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00004608 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\in_mkv.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00018944 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\in_mod.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00023040 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\in_mp3.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00005120 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\in_mp4.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00011776 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\in_nsv.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00003584 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\in_swf.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00011264 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\in_vorbis.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00006656 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\in_wav.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00005632 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\in_wave.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00015360 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\in_wm.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00004608 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\in_wv.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00003584 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\ml_addons.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00006656 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\ml_autotag.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00005120 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\ml_bookmarks.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00008704 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\ml_devices.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00047616 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\ml_disc.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00009728 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\ml_downloads.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00004608 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\ml_enqplay.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00008704 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\ml_history.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00005120 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\ml_impex.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00056320 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\ml_local.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00003584 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\ml_nowplaying.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00014336 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\ml_online.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00004096 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\ml_orb.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00012800 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\ml_playlists.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00034816 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\ml_plg.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00047104 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\ml_pmp.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00005120 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\ml_rg.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00008192 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\ml_transcode.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00014848 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\ml_wire.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00036352 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\ombrowser.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00006144 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\out_disk.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00016384 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\out_ds.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00007680 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\out_wave.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00003072 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\playlist.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00004608 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\pmp_activesync.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00020480 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\pmp_android.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00036864 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\pmp_ipod.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00003584 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\pmp_njb.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00004096 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\pmp_p4s.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00011776 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\pmp_usb.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00039424 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\pmp_wifi.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00006144 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\tagz.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00088064 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\vis_avs.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00156160 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\vis_milk2.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00007680 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\vis_nsfs.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00206336 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\winamp.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00004096 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\winampa.lng
2012-06-20 18:14 - 2012-10-02 19:02 - 00023552 _____ () C:\Program Files (x86)\Winamp\System\albumart.w5s
2012-06-20 18:14 - 2012-10-02 19:02 - 00174080 _____ () C:\Program Files (x86)\Winamp\System\auth.w5s
2012-06-20 18:14 - 2012-10-02 19:02 - 00019456 _____ () C:\Program Files (x86)\Winamp\System\bmp.w5s
2012-06-20 18:14 - 2012-10-02 19:02 - 00044544 _____ () C:\Program Files (x86)\Winamp\System\devices.w5s
2012-06-20 18:14 - 2012-10-02 19:02 - 00016896 _____ () C:\Program Files (x86)\Winamp\System\dlmgr.w5s
2012-06-20 18:14 - 2012-10-02 19:02 - 00014336 _____ () C:\Program Files (x86)\Winamp\System\filereader.w5s
2012-06-20 18:14 - 2012-10-02 19:02 - 00019456 _____ () C:\Program Files (x86)\Winamp\System\gif.w5s
2012-06-20 18:14 - 2012-10-02 19:02 - 00016384 _____ () C:\Program Files (x86)\Winamp\System\gracenote.w5s
2012-06-20 18:14 - 2012-10-02 19:02 - 00623616 _____ () C:\Program Files (x86)\Winamp\System\jnetlib.w5s
2012-06-20 18:14 - 2012-10-02 19:02 - 00154624 _____ () C:\Program Files (x86)\Winamp\System\jpeg.w5s
2012-06-20 18:14 - 2012-10-02 19:02 - 00084480 _____ () C:\Program Files (x86)\Winamp\System\playlist.w5s
2012-06-20 18:14 - 2012-10-02 19:02 - 00087552 _____ () C:\Program Files (x86)\Winamp\System\png.w5s
2012-06-20 18:14 - 2012-10-02 19:02 - 00013824 _____ () C:\Program Files (x86)\Winamp\System\primo.w5s
2012-06-20 18:14 - 2012-10-02 19:02 - 00021504 _____ () C:\Program Files (x86)\Winamp\System\tagz.w5s
2012-06-20 18:14 - 2012-10-02 19:02 - 00035328 _____ () C:\Program Files (x86)\Winamp\System\timer.w5s
2012-06-20 18:14 - 2012-10-02 19:02 - 00091136 _____ () C:\Program Files (x86)\Winamp\System\xml.w5s
2012-06-20 18:14 - 2012-10-02 19:02 - 00068608 _____ () C:\Program Files (x86)\Winamp\Plugins\in_avi.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00102400 _____ () C:\Program Files (x86)\Winamp\Plugins\in_cdda.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00072192 _____ () C:\Program Files (x86)\Winamp\Plugins\in_dshow.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00061440 _____ () C:\Program Files (x86)\Winamp\Plugins\in_flac.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00043008 _____ () C:\Program Files (x86)\Winamp\Plugins\in_flv.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00007168 _____ () C:\Program Files (x86)\Winamp\Plugins\in_linein.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00109568 _____ () C:\Program Files (x86)\Winamp\Plugins\in_midi.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00049152 _____ () C:\Program Files (x86)\Winamp\Plugins\in_mkv.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00164864 _____ () C:\Program Files (x86)\Winamp\Plugins\in_mod.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00290816 _____ () C:\Program Files (x86)\Winamp\Plugins\in_mp3.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00052736 _____ () C:\Program Files (x86)\Winamp\Plugins\in_mp4.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00075264 _____ () C:\Program Files (x86)\Winamp\Plugins\in_nsv.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00023552 _____ () C:\Program Files (x86)\Winamp\Plugins\in_swf.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00253440 _____ () C:\Program Files (x86)\Winamp\Plugins\in_vorbis.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00016896 _____ () C:\Program Files (x86)\Winamp\Plugins\in_wave.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00253440 _____ () C:\Program Files (x86)\Winamp\libsndfile.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00313344 _____ () C:\Program Files (x86)\Winamp\Plugins\in_wm.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00022528 _____ () C:\Program Files (x86)\Winamp\Plugins\out_disk.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00052224 _____ () C:\Program Files (x86)\Winamp\Plugins\out_ds.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00018432 _____ () C:\Program Files (x86)\Winamp\Plugins\out_wave.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 01737728 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_ff.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00083968 _____ () C:\Program Files (x86)\Winamp\tataki.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00340992 _____ () C:\Program Files (x86)\Winamp\Plugins\freeform\wacs\freetype\freetype.wac
2012-06-20 18:14 - 2012-10-02 19:02 - 00028160 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_hotkeys.dll
2004-04-26 00:09 - 2004-04-26 00:09 - 00372736 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_httpq.dll
2011-11-11 00:10 - 2012-10-02 19:02 - 00185344 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_jumpex.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00318976 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_ml.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00294912 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_local.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00084480 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_playlists.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00249856 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_devices.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00201728 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_disc.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00240640 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_pmp.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00060928 _____ () C:\Program Files (x86)\Winamp\Plugins\pmp_android.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00170496 _____ () C:\Program Files (x86)\Winamp\Plugins\pmp_ipod.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00020480 _____ () C:\Program Files (x86)\Winamp\Plugins\pmp_njb.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00118272 _____ () C:\Program Files (x86)\Winamp\Plugins\pmp_p4s.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00053760 _____ () C:\Program Files (x86)\Winamp\Plugins\pmp_usb.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00113664 _____ () C:\Program Files (x86)\Winamp\Plugins\pmp_wifi.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00028672 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_bookmarks.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00052224 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_history.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00028672 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_autotag.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00057344 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_impex.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00033792 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_rg.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00032256 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_transcode.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00025600 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_tray.dll
2013-01-16 14:55 - 2015-04-20 02:00 - 00738784 _____ () C:\Program Files (x86)\Last.fm\unicorn.dll
2013-01-16 14:55 - 2015-04-20 02:00 - 00034784 _____ () C:\Program Files (x86)\Last.fm\logger.dll
2013-01-16 14:55 - 2015-04-20 02:00 - 00353248 _____ () C:\Program Files (x86)\Last.fm\lastfm.dll
2013-01-16 14:55 - 2015-04-20 02:00 - 00128992 _____ () C:\Program Files (x86)\Last.fm\listener.dll
2013-01-16 14:55 - 2015-04-20 01:59 - 00304608 _____ () C:\Program Files (x86)\Last.fm\phonon.dll
2015-04-22 16:16 - 2015-04-20 02:00 - 00184800 _____ () C:\Program Files (x86)\Last.fm\plugins\phonon_backend\phonon_vlc.dll
2013-01-16 14:55 - 2015-04-20 01:59 - 00113120 _____ () C:\Program Files (x86)\Last.fm\libvlc.dll
2013-01-16 14:55 - 2015-04-20 01:59 - 02288608 _____ () C:\Program Files (x86)\Last.fm\libvlccore.dll
2015-04-22 16:16 - 2015-04-20 02:00 - 00051680 _____ () C:\Program Files (x86)\Last.fm\plugins\audio_output\libaout_directx_plugin.dll
2014-01-10 07:28 - 2014-01-10 07:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2015-04-18 19:40 - 2015-04-18 19:40 - 16863920 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:0A8E2C33
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3093878258-50056534-2936666279-1000\...\secunia.com -> hxxps://secunia.com

IE restricted site: HKU\S-1-5-21-3093878258-50056534-2936666279-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3093878258-50056534-2936666279-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3093878258-50056534-2936666279-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3093878258-50056534-2936666279-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3093878258-50056534-2936666279-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3093878258-50056534-2936666279-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3093878258-50056534-2936666279-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-3093878258-50056534-2936666279-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-3093878258-50056534-2936666279-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3093878258-50056534-2936666279-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-3093878258-50056534-2936666279-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3093878258-50056534-2936666279-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3093878258-50056534-2936666279-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3093878258-50056534-2936666279-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3093878258-50056534-2936666279-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3093878258-50056534-2936666279-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3093878258-50056534-2936666279-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3093878258-50056534-2936666279-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3093878258-50056534-2936666279-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3093878258-50056534-2936666279-1000\...\1001movie.com -> 1001movie.com

There are 6088 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3093878258-50056534-2936666279-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\smoking caterpillar\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: DMAgent => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: Secunia PSI Agent => 2
MSCONFIG\Services: Secunia Update Agent => 2
MSCONFIG\Services: WiMAXAppSrv => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk => C:\Windows\pss\Secunia PSI Tray.lnk.CommonStartup
MSCONFIG\startupreg: FileHippo.com => "C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: IntelWirelessWiMAX => "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash
MSCONFIG\startupreg: Ocs_SM => C:\Users\smoking caterpillar\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SonicMasterTray => C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
MSCONFIG\startupreg: Spotify => "C:\Users\smoking caterpillar\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\smoking caterpillar\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynAsusAcpi => %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{3C5F7CDE-0BF6-452B-B559-E96BDB2FB379}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
FirewallRules: [{ED0CD68E-F281-4125-A5DF-CA96A21B8AEB}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
FirewallRules: [{F377B8F7-FF69-4C85-9626-33AB10AEF8DC}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
FirewallRules: [{3A973FE1-5BF8-4705-8504-C8881D1166A0}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
FirewallRules: [TCP Query User{F33B5FD2-71FA-4600-8445-0A864817ABFE}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{1571C7F1-98A0-4EAD-8BFA-D15B7326ACEC}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [{3778583D-C91A-4519-B38A-5C50C6E6DB0B}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{13B16981-6D5E-46C6-9414-E1597D1DB1EB}] => (Allow) C:\Program Files (x86)\ICQ7M\ICQ.exe
FirewallRules: [{F4EFD91C-EBA0-4603-A01F-658963A3A111}] => (Allow) C:\Program Files (x86)\ICQ7M\ICQ.exe
FirewallRules: [TCP Query User{7DB69B7E-C5A0-4481-B388-E37FD63EA969}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{9A50D58F-0212-4280-A593-3E64C70E927A}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{BDFD8E04-BBC2-451A-AAA2-66B55FE8F4CB}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{3E8C0259-9F0C-4A14-9C5E-447565DEDD73}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{8A7361E0-2A8E-4004-818F-7ACB6B279B94}] => (Allow) C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
FirewallRules: [{F2073049-1BD5-4B8B-B181-8E164D1FD752}] => (Allow) C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
FirewallRules: [{31A8DF2E-B654-49B6-9AD0-2B5FFA9C1F16}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{D0F9379C-87E2-4E9E-98DF-4ADD6A09095B}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [TCP Query User{F8C39154-DC4B-4431-95B2-88ADD36B8F22}C:\program files (x86)\jdownloader 2\jdownloader 2.exe] => (Allow) C:\program files (x86)\jdownloader 2\jdownloader 2.exe
FirewallRules: [UDP Query User{976E6DB3-FA94-4CBE-92A8-281A13A3C90F}C:\program files (x86)\jdownloader 2\jdownloader 2.exe] => (Allow) C:\program files (x86)\jdownloader 2\jdownloader 2.exe
FirewallRules: [TCP Query User{43AE14EE-AA38-415D-953C-CCC4A78E60D9}C:\users\smoking caterpillar\desktop\candisoft_load__0.7.2\candisoft_load!_0.7.2\candisoft_load!_0.7.2\load.exe] => (Allow) C:\users\smoking caterpillar\desktop\candisoft_load__0.7.2\candisoft_load!_0.7.2\candisoft_load!_0.7.2\load.exe
FirewallRules: [UDP Query User{DBC6A752-681A-4DFA-86D9-D657221F85CD}C:\users\smoking caterpillar\desktop\candisoft_load__0.7.2\candisoft_load!_0.7.2\candisoft_load!_0.7.2\load.exe] => (Allow) C:\users\smoking caterpillar\desktop\candisoft_load__0.7.2\candisoft_load!_0.7.2\candisoft_load!_0.7.2\load.exe
FirewallRules: [TCP Query User{C2C4D137-D1E0-45FB-A62C-03C1D5A49A23}C:\users\smoking caterpillar\desktop\rtmpexplorer2\rtmpexplorer2\rtmpsrv.exe] => (Allow) C:\users\smoking caterpillar\desktop\rtmpexplorer2\rtmpexplorer2\rtmpsrv.exe
FirewallRules: [UDP Query User{5124CD94-A20A-41DA-AA08-1C26D059FD55}C:\users\smoking caterpillar\desktop\rtmpexplorer2\rtmpexplorer2\rtmpsrv.exe] => (Allow) C:\users\smoking caterpillar\desktop\rtmpexplorer2\rtmpexplorer2\rtmpsrv.exe
FirewallRules: [TCP Query User{CAE872C6-B946-49C2-90D0-4808A4DC7E88}C:\users\smoking caterpillar\desktop\rtmpexplorer2\rtmpexplorer2\rtmpsuck.exe] => (Allow) C:\users\smoking caterpillar\desktop\rtmpexplorer2\rtmpexplorer2\rtmpsuck.exe
FirewallRules: [UDP Query User{522C08C0-0835-4ED5-A360-40854D5021BE}C:\users\smoking caterpillar\desktop\rtmpexplorer2\rtmpexplorer2\rtmpsuck.exe] => (Allow) C:\users\smoking caterpillar\desktop\rtmpexplorer2\rtmpexplorer2\rtmpsuck.exe
FirewallRules: [TCP Query User{8F1461A0-F056-4BE4-BF8A-CAD77D85ED81}C:\users\smoking caterpillar\desktop\office\office64\office64\microsoft.office.professional.plus.2013.volume.license.x64.kmsmicro.v3.10.german-mcu\kmsmicro.v3.10\kmsmicro v3.10\qemu\qemu.exe] => (Allow) C:\users\smoking caterpillar\desktop\office\office64\office64\microsoft.office.professional.plus.2013.volume.license.x64.kmsmicro.v3.10.german-mcu\kmsmicro.v3.10\kmsmicro v3.10\qemu\qemu.exe
FirewallRules: [UDP Query User{6DA8183D-290D-4128-BBF2-244533346FF5}C:\users\smoking caterpillar\desktop\office\office64\office64\microsoft.office.professional.plus.2013.volume.license.x64.kmsmicro.v3.10.german-mcu\kmsmicro.v3.10\kmsmicro v3.10\qemu\qemu.exe] => (Allow) C:\users\smoking caterpillar\desktop\office\office64\office64\microsoft.office.professional.plus.2013.volume.license.x64.kmsmicro.v3.10.german-mcu\kmsmicro.v3.10\kmsmicro v3.10\qemu\qemu.exe
FirewallRules: [{4B9A0515-9B15-408A-A838-EDE247044266}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{9DA1ABBD-C689-4E41-9180-F559018EDF98}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{D4050F6A-B239-43F3-9C1D-637F55B46A3F}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{0AAFBF66-F341-4192-BAFF-D15CFA5AE88B}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{D80B6665-5D95-4F6D-9EB3-E122D2123E59}C:\users\smoking caterpillar\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\smoking caterpillar\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{1E176D0A-880A-4C2F-8341-565F2857591E}C:\users\smoking caterpillar\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\smoking caterpillar\appdata\roaming\spotify\spotify.exe
FirewallRules: [{F7C46FA3-E72E-489C-8166-321A25B8D17B}] => (Allow) C:\ProgramData\eSafe\eGdpSvc.exe
FirewallRules: [TCP Query User{8AD58572-D2A0-4FC0-9719-81215409B842}C:\users\smoking caterpillar\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\smoking caterpillar\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{3AF580CC-7E10-4459-ACF7-DF5847E84413}C:\users\smoking caterpillar\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\smoking caterpillar\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{5AA2F6F5-765F-4E6E-BA2C-B69478A470D6}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{AA553062-DFBC-4FB8-82F4-A762D8A2225B}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{55D11AFC-710A-4937-833D-9354BFD6D045}C:\users\smoking caterpillar\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\smoking caterpillar\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{C0462DDF-DD4B-4922-8EEA-C96E74743953}C:\users\smoking caterpillar\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\smoking caterpillar\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{236CC93D-C9A0-4EB2-8A2F-713940BC2D37}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{F5E7A86C-B841-4FC2-9FB2-FC4CA8E994D2}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{DDC9FE58-B159-474C-94D8-A25F63648F3C}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{E117C392-9482-4C22-9F83-EC529D0DD482}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{074D7FC5-B419-4153-B28B-CD130662B2C6}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{444A5458-11AD-4902-BC05-139660519445}] => (Allow) LPort=2869
FirewallRules: [{174B014D-B56F-40B9-A420-EE89496B16D9}] => (Allow) LPort=1900
FirewallRules: [{5E5E5BBC-F27A-4C89-A9D2-3A5B47B6DFA9}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{7CBBC330-6E60-43B0-9AD7-7C337940901B}C:\users\smoking caterpillar\appdata\roaming\mozilla\firefox\profiles\smf00mp5.default\extensions\jid1-4p0kohsjxu1qgg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe] => (Allow) C:\users\smoking caterpillar\appdata\roaming\mozilla\firefox\profiles\smf00mp5.default\extensions\jid1-4p0kohsjxu1qgg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe
FirewallRules: [UDP Query User{E3207F35-AC55-4E8C-885F-8F17EAA33D21}C:\users\smoking caterpillar\appdata\roaming\mozilla\firefox\profiles\smf00mp5.default\extensions\jid1-4p0kohsjxu1qgg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe] => (Allow) C:\users\smoking caterpillar\appdata\roaming\mozilla\firefox\profiles\smf00mp5.default\extensions\jid1-4p0kohsjxu1qgg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe
FirewallRules: [TCP Query User{E12707AF-EB9C-46E1-972F-CF046FBEF3C9}C:\users\smoking caterpillar\appdata\roaming\mozilla\firefox\profiles\smf00mp5.default\extensions\jid1-4p0kohsjxu1qgg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe] => (Allow) C:\users\smoking caterpillar\appdata\roaming\mozilla\firefox\profiles\smf00mp5.default\extensions\jid1-4p0kohsjxu1qgg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe
FirewallRules: [UDP Query User{30600CB9-FE30-4630-AA07-5EBFAE58C51B}C:\users\smoking caterpillar\appdata\roaming\mozilla\firefox\profiles\smf00mp5.default\extensions\jid1-4p0kohsjxu1qgg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe] => (Allow) C:\users\smoking caterpillar\appdata\roaming\mozilla\firefox\profiles\smf00mp5.default\extensions\jid1-4p0kohsjxu1qgg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe
FirewallRules: [{95FEAB33-36C5-4163-BB9C-6B2FFDDA898D}] => (Allow) C:\Users\smoking caterpillar\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{41CB992D-616F-4C65-BB3A-AD85726305FE}] => (Allow) C:\Users\smoking caterpillar\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{7727E00F-212D-45F9-87ED-1938925F83D5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{ACC6BC00-DA18-468F-8488-DE5E58AC24F4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7E2D7CAF-DDF0-4C23-9D00-4AB8CD518330}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E04C6467-E6B9-4685-9EE7-58A922134570}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{72627C23-02EF-47A7-8231-BCAB4A07B94B}C:\users\smoking caterpillar\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\smoking caterpillar\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{6A9FDE97-E126-4D89-81B9-04FAEA69DC47}C:\users\smoking caterpillar\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\smoking caterpillar\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{283B11D4-6737-4647-8B22-16A32867BF53}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9F144C31-1407-424F-B445-090879431234}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{CEA84FCA-0299-4CB4-86FC-FBA756B97170}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{CB908B9E-50C5-4C18-9338-A8F46FD583F9}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/30/2015 02:34:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2015 00:47:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2015 07:36:16 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154

Error: (05/30/2015 07:27:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2015 00:15:06 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/30/2015 00:15:06 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/29/2015 10:46:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/29/2015 09:44:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/29/2015 04:16:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/29/2015 07:51:43 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154


System errors:
=============
Error: (05/30/2015 02:33:05 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎30.‎05.‎2015 um 14:31:39 unerwartet heruntergefahren.

Error: (05/30/2015 02:31:39 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎30.‎05.‎2015 um 14:30:38 unerwartet heruntergefahren.

Error: (05/30/2015 00:56:04 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureCommand" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (05/30/2015 00:55:59 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (05/30/2015 00:46:49 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (05/30/2015 00:46:49 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: Vom Echtzeitschutz-Feature von %%860 wurde ein Fehler festgestellt

	Feature: %%886

	Fehlercode: 0x80070005

	Fehlerbeschreibung: Zugriff verweigert 

	Grund: %%892

Error: (05/29/2015 10:44:41 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎29.‎05.‎2015 um 22:43:12 unerwartet heruntergefahren.

Error: (05/29/2015 09:42:25 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎29.‎05.‎2015 um 21:39:23 unerwartet heruntergefahren.

Error: (05/28/2015 11:59:35 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎28.‎05.‎2015 um 23:58:01 unerwartet heruntergefahren.

Error: (05/27/2015 03:08:21 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎27.‎05.‎2015 um 15:06:44 unerwartet heruntergefahren.


Microsoft Office:
=========================
Error: (05/30/2015 02:34:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2015 00:47:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2015 07:36:16 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154

Error: (05/30/2015 07:27:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2015 00:15:06 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"c:\program files (x86)\Last.fm\ext_skypenotify.dll

Error: (05/30/2015 00:15:06 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"c:\program files (x86)\Last.fm\ext_messengernotify.dll

Error: (05/29/2015 10:46:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/29/2015 09:44:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/29/2015 04:16:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/29/2015 07:51:43 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154


CodeIntegrity Errors:
===================================
  Date: 2014-12-10 14:26:41.191
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-12-10 14:26:41.151
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz
Percentage of memory in use: 61%
Total physical RAM: 4000.13 MB
Available physical RAM: 1523.19 MB
Total Pagefile: 7998.44 MB
Available Pagefile: 5897.75 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:119.24 GB) (Free:23.6 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (layby) (Fixed) (Total:153.85 GB) (Free:153.76 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 496B9619)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=119.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=153.9 GB) - (Type=07 NTFS)

==================== End of log ============================
         
__________________

Alt 31.05.2015, 05:56   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Glaube, mein Rechner ist verseucht. - Standard

Glaube, mein Rechner ist verseucht.



hi,

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 31.05.2015, 08:40   #5
brainInfect
 
Glaube, mein Rechner ist verseucht. - Standard

Glaube, mein Rechner ist verseucht.



Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.05.30.06
  rootkit: v2015.05.24.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17801
smoking caterpillar :: SMOKINGCATERPIL [administrator]

31.05.2015 08:50:16
mbar-log-2015-05-31 (08-50-16).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 423724
Time elapsed: 40 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
Code:
ATTFilter
09:36:29.0476 0x02f8  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
09:37:02.0738 0x02f8  ============================================================
09:37:02.0738 0x02f8  Current date / time: 2015/05/31 09:37:02.0738
09:37:02.0738 0x02f8  SystemInfo:
09:37:02.0738 0x02f8  
09:37:02.0738 0x02f8  OS Version: 6.1.7601 ServicePack: 1.0
09:37:02.0738 0x02f8  Product type: Workstation
09:37:02.0738 0x02f8  ComputerName: SMOKINGCATERPIL
09:37:02.0739 0x02f8  UserName: smoking caterpillar
09:37:02.0739 0x02f8  Windows directory: C:\Windows
09:37:02.0739 0x02f8  System windows directory: C:\Windows
09:37:02.0739 0x02f8  Running under WOW64
09:37:02.0739 0x02f8  Processor architecture: Intel x64
09:37:02.0739 0x02f8  Number of processors: 4
09:37:02.0739 0x02f8  Page size: 0x1000
09:37:02.0739 0x02f8  Boot type: Normal boot
09:37:02.0739 0x02f8  ============================================================
09:37:03.0722 0x02f8  KLMD registered as C:\Windows\system32\drivers\25696244.sys
09:37:04.0267 0x02f8  System UUID: {5846AD24-FAA6-4647-2747-3BDE21C9250C}
09:37:06.0364 0x02f8  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:37:06.0399 0x02f8  ============================================================
09:37:06.0399 0x02f8  \Device\Harddisk0\DR0:
09:37:06.0399 0x02f8  MBR partitions:
09:37:06.0399 0x02f8  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0xEE79000
09:37:06.0399 0x02f8  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x12079800, BlocksNum 0x133B4800
09:37:06.0399 0x02f8  ============================================================
09:37:06.0446 0x02f8  C: <-> \Device\Harddisk0\DR0\Partition1
09:37:06.0505 0x02f8  D: <-> \Device\Harddisk0\DR0\Partition2
09:37:06.0619 0x02f8  ============================================================
09:37:06.0619 0x02f8  Initialize success
09:37:06.0619 0x02f8  ============================================================
09:38:03.0993 0x0afc  ============================================================
09:38:03.0993 0x0afc  Scan started
09:38:03.0993 0x0afc  Mode: Manual; SigCheck; TDLFS; 
09:38:03.0993 0x0afc  ============================================================
09:38:03.0993 0x0afc  KSN ping started
09:38:06.0924 0x0afc  KSN ping finished: true
09:38:07.0575 0x0afc  ================ Scan system memory ========================
09:38:07.0575 0x0afc  System memory - ok
09:38:07.0576 0x0afc  ================ Scan services =============================
09:38:07.0740 0x0afc  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
09:38:07.0956 0x0afc  1394ohci - ok
09:38:08.0045 0x0afc  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
09:38:08.0092 0x0afc  ACPI - ok
09:38:08.0107 0x0afc  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
09:38:08.0201 0x0afc  AcpiPmi - ok
09:38:08.0339 0x0afc  [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
09:38:08.0383 0x0afc  AdobeARMservice - ok
09:38:08.0532 0x0afc  [ 00CC35F515079F5F94FABC3AC5C7D363, 7CE8B1715009602059DEDD6CBCA9C18EF079EDA344E7809813D6C0A395622B82 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:38:08.0548 0x0afc  AdobeFlashPlayerUpdateSvc - ok
09:38:08.0611 0x0afc  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
09:38:08.0645 0x0afc  adp94xx - ok
09:38:08.0669 0x0afc  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
09:38:08.0691 0x0afc  adpahci - ok
09:38:08.0734 0x0afc  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
09:38:08.0751 0x0afc  adpu320 - ok
09:38:08.0774 0x0afc  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
09:38:08.0899 0x0afc  AeLookupSvc - ok
09:38:09.0030 0x0afc  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
09:38:09.0119 0x0afc  AFD - ok
09:38:09.0161 0x0afc  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
09:38:09.0174 0x0afc  agp440 - ok
09:38:09.0205 0x0afc  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
09:38:09.0262 0x0afc  ALG - ok
09:38:09.0296 0x0afc  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
09:38:09.0307 0x0afc  aliide - ok
09:38:09.0367 0x0afc  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
09:38:09.0379 0x0afc  amdide - ok
09:38:09.0398 0x0afc  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
09:38:09.0447 0x0afc  AmdK8 - ok
09:38:09.0472 0x0afc  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
09:38:09.0505 0x0afc  AmdPPM - ok
09:38:09.0556 0x0afc  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
09:38:09.0571 0x0afc  amdsata - ok
09:38:09.0610 0x0afc  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
09:38:09.0629 0x0afc  amdsbs - ok
09:38:09.0642 0x0afc  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
09:38:09.0653 0x0afc  amdxata - ok
09:38:09.0695 0x0afc  [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID           C:\Windows\system32\drivers\appid.sys
09:38:09.0746 0x0afc  AppID - ok
09:38:09.0762 0x0afc  [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
09:38:09.0795 0x0afc  AppIDSvc - ok
09:38:09.0833 0x0afc  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
09:38:09.0884 0x0afc  Appinfo - ok
09:38:09.0939 0x0afc  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
09:38:09.0953 0x0afc  arc - ok
09:38:09.0988 0x0afc  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
09:38:10.0002 0x0afc  arcsas - ok
09:38:10.0047 0x0afc  [ 0D721BEDC99072972A1C09C9FE549B07, 1FAECF6BE04A8AA9B31AD155CECAE097E3FBF3AD90D3895CC8AAA12410966CF0 ] asmthub3        C:\Windows\system32\DRIVERS\asmthub3.sys
09:38:10.0142 0x0afc  asmthub3 - ok
09:38:10.0205 0x0afc  [ C401B8F26490DC3E5E47D3A91F87CD00, 6B0EF7097C0644CD0D7BD254729E3C43027F8A02FE6A368382E44077AE5D2085 ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
09:38:10.0280 0x0afc  asmtxhci - ok
09:38:10.0468 0x0afc  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
09:38:10.0497 0x0afc  aspnet_state - ok
09:38:10.0547 0x0afc  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
09:38:10.0605 0x0afc  AsyncMac - ok
09:38:10.0659 0x0afc  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
09:38:10.0670 0x0afc  atapi - ok
09:38:10.0825 0x0afc  [ A5E770426D18F8EF332A593F3289DA91, 87AC97758618765814B630CB1A189CD690DC6B0EAAE93D80EDE7771FB362C9AF ] athr            C:\Windows\system32\DRIVERS\athrx.sys
09:38:11.0018 0x0afc  athr - ok
09:38:11.0085 0x0afc  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:38:11.0133 0x0afc  AudioEndpointBuilder - ok
09:38:11.0174 0x0afc  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
09:38:11.0202 0x0afc  AudioSrv - ok
09:38:11.0249 0x0afc  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
09:38:11.0332 0x0afc  AxInstSV - ok
09:38:11.0375 0x0afc  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
09:38:11.0443 0x0afc  b06bdrv - ok
09:38:11.0480 0x0afc  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
09:38:11.0503 0x0afc  b57nd60a - ok
09:38:11.0550 0x0afc  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
09:38:11.0600 0x0afc  BDESVC - ok
09:38:11.0628 0x0afc  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
09:38:11.0690 0x0afc  Beep - ok
09:38:11.0755 0x0afc  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
09:38:11.0830 0x0afc  BFE - ok
09:38:11.0889 0x0afc  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
09:38:12.0123 0x0afc  BITS - ok
09:38:12.0157 0x0afc  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
09:38:12.0194 0x0afc  blbdrive - ok
09:38:12.0259 0x0afc  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
09:38:12.0309 0x0afc  bowser - ok
09:38:12.0416 0x0afc  [ 9E3CBFDFB9F9667519060223167A232C, C5E18338084DA0F48283FA46239C5C7E3F09FA8F93A8E19DE2C92B44370A75A2 ] BoxSyncUpdateService C:\Program Files\Box\Box Sync\SyncUpdaterService.exe
09:38:12.0438 0x0afc  BoxSyncUpdateService - detected UnsignedFile.Multi.Generic ( 1 )
09:38:15.0160 0x0afc  BoxSyncUpdateService ( UnsignedFile.Multi.Generic ) - warning
09:38:17.0950 0x0afc  [ 56E4345F392F17D66683225E214840CB, 76B30C48BBF06B8A52F9E4502D10A776930C4F509C5493A63A846FD706DB41DB ] bpenum          C:\Windows\system32\DRIVERS\bpenum.sys
09:38:18.0000 0x0afc  bpenum - ok
09:38:18.0027 0x0afc  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
09:38:18.0071 0x0afc  BrFiltLo - ok
09:38:18.0093 0x0afc  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
09:38:18.0136 0x0afc  BrFiltUp - ok
09:38:18.0201 0x0afc  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
09:38:18.0241 0x0afc  BridgeMP - ok
09:38:18.0306 0x0afc  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
09:38:18.0364 0x0afc  Browser - ok
09:38:18.0403 0x0afc  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
09:38:18.0461 0x0afc  Brserid - ok
09:38:18.0475 0x0afc  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
09:38:18.0509 0x0afc  BrSerWdm - ok
09:38:18.0540 0x0afc  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
09:38:18.0573 0x0afc  BrUsbMdm - ok
09:38:18.0592 0x0afc  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
09:38:18.0609 0x0afc  BrUsbSer - ok
09:38:18.0623 0x0afc  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
09:38:18.0662 0x0afc  BTHMODEM - ok
09:38:18.0696 0x0afc  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
09:38:18.0754 0x0afc  bthserv - ok
09:38:18.0785 0x0afc  catchme - ok
09:38:18.0859 0x0afc  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
09:38:18.0921 0x0afc  cdfs - ok
09:38:18.0967 0x0afc  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
09:38:19.0004 0x0afc  cdrom - ok
09:38:19.0039 0x0afc  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
09:38:19.0102 0x0afc  CertPropSvc - ok
09:38:19.0138 0x0afc  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
09:38:19.0173 0x0afc  circlass - ok
09:38:19.0266 0x0afc  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\Windows\system32\CLFS.sys
09:38:19.0299 0x0afc  CLFS - ok
09:38:19.0362 0x0afc  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:38:19.0373 0x0afc  clr_optimization_v2.0.50727_32 - ok
09:38:19.0456 0x0afc  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:38:19.0468 0x0afc  clr_optimization_v2.0.50727_64 - ok
09:38:19.0561 0x0afc  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:38:19.0578 0x0afc  clr_optimization_v4.0.30319_32 - ok
09:38:19.0592 0x0afc  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:38:19.0619 0x0afc  clr_optimization_v4.0.30319_64 - ok
09:38:19.0664 0x0afc  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
09:38:19.0694 0x0afc  CmBatt - ok
09:38:19.0727 0x0afc  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
09:38:19.0740 0x0afc  cmdide - ok
09:38:19.0803 0x0afc  [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG             C:\Windows\system32\Drivers\cng.sys
09:38:19.0857 0x0afc  CNG - ok
09:38:19.0891 0x0afc  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
09:38:19.0902 0x0afc  Compbatt - ok
09:38:19.0922 0x0afc  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
09:38:19.0958 0x0afc  CompositeBus - ok
09:38:19.0961 0x0afc  COMSysApp - ok
09:38:20.0037 0x0afc  [ 08F934092E0429BADF88E9F91DB0F61E, 6E9091C006FFFF261DC61C8E9A45219E47C351296E5355FC4B7242F30E1DDFE3 ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
09:38:20.0058 0x0afc  cphs - ok
09:38:20.0069 0x0afc  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
09:38:20.0080 0x0afc  crcdisk - ok
09:38:20.0132 0x0afc  [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc        C:\Windows\system32\cryptsvc.dll
09:38:20.0188 0x0afc  CryptSvc - ok
09:38:20.0236 0x0afc  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
09:38:20.0328 0x0afc  DcomLaunch - ok
09:38:20.0377 0x0afc  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
09:38:20.0441 0x0afc  defragsvc - ok
09:38:20.0501 0x0afc  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
09:38:20.0539 0x0afc  DfsC - ok
09:38:20.0571 0x0afc  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
09:38:20.0634 0x0afc  Dhcp - ok
09:38:20.0646 0x0afc  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
09:38:20.0705 0x0afc  discache - ok
09:38:20.0771 0x0afc  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
09:38:20.0785 0x0afc  Disk - ok
09:38:20.0845 0x0afc  [ E7B489FA5B15D2FEC3E52066E015B788, 0EFE49506FCF85ACD3DFC9AC0D3F5E4EE24AA14676027F62EC4798B1687C2249 ] DMAgent         C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
09:38:20.0903 0x0afc  DMAgent - detected UnsignedFile.Multi.Generic ( 1 )
09:38:23.0546 0x0afc  Detect skipped due to KSN trusted
09:38:23.0546 0x0afc  DMAgent - ok
09:38:23.0650 0x0afc  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
09:38:23.0707 0x0afc  Dnscache - ok
09:38:23.0742 0x0afc  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
09:38:23.0805 0x0afc  dot3svc - ok
09:38:23.0832 0x0afc  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
09:38:23.0885 0x0afc  DPS - ok
09:38:23.0918 0x0afc  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
09:38:23.0962 0x0afc  drmkaud - ok
09:38:24.0058 0x0afc  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
09:38:24.0116 0x0afc  DXGKrnl - ok
09:38:24.0149 0x0afc  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
09:38:24.0187 0x0afc  EapHost - ok
09:38:24.0335 0x0afc  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
09:38:24.0495 0x0afc  ebdrv - ok
09:38:24.0536 0x0afc  [ 4C3FAC816925F73A34AD52F1F7C0A7EA, 7E9B4F68E2ADABA3A9324DA16CF680D77CF2812D4BD0BFCFF0173CA61260A3FE ] EFS             C:\Windows\System32\lsass.exe
09:38:24.0594 0x0afc  EFS - ok
09:38:24.0673 0x0afc  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
09:38:24.0759 0x0afc  ehRecvr - ok
09:38:24.0771 0x0afc  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
09:38:24.0815 0x0afc  ehSched - ok
09:38:24.0873 0x0afc  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
09:38:24.0919 0x0afc  elxstor - ok
09:38:24.0933 0x0afc  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
09:38:24.0966 0x0afc  ErrDev - ok
09:38:25.0030 0x0afc  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
09:38:25.0107 0x0afc  EventSystem - ok
09:38:25.0132 0x0afc  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
09:38:25.0191 0x0afc  exfat - ok
09:38:25.0215 0x0afc  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
09:38:25.0274 0x0afc  fastfat - ok
09:38:25.0339 0x0afc  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
09:38:25.0395 0x0afc  Fax - ok
09:38:25.0423 0x0afc  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
09:38:25.0458 0x0afc  fdc - ok
09:38:25.0483 0x0afc  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
09:38:25.0538 0x0afc  fdPHost - ok
09:38:25.0578 0x0afc  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
09:38:25.0632 0x0afc  FDResPub - ok
09:38:25.0673 0x0afc  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
09:38:25.0686 0x0afc  FileInfo - ok
09:38:25.0706 0x0afc  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
09:38:25.0759 0x0afc  Filetrace - ok
09:38:25.0785 0x0afc  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
09:38:25.0812 0x0afc  flpydisk - ok
09:38:25.0846 0x0afc  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
09:38:25.0866 0x0afc  FltMgr - ok
09:38:25.0957 0x0afc  [ E612E86FA15EA1EF9A52433A2743C447, 8A66164541D2EE2334B6DE3995C31138EA85E3A06BC7FD901E60D345E4E1E8A8 ] FontCache       C:\Windows\system32\FntCache.dll
09:38:26.0097 0x0afc  FontCache - ok
09:38:26.0143 0x0afc  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:38:26.0153 0x0afc  FontCache3.0.0.0 - ok
09:38:26.0168 0x0afc  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
09:38:26.0180 0x0afc  FsDepends - ok
09:38:26.0213 0x0afc  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
09:38:26.0224 0x0afc  Fs_Rec - ok
09:38:26.0281 0x0afc  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
09:38:26.0302 0x0afc  fvevol - ok
09:38:26.0326 0x0afc  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
09:38:26.0339 0x0afc  gagp30kx - ok
09:38:26.0392 0x0afc  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
09:38:26.0485 0x0afc  gpsvc - ok
09:38:26.0510 0x0afc  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
09:38:26.0561 0x0afc  hcw85cir - ok
09:38:26.0606 0x0afc  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:38:26.0664 0x0afc  HdAudAddService - ok
09:38:26.0706 0x0afc  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
09:38:26.0724 0x0afc  HDAudBus - ok
09:38:26.0743 0x0afc  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
09:38:26.0778 0x0afc  HidBatt - ok
09:38:26.0812 0x0afc  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
09:38:26.0847 0x0afc  HidBth - ok
09:38:26.0869 0x0afc  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
09:38:26.0903 0x0afc  HidIr - ok
09:38:26.0943 0x0afc  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\System32\hidserv.dll
09:38:26.0980 0x0afc  hidserv - ok
09:38:27.0012 0x0afc  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
09:38:27.0038 0x0afc  HidUsb - ok
09:38:27.0067 0x0afc  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
09:38:27.0126 0x0afc  hkmsvc - ok
09:38:27.0161 0x0afc  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:38:27.0222 0x0afc  HomeGroupListener - ok
09:38:27.0262 0x0afc  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:38:27.0301 0x0afc  HomeGroupProvider - ok
09:38:27.0331 0x0afc  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
09:38:27.0345 0x0afc  HpSAMD - ok
09:38:27.0410 0x0afc  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
09:38:27.0560 0x0afc  HTTP - ok
09:38:27.0578 0x0afc  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
09:38:27.0589 0x0afc  hwpolicy - ok
09:38:27.0614 0x0afc  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
09:38:27.0629 0x0afc  i8042prt - ok
09:38:27.0684 0x0afc  [ D7921D5A870B11CC1ADAB198A519D50A, 5DF99EB5D5504E9D9EB21658E8B4A58DEE2AD143A1875DB7F9B7BF4877FCB57F ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
09:38:27.0704 0x0afc  iaStor - ok
09:38:27.0761 0x0afc  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
09:38:27.0797 0x0afc  iaStorV - ok
09:38:27.0868 0x0afc  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:38:27.0925 0x0afc  idsvc - ok
09:38:27.0966 0x0afc  IEEtwCollectorService - ok
09:38:28.0197 0x0afc  [ 8C44E6B688790E2AD3846C97661C54F1, CB487D167EDA3C1E30BD5FB8F98C15EB9E75A6FB793009C2F1BBCAAB4285F772 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
09:38:28.0537 0x0afc  igfx - ok
09:38:28.0578 0x0afc  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
09:38:28.0590 0x0afc  iirsp - ok
09:38:28.0659 0x0afc  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
09:38:28.0718 0x0afc  IKEEXT - ok
09:38:28.0853 0x0afc  [ CB7DADEF3D83FE2C12655A0BDCBA99F2, AD55A578986F008ED01635D3BB26414D71F418640099BFA92D9CABAB6A88E01D ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
09:38:28.0998 0x0afc  IntcAzAudAddService - ok
09:38:29.0051 0x0afc  [ FC727061C0F47C8059E88E05D5C8E381, C7A3782F5D86C7FDE57AA1F2EE81638C5FC3072ACC6E572BA2EC7B3CFF389800 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
09:38:29.0066 0x0afc  IntcDAud - detected UnsignedFile.Multi.Generic ( 1 )
09:38:31.0701 0x0afc  Detect skipped due to KSN trusted
09:38:31.0701 0x0afc  IntcDAud - ok
09:38:31.0773 0x0afc  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
09:38:31.0785 0x0afc  intelide - ok
09:38:31.0809 0x0afc  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
09:38:31.0824 0x0afc  intelppm - ok
09:38:31.0916 0x0afc  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
09:38:31.0976 0x0afc  IPBusEnum - ok
09:38:31.0992 0x0afc  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:38:32.0074 0x0afc  IpFilterDriver - ok
09:38:32.0155 0x0afc  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
09:38:32.0235 0x0afc  iphlpsvc - ok
09:38:32.0250 0x0afc  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
09:38:32.0291 0x0afc  IPMIDRV - ok
09:38:32.0354 0x0afc  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
09:38:32.0406 0x0afc  IPNAT - ok
09:38:32.0426 0x0afc  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
09:38:32.0456 0x0afc  IRENUM - ok
09:38:32.0478 0x0afc  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
09:38:32.0491 0x0afc  isapnp - ok
09:38:32.0536 0x0afc  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
09:38:32.0557 0x0afc  iScsiPrt - ok
09:38:32.0584 0x0afc  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
09:38:32.0596 0x0afc  kbdclass - ok
09:38:32.0605 0x0afc  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
09:38:32.0618 0x0afc  kbdhid - ok
09:38:32.0625 0x0afc  [ 4C3FAC816925F73A34AD52F1F7C0A7EA, 7E9B4F68E2ADABA3A9324DA16CF680D77CF2812D4BD0BFCFF0173CA61260A3FE ] KeyIso          C:\Windows\system32\lsass.exe
09:38:32.0636 0x0afc  KeyIso - ok
09:38:32.0685 0x0afc  [ C93EB3A92540830168F2057ECA7DE49A, 91DAEAD52B517E1E7CE9AAAE478493732156AA3122E6D16F7E8BD37116BB501C ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
09:38:32.0700 0x0afc  KSecDD - ok
09:38:32.0723 0x0afc  [ 43F45C59A472993E5063F2DB2D22C509, E21B48733619B49272F46E01432D76072AC9241F55CDF08E84AF6277E3BF972A ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
09:38:32.0739 0x0afc  KSecPkg - ok
09:38:32.0756 0x0afc  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
09:38:32.0792 0x0afc  ksthunk - ok
09:38:32.0825 0x0afc  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
09:38:32.0897 0x0afc  KtmRm - ok
09:38:32.0932 0x0afc  [ A4A9CA24E54E81C6C3E469EAEB4B3F42, FB6B72BF973EC2EE2D81AAAF47B030C0A5E7E7B079DAB257C52FEFC3F222CDC8 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
09:38:32.0944 0x0afc  L1C - ok
09:38:33.0001 0x0afc  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\System32\srvsvc.dll
09:38:33.0045 0x0afc  LanmanServer - ok
09:38:33.0084 0x0afc  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:38:33.0138 0x0afc  LanmanWorkstation - ok
09:38:33.0238 0x0afc  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
09:38:33.0292 0x0afc  lltdio - ok
09:38:33.0374 0x0afc  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
09:38:33.0472 0x0afc  lltdsvc - ok
09:38:33.0500 0x0afc  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
09:38:33.0569 0x0afc  lmhosts - ok
09:38:33.0589 0x0afc  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
09:38:33.0604 0x0afc  LSI_FC - ok
09:38:33.0638 0x0afc  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
09:38:33.0652 0x0afc  LSI_SAS - ok
09:38:33.0663 0x0afc  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
09:38:33.0675 0x0afc  LSI_SAS2 - ok
09:38:33.0694 0x0afc  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
09:38:33.0708 0x0afc  LSI_SCSI - ok
09:38:33.0745 0x0afc  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
09:38:33.0802 0x0afc  luafv - ok
09:38:33.0873 0x0afc  [ CF12E148C6FC151335B7D7FE03F1C7A2, 7087DF6D884AF0A57AC22D7AE9C2903913AAB4CE52D19666B6513C3D5706E43C ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
09:38:33.0884 0x0afc  MBAMProtector - ok
09:38:34.0022 0x0afc  [ E27891A49DF92004041FEC5C3A2D4230, A4679A1F10F84935875E35A83FC7075499B8F4CBB543209A38C0D946347CD264 ] MBAMService     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
09:38:34.0079 0x0afc  MBAMService - ok
09:38:34.0109 0x0afc  [ 0CE2F3E26C770CBAEB50787A2C1FD09E, 2DDB1827027D2CC8E78FE737B5DA21783EFCD13430DBB140C34DAACACD6EF492 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
09:38:34.0120 0x0afc  MBAMWebAccessControl - ok
09:38:34.0143 0x0afc  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
09:38:34.0159 0x0afc  Mcx2Svc - ok
09:38:34.0189 0x0afc  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
09:38:34.0201 0x0afc  megasas - ok
09:38:34.0227 0x0afc  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
09:38:34.0247 0x0afc  MegaSR - ok
09:38:34.0265 0x0afc  [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
09:38:34.0275 0x0afc  MEIx64 - ok
09:38:34.0306 0x0afc  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
09:38:34.0343 0x0afc  MMCSS - ok
09:38:34.0362 0x0afc  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
09:38:34.0415 0x0afc  Modem - ok
09:38:34.0465 0x0afc  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
09:38:34.0481 0x0afc  monitor - ok
09:38:34.0493 0x0afc  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
09:38:34.0505 0x0afc  mouclass - ok
09:38:34.0514 0x0afc  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
09:38:34.0526 0x0afc  mouhid - ok
09:38:34.0568 0x0afc  [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
09:38:34.0644 0x0afc  mountmgr - ok
09:38:34.0688 0x0afc  [ DD370A8148862150BA81A3F5C56A1E40, F56B84297BDC32266CB69D10FB2D66B8B332D60CAB7E64E4E3AC2BB749BBD31B ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
09:38:34.0703 0x0afc  MozillaMaintenance - ok
09:38:34.0765 0x0afc  [ 73150F67D20270FF95A021A22E64F28A, A8878DEFBE437FB453F8E9243FB5C787D07AC7415A4475388D479C10417C524F ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
09:38:34.0786 0x0afc  MpFilter - ok
09:38:34.0823 0x0afc  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
09:38:34.0840 0x0afc  mpio - ok
09:38:34.0859 0x0afc  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
09:38:34.0896 0x0afc  mpsdrv - ok
09:38:34.0953 0x0afc  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
09:38:35.0034 0x0afc  MpsSvc - ok
09:38:35.0079 0x0afc  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
09:38:35.0134 0x0afc  MRxDAV - ok
09:38:35.0182 0x0afc  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
09:38:35.0209 0x0afc  mrxsmb - ok
09:38:35.0245 0x0afc  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:38:35.0279 0x0afc  mrxsmb10 - ok
09:38:35.0311 0x0afc  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:38:35.0327 0x0afc  mrxsmb20 - ok
09:38:35.0365 0x0afc  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
09:38:35.0376 0x0afc  msahci - ok
09:38:35.0399 0x0afc  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
09:38:35.0414 0x0afc  msdsm - ok
09:38:35.0435 0x0afc  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
09:38:35.0453 0x0afc  MSDTC - ok
09:38:35.0478 0x0afc  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
09:38:35.0534 0x0afc  Msfs - ok
09:38:35.0550 0x0afc  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
09:38:35.0586 0x0afc  mshidkmdf - ok
09:38:35.0594 0x0afc  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
09:38:35.0606 0x0afc  msisadrv - ok
09:38:35.0639 0x0afc  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
09:38:35.0702 0x0afc  MSiSCSI - ok
09:38:35.0705 0x0afc  msiserver - ok
09:38:35.0722 0x0afc  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
09:38:35.0759 0x0afc  MSKSSRV - ok
09:38:35.0880 0x0afc  [ CE996C1821021ADF8E28E80A54E846A8, 99042E895B6C2EA80F3BA65563A12C8EBA882E3AD6A21DD8E799B0112C75DDD2 ] MsMpSvc         C:\Program Files\Microsoft Security Client\MsMpEng.exe
09:38:35.0891 0x0afc  MsMpSvc - ok
09:38:35.0905 0x0afc  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
09:38:35.0961 0x0afc  MSPCLOCK - ok
09:38:35.0981 0x0afc  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
09:38:36.0031 0x0afc  MSPQM - ok
09:38:36.0068 0x0afc  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
09:38:36.0091 0x0afc  MsRPC - ok
09:38:36.0107 0x0afc  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
09:38:36.0118 0x0afc  mssmbios - ok
09:38:36.0136 0x0afc  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
09:38:36.0191 0x0afc  MSTEE - ok
09:38:36.0223 0x0afc  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
09:38:36.0235 0x0afc  MTConfig - ok
09:38:36.0257 0x0afc  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
09:38:36.0270 0x0afc  Mup - ok
09:38:36.0313 0x0afc  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
09:38:36.0400 0x0afc  napagent - ok
09:38:36.0437 0x0afc  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
09:38:36.0478 0x0afc  NativeWifiP - ok
09:38:36.0551 0x0afc  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
09:38:36.0612 0x0afc  NDIS - ok
09:38:36.0628 0x0afc  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
09:38:36.0681 0x0afc  NdisCap - ok
09:38:36.0708 0x0afc  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
09:38:36.0744 0x0afc  NdisTapi - ok
09:38:36.0754 0x0afc  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
09:38:36.0815 0x0afc  Ndisuio - ok
09:38:36.0841 0x0afc  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
09:38:36.0893 0x0afc  NdisWan - ok
09:38:36.0918 0x0afc  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
09:38:36.0960 0x0afc  NDProxy - ok
09:38:36.0971 0x0afc  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
09:38:37.0022 0x0afc  NetBIOS - ok
09:38:37.0061 0x0afc  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
09:38:37.0123 0x0afc  NetBT - ok
09:38:37.0148 0x0afc  [ 4C3FAC816925F73A34AD52F1F7C0A7EA, 7E9B4F68E2ADABA3A9324DA16CF680D77CF2812D4BD0BFCFF0173CA61260A3FE ] Netlogon        C:\Windows\system32\lsass.exe
09:38:37.0159 0x0afc  Netlogon - ok
09:38:37.0195 0x0afc  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
09:38:37.0274 0x0afc  Netman - ok
09:38:37.0330 0x0afc  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:38:37.0365 0x0afc  NetMsmqActivator - ok
09:38:37.0397 0x0afc  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:38:37.0412 0x0afc  NetPipeActivator - ok
09:38:37.0453 0x0afc  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
09:38:37.0538 0x0afc  netprofm - ok
09:38:37.0546 0x0afc  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:38:37.0559 0x0afc  NetTcpActivator - ok
09:38:37.0566 0x0afc  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:38:37.0580 0x0afc  NetTcpPortSharing - ok
09:38:37.0609 0x0afc  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
09:38:37.0621 0x0afc  nfrd960 - ok
09:38:37.0701 0x0afc  [ 4774AD83C650001B337B92E5E5DA337B, 138ECC7F556D8A12AE58B78B68F6515BE4C00F9F062596B48B6CA6C010F13035 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
09:38:37.0717 0x0afc  NisDrv - ok
09:38:37.0786 0x0afc  [ 96B7D15161A778B359E707796CCEA646, 9E4A25D9848FAECC517474EAD548E7975CBE3F41AAA964E5245E78F2A723925E ] NisSrv          C:\Program Files\Microsoft Security Client\NisSrv.exe
09:38:37.0808 0x0afc  NisSrv - ok
09:38:37.0867 0x0afc  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
09:38:37.0924 0x0afc  NlaSvc - ok
09:38:37.0935 0x0afc  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
09:38:37.0987 0x0afc  Npfs - ok
09:38:38.0021 0x0afc  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
09:38:38.0059 0x0afc  nsi - ok
09:38:38.0081 0x0afc  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
09:38:38.0132 0x0afc  nsiproxy - ok
09:38:38.0238 0x0afc  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
09:38:38.0324 0x0afc  Ntfs - ok
09:38:38.0348 0x0afc  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
09:38:38.0398 0x0afc  Null - ok
09:38:38.0420 0x0afc  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
09:38:38.0436 0x0afc  nvraid - ok
09:38:38.0479 0x0afc  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
09:38:38.0495 0x0afc  nvstor - ok
09:38:38.0516 0x0afc  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
09:38:38.0532 0x0afc  nv_agp - ok
09:38:38.0549 0x0afc  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
09:38:38.0582 0x0afc  ohci1394 - ok
09:38:38.0674 0x0afc  [ 11E0B35479C895888BA3D7F619DCFFF3, 6ED82C19898101EC00BD64A9F90595C3D20AD2D2902AA8765B740FB3B9312DDF ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:38:38.0691 0x0afc  ose64 - ok
09:38:38.0973 0x0afc  [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
09:38:39.0210 0x0afc  osppsvc - ok
09:38:39.0255 0x0afc  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
09:38:39.0317 0x0afc  p2pimsvc - ok
09:38:39.0346 0x0afc  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
09:38:39.0386 0x0afc  p2psvc - ok
09:38:39.0414 0x0afc  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
09:38:39.0432 0x0afc  Parport - ok
09:38:39.0473 0x0afc  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
09:38:39.0487 0x0afc  partmgr - ok
09:38:39.0538 0x0afc  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll
09:38:39.0590 0x0afc  PcaSvc - ok
09:38:39.0606 0x0afc  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
09:38:39.0623 0x0afc  pci - ok
09:38:39.0664 0x0afc  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
09:38:39.0676 0x0afc  pciide - ok
09:38:39.0701 0x0afc  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
09:38:39.0720 0x0afc  pcmcia - ok
09:38:39.0756 0x0afc  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
09:38:39.0768 0x0afc  pcw - ok
09:38:39.0828 0x0afc  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
09:38:39.0898 0x0afc  PEAUTH - ok
09:38:39.0980 0x0afc  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
09:38:39.0995 0x0afc  PerfHost - ok
09:38:40.0076 0x0afc  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
09:38:40.0172 0x0afc  pla - ok
09:38:40.0224 0x0afc  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
09:38:40.0305 0x0afc  PlugPlay - ok
09:38:40.0319 0x0afc  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
09:38:40.0333 0x0afc  PNRPAutoReg - ok
09:38:40.0358 0x0afc  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
09:38:40.0379 0x0afc  PNRPsvc - ok
09:38:40.0418 0x0afc  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
09:38:40.0510 0x0afc  PolicyAgent - ok
09:38:40.0552 0x0afc  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
09:38:40.0616 0x0afc  Power - ok
09:38:40.0667 0x0afc  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
09:38:40.0706 0x0afc  PptpMiniport - ok
09:38:40.0741 0x0afc  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
09:38:40.0756 0x0afc  Processor - ok
09:38:40.0805 0x0afc  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
09:38:40.0868 0x0afc  ProfSvc - ok
09:38:40.0880 0x0afc  [ 4C3FAC816925F73A34AD52F1F7C0A7EA, 7E9B4F68E2ADABA3A9324DA16CF680D77CF2812D4BD0BFCFF0173CA61260A3FE ] ProtectedStorage C:\Windows\system32\lsass.exe
09:38:40.0892 0x0afc  ProtectedStorage - ok
09:38:40.0909 0x0afc  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
09:38:40.0970 0x0afc  Psched - ok
09:38:41.0053 0x0afc  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
09:38:41.0137 0x0afc  ql2300 - ok
09:38:41.0170 0x0afc  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
09:38:41.0186 0x0afc  ql40xx - ok
09:38:41.0211 0x0afc  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
09:38:41.0238 0x0afc  QWAVE - ok
09:38:41.0260 0x0afc  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
09:38:41.0295 0x0afc  QWAVEdrv - ok
09:38:41.0317 0x0afc  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
09:38:41.0372 0x0afc  RasAcd - ok
09:38:41.0407 0x0afc  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
09:38:41.0445 0x0afc  RasAgileVpn - ok
09:38:41.0462 0x0afc  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
09:38:41.0502 0x0afc  RasAuto - ok
09:38:41.0514 0x0afc  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
09:38:41.0576 0x0afc  Rasl2tp - ok
09:38:41.0612 0x0afc  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
09:38:41.0674 0x0afc  RasMan - ok
09:38:41.0699 0x0afc  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
09:38:41.0756 0x0afc  RasPppoe - ok
09:38:41.0783 0x0afc  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
09:38:41.0834 0x0afc  RasSstp - ok
09:38:41.0894 0x0afc  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
09:38:41.0964 0x0afc  rdbss - ok
09:38:41.0981 0x0afc  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
09:38:42.0011 0x0afc  rdpbus - ok
09:38:42.0029 0x0afc  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
09:38:42.0080 0x0afc  RDPCDD - ok
09:38:42.0106 0x0afc  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
09:38:42.0142 0x0afc  RDPENCDD - ok
09:38:42.0158 0x0afc  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
09:38:42.0217 0x0afc  RDPREFMP - ok
09:38:42.0329 0x0afc  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
09:38:42.0390 0x0afc  RdpVideoMiniport - ok
09:38:42.0444 0x0afc  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
09:38:42.0507 0x0afc  RDPWD - ok
09:38:42.0538 0x0afc  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
09:38:42.0557 0x0afc  rdyboost - ok
09:38:42.0585 0x0afc  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
09:38:42.0643 0x0afc  RemoteAccess - ok
09:38:42.0686 0x0afc  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
09:38:42.0728 0x0afc  RemoteRegistry - ok
09:38:42.0750 0x0afc  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
09:38:42.0802 0x0afc  RpcEptMapper - ok
09:38:42.0824 0x0afc  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
09:38:42.0855 0x0afc  RpcLocator - ok
09:38:42.0900 0x0afc  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
09:38:42.0947 0x0afc  RpcSs - ok
09:38:42.0987 0x0afc  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
09:38:43.0024 0x0afc  rspndr - ok
09:38:43.0088 0x0afc  [ 6C90231046FB9FC4123C42179832817F, 68161EC19787C074B9B3B3426E744FBDD637E8A72ABB51436ED83DD1554A68C6 ] s117bus         C:\Windows\system32\DRIVERS\s117bus.sys
09:38:43.0102 0x0afc  s117bus - ok
09:38:43.0133 0x0afc  [ 3279341C90EF8F226AF77623039F4495, DAE52030277454601A401DBCE8ABACB9952362968C2C1D848AD594DC7CBB478D ] s117mdfl        C:\Windows\system32\DRIVERS\s117mdfl.sys
09:38:43.0144 0x0afc  s117mdfl - ok
09:38:43.0164 0x0afc  [ 73E331F555279E753B312675DDAF4516, 07592A944057B613E5BC19BE459F221423A16E792A3B0421DABE6D74A414C147 ] s117mdm         C:\Windows\system32\DRIVERS\s117mdm.sys
09:38:43.0180 0x0afc  s117mdm - ok
09:38:43.0195 0x0afc  [ D420731FD2880F0F40F20771EFAAD671, 6CFE6B5FD22530A6BD55BC0E7C1BB4A3701D51F36613FAB07BB1E361C1B0A7A1 ] s117mgmt        C:\Windows\system32\DRIVERS\s117mgmt.sys
09:38:43.0208 0x0afc  s117mgmt - ok
09:38:43.0247 0x0afc  [ 98236CA5A9A77D0983AC3F6D6527C796, D27C1C123CC4FCDF2EC54C12EE1A60FBCA9252EDA3D5635A45C2CDAF5763AE9E ] s117nd5         C:\Windows\system32\DRIVERS\s117nd5.sys
09:38:43.0258 0x0afc  s117nd5 - ok
09:38:43.0280 0x0afc  [ 1DD613909477AE298C98E86617EC356B, FA848B6BFB0C5313BB9AC37B0196D2B49F4AE0E8906C92624F10E602614654D3 ] s117obex        C:\Windows\system32\DRIVERS\s117obex.sys
09:38:43.0293 0x0afc  s117obex - ok
09:38:43.0310 0x0afc  [ 9A22DF5FE9B6BE279D820776A6ADB56F, 77790E331C7C10850B40EBE8FD99A536BB467935832D895D082639DAA3A86E6A ] s117unic        C:\Windows\system32\DRIVERS\s117unic.sys
09:38:43.0323 0x0afc  s117unic - ok
09:38:43.0334 0x0afc  [ 4C3FAC816925F73A34AD52F1F7C0A7EA, 7E9B4F68E2ADABA3A9324DA16CF680D77CF2812D4BD0BFCFF0173CA61260A3FE ] SamSs           C:\Windows\system32\lsass.exe
09:38:43.0345 0x0afc  SamSs - ok
09:38:43.0382 0x0afc  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
09:38:43.0398 0x0afc  sbp2port - ok
09:38:43.0429 0x0afc  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
09:38:43.0487 0x0afc  SCardSvr - ok
09:38:43.0524 0x0afc  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
09:38:43.0561 0x0afc  scfilter - ok
09:38:43.0667 0x0afc  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
09:38:43.0780 0x0afc  Schedule - ok
09:38:43.0814 0x0afc  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
09:38:43.0851 0x0afc  SCPolicySvc - ok
09:38:43.0866 0x0afc  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
09:38:43.0898 0x0afc  SDRSVC - ok
09:38:43.0941 0x0afc  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
09:38:43.0998 0x0afc  secdrv - ok
09:38:44.0024 0x0afc  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
09:38:44.0077 0x0afc  seclogon - ok
09:38:44.0101 0x0afc  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\system32\sens.dll
09:38:44.0140 0x0afc  SENS - ok
09:38:44.0160 0x0afc  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
09:38:44.0211 0x0afc  SensrSvc - ok
09:38:44.0236 0x0afc  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
09:38:44.0250 0x0afc  Serenum - ok
09:38:44.0267 0x0afc  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
09:38:44.0302 0x0afc  Serial - ok
09:38:44.0327 0x0afc  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
09:38:44.0353 0x0afc  sermouse - ok
09:38:44.0396 0x0afc  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
09:38:44.0436 0x0afc  SessionEnv - ok
09:38:44.0454 0x0afc  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
09:38:44.0482 0x0afc  sffdisk - ok
09:38:44.0500 0x0afc  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
09:38:44.0542 0x0afc  sffp_mmc - ok
09:38:44.0573 0x0afc  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
09:38:44.0590 0x0afc  sffp_sd - ok
09:38:44.0603 0x0afc  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
09:38:44.0616 0x0afc  sfloppy - ok
09:38:44.0655 0x0afc  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
09:38:44.0730 0x0afc  SharedAccess - ok
09:38:44.0797 0x0afc  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:38:44.0870 0x0afc  ShellHWDetection - ok
09:38:44.0895 0x0afc  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
09:38:44.0906 0x0afc  SiSRaid2 - ok
09:38:44.0938 0x0afc  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
09:38:44.0951 0x0afc  SiSRaid4 - ok
09:38:45.0048 0x0afc  [ 050A4112B00BCA2E13314CDE48C1DEEE, 86C679CD494DEEB984372BF954EFBB8982AC7995FBF89FCF83BC228991D1B825 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
09:38:45.0111 0x0afc  SkypeUpdate - ok
09:38:45.0140 0x0afc  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
09:38:45.0233 0x0afc  Smb - ok
09:38:45.0284 0x0afc  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
09:38:45.0333 0x0afc  SNMPTRAP - ok
09:38:45.0391 0x0afc  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
09:38:45.0419 0x0afc  spldr - ok
09:38:45.0508 0x0afc  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
09:38:45.0650 0x0afc  Spooler - ok
09:38:45.0954 0x0afc  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
09:38:46.0170 0x0afc  sppsvc - ok
09:38:46.0210 0x0afc  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
09:38:46.0272 0x0afc  sppuinotify - ok
09:38:46.0346 0x0afc  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
09:38:46.0390 0x0afc  srv - ok
09:38:46.0439 0x0afc  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
09:38:46.0492 0x0afc  srv2 - ok
09:38:46.0537 0x0afc  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
09:38:46.0555 0x0afc  srvnet - ok
09:38:46.0591 0x0afc  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
09:38:46.0650 0x0afc  SSDPSRV - ok
09:38:46.0670 0x0afc  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
09:38:46.0708 0x0afc  SstpSvc - ok
09:38:46.0747 0x0afc  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
09:38:46.0759 0x0afc  stexstor - ok
09:38:46.0793 0x0afc  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
09:38:46.0846 0x0afc  stisvc - ok
09:38:46.0860 0x0afc  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
09:38:46.0871 0x0afc  swenum - ok
09:38:46.0904 0x0afc  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
09:38:46.0975 0x0afc  swprv - ok
09:38:47.0051 0x0afc  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
09:38:47.0155 0x0afc  SysMain - ok
09:38:47.0176 0x0afc  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:38:47.0197 0x0afc  TabletInputService - ok
09:38:47.0219 0x0afc  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
09:38:47.0291 0x0afc  TapiSrv - ok
09:38:47.0310 0x0afc  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
09:38:47.0350 0x0afc  TBS - ok
09:38:47.0453 0x0afc  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
09:38:47.0561 0x0afc  Tcpip - ok
09:38:47.0673 0x0afc  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
09:38:47.0770 0x0afc  TCPIP6 - ok
09:38:47.0842 0x0afc  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
09:38:47.0855 0x0afc  tcpipreg - ok
09:38:47.0880 0x0afc  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
09:38:47.0938 0x0afc  TDPIPE - ok
09:38:47.0976 0x0afc  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
09:38:48.0007 0x0afc  TDTCP - ok
09:38:48.0050 0x0afc  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
09:38:48.0114 0x0afc  tdx - ok
09:38:48.0444 0x0afc  [ C0C121B537DA3AD87481C0502CACE462, E0FC2AC71B60C796DCD03217A510C47425FB7783713FCCC477130E69715D2B8D ] TeamViewer      C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
09:38:48.0607 0x0afc  TeamViewer - ok
09:38:48.0635 0x0afc  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
09:38:48.0649 0x0afc  TermDD - ok
09:38:48.0710 0x0afc  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
09:38:48.0768 0x0afc  TermService - ok
09:38:48.0799 0x0afc  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
09:38:48.0836 0x0afc  Themes - ok
09:38:48.0867 0x0afc  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
09:38:48.0905 0x0afc  THREADORDER - ok
09:38:48.0919 0x0afc  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
09:38:48.0958 0x0afc  TrkWks - ok
09:38:49.0008 0x0afc  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:38:49.0072 0x0afc  TrustedInstaller - ok
09:38:49.0112 0x0afc  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
09:38:49.0148 0x0afc  tssecsrv - ok
09:38:49.0174 0x0afc  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
09:38:49.0228 0x0afc  TsUsbFlt - ok
09:38:49.0273 0x0afc  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
09:38:49.0291 0x0afc  TsUsbGD - ok
09:38:49.0332 0x0afc  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
09:38:49.0393 0x0afc  tunnel - ok
09:38:49.0414 0x0afc  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
09:38:49.0428 0x0afc  uagp35 - ok
09:38:49.0459 0x0afc  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
09:38:49.0522 0x0afc  udfs - ok
09:38:49.0559 0x0afc  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
09:38:49.0573 0x0afc  UI0Detect - ok
09:38:49.0586 0x0afc  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
09:38:49.0599 0x0afc  uliagpkx - ok
09:38:49.0615 0x0afc  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
09:38:49.0633 0x0afc  umbus - ok
09:38:49.0665 0x0afc  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
09:38:49.0691 0x0afc  UmPass - ok
09:38:49.0725 0x0afc  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
09:38:49.0800 0x0afc  upnphost - ok
09:38:49.0841 0x0afc  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
09:38:49.0863 0x0afc  usbccgp - ok
09:38:49.0904 0x0afc  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
09:38:49.0959 0x0afc  usbcir - ok
09:38:50.0028 0x0afc  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
09:38:50.0074 0x0afc  usbehci - ok
09:38:50.0137 0x0afc  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
09:38:50.0219 0x0afc  usbhub - ok
09:38:50.0281 0x0afc  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
09:38:50.0367 0x0afc  usbohci - ok
09:38:50.0411 0x0afc  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
09:38:50.0463 0x0afc  usbprint - ok
09:38:50.0506 0x0afc  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
09:38:50.0551 0x0afc  usbscan - ok
09:38:50.0593 0x0afc  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:38:50.0641 0x0afc  USBSTOR - ok
09:38:50.0687 0x0afc  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
09:38:50.0738 0x0afc  usbuhci - ok
09:38:50.0806 0x0afc  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
09:38:50.0893 0x0afc  usbvideo - ok
09:38:50.0930 0x0afc  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
09:38:51.0023 0x0afc  UxSms - ok
09:38:51.0048 0x0afc  [ 4C3FAC816925F73A34AD52F1F7C0A7EA, 7E9B4F68E2ADABA3A9324DA16CF680D77CF2812D4BD0BFCFF0173CA61260A3FE ] VaultSvc        C:\Windows\system32\lsass.exe
09:38:51.0061 0x0afc  VaultSvc - ok
09:38:51.0095 0x0afc  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
09:38:51.0106 0x0afc  vdrvroot - ok
09:38:51.0138 0x0afc  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
09:38:51.0233 0x0afc  vds - ok
09:38:51.0258 0x0afc  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
09:38:51.0274 0x0afc  vga - ok
09:38:51.0290 0x0afc  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
09:38:51.0351 0x0afc  VgaSave - ok
09:38:51.0379 0x0afc  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
09:38:51.0399 0x0afc  vhdmp - ok
09:38:51.0443 0x0afc  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
09:38:51.0455 0x0afc  viaide - ok
09:38:51.0480 0x0afc  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
09:38:51.0492 0x0afc  volmgr - ok
09:38:51.0516 0x0afc  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
09:38:51.0549 0x0afc  volmgrx - ok
09:38:51.0573 0x0afc  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
09:38:51.0595 0x0afc  volsnap - ok
09:38:51.0629 0x0afc  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
09:38:51.0645 0x0afc  vsmraid - ok
09:38:51.0727 0x0afc  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
09:38:51.0834 0x0afc  VSS - ok
09:38:51.0849 0x0afc  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
09:38:51.0864 0x0afc  vwifibus - ok
09:38:51.0878 0x0afc  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
09:38:51.0896 0x0afc  vwififlt - ok
09:38:51.0926 0x0afc  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
09:38:51.0979 0x0afc  W32Time - ok
09:38:52.0001 0x0afc  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
09:38:52.0036 0x0afc  WacomPen - ok
09:38:52.0057 0x0afc  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
09:38:52.0115 0x0afc  WANARP - ok
09:38:52.0120 0x0afc  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
09:38:52.0155 0x0afc  Wanarpv6 - ok
09:38:52.0241 0x0afc  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
09:38:52.0365 0x0afc  wbengine - ok
09:38:52.0389 0x0afc  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
09:38:52.0415 0x0afc  WbioSrvc - ok
09:38:52.0440 0x0afc  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
09:38:52.0496 0x0afc  wcncsvc - ok
09:38:52.0517 0x0afc  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:38:52.0559 0x0afc  WcsPlugInService - ok
09:38:52.0592 0x0afc  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
09:38:52.0603 0x0afc  Wd - ok
09:38:52.0667 0x0afc  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
09:38:52.0717 0x0afc  Wdf01000 - ok
09:38:52.0732 0x0afc  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
09:38:52.0815 0x0afc  WdiServiceHost - ok
09:38:52.0822 0x0afc  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
09:38:52.0842 0x0afc  WdiSystemHost - ok
09:38:52.0885 0x0afc  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
09:38:52.0948 0x0afc  WebClient - ok
09:38:52.0980 0x0afc  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
09:38:53.0043 0x0afc  Wecsvc - ok
09:38:53.0067 0x0afc  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
09:38:53.0127 0x0afc  wercplsupport - ok
09:38:53.0152 0x0afc  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
09:38:53.0191 0x0afc  WerSvc - ok
09:38:53.0212 0x0afc  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
09:38:53.0249 0x0afc  WfpLwf - ok
09:38:53.0323 0x0afc  [ 245EA6A2CFAE7B183EE9A14A4673B1F1, EED4B8FBB3B0802F64FE68018AA46F7326F851F26B05ABEAA40B59394B02C15F ] WiMAXAppSrv     C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
09:38:53.0389 0x0afc  WiMAXAppSrv - detected UnsignedFile.Multi.Generic ( 1 )
09:38:56.0131 0x0afc  Detect skipped due to KSN trusted
09:38:56.0131 0x0afc  WiMAXAppSrv - ok
09:38:56.0228 0x0afc  [ 52DED146E4797E6CCF94799E8E22BB2A, 57A29260D81AA3AD3F8C29E9CFA7CE3970D7A8BF673ADD9B256EE76C7DEC080E ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
09:38:56.0245 0x0afc  WimFltr - ok
09:38:56.0261 0x0afc  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
09:38:56.0273 0x0afc  WIMMount - ok
09:38:56.0303 0x0afc  WinDefend - ok
09:38:56.0308 0x0afc  WinHttpAutoProxySvc - ok
09:38:56.0384 0x0afc  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
09:38:56.0448 0x0afc  Winmgmt - ok
09:38:56.0553 0x0afc  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
09:38:56.0685 0x0afc  WinRM - ok
09:38:56.0730 0x0afc  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
09:38:56.0746 0x0afc  WinUsb - ok
09:38:56.0797 0x0afc  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
09:38:56.0880 0x0afc  Wlansvc - ok
09:38:57.0068 0x0afc  [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:38:57.0138 0x0afc  wlidsvc - ok
09:38:57.0148 0x0afc  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
09:38:57.0160 0x0afc  WmiAcpi - ok
09:38:57.0193 0x0afc  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
09:38:57.0212 0x0afc  wmiApSrv - ok
09:38:57.0231 0x0afc  WMPNetworkSvc - ok
09:38:57.0251 0x0afc  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
09:38:57.0275 0x0afc  WPCSvc - ok
09:38:57.0294 0x0afc  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
09:38:57.0331 0x0afc  WPDBusEnum - ok
09:38:57.0367 0x0afc  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
09:38:57.0419 0x0afc  ws2ifsl - ok
09:38:57.0464 0x0afc  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\system32\wscsvc.dll
09:38:57.0506 0x0afc  wscsvc - ok
09:38:57.0509 0x0afc  WSearch - ok
09:38:57.0677 0x0afc  [ 0814A74C853F50B354F08F83DDA9F7FB, 0A63BAA8DE451B8C2C71FEF961718E769B9BAC305C76D24048C664CB27D0DF28 ] wuauserv        C:\Windows\system32\wuaueng.dll
09:38:57.0839 0x0afc  wuauserv - ok
09:38:57.0881 0x0afc  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
09:38:57.0933 0x0afc  WudfPf - ok
09:38:57.0965 0x0afc  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
09:38:57.0983 0x0afc  WUDFRd - ok
09:38:58.0026 0x0afc  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
09:38:58.0041 0x0afc  wudfsvc - ok
09:38:58.0094 0x0afc  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
09:38:58.0148 0x0afc  WwanSvc - ok
09:38:58.0160 0x0afc  ================ Scan global ===============================
09:38:58.0208 0x0afc  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
09:38:58.0253 0x0afc  [ EA32F4EA3AE06EDD122FBCD5A489E457, C6E464170121D1714A367CFC80C5EA15D42AD34909039FDB114EAD3B878A47F6 ] C:\Windows\system32\winsrv.dll
09:38:58.0269 0x0afc  [ EA32F4EA3AE06EDD122FBCD5A489E457, C6E464170121D1714A367CFC80C5EA15D42AD34909039FDB114EAD3B878A47F6 ] C:\Windows\system32\winsrv.dll
09:38:58.0305 0x0afc  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
09:38:58.0356 0x0afc  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
09:38:58.0367 0x0afc  [ Global ] - ok
09:38:58.0368 0x0afc  ================ Scan MBR ==================================
09:38:58.0379 0x0afc  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:38:58.0778 0x0afc  \Device\Harddisk0\DR0 - ok
09:38:58.0778 0x0afc  ================ Scan VBR ==================================
09:38:58.0780 0x0afc  [ 381E67F1A4677E515FCDE0F677D8711E ] \Device\Harddisk0\DR0\Partition1
09:38:58.0782 0x0afc  \Device\Harddisk0\DR0\Partition1 - ok
09:38:58.0806 0x0afc  [ 6E74C47ED5DE82FB6561E758378B54FC ] \Device\Harddisk0\DR0\Partition2
09:38:58.0809 0x0afc  \Device\Harddisk0\DR0\Partition2 - ok
09:38:58.0810 0x0afc  ================ Scan generic autorun ======================
09:38:58.0935 0x0afc  [ 35BA4E6632BA690EA6421C1E03537D0E, 99D6B4DB12ABE3A7F44AB1B2D626978E85231185AE280D9516986027BC8385CB ] C:\Program Files\Microsoft Security Client\msseces.exe
09:38:58.0997 0x0afc  MSC - ok
09:38:59.0021 0x0afc  [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] C:\Windows\system32\rundll32.exe
09:38:59.0035 0x0afc  Logitech Download Assistant - ok
09:38:59.0073 0x0afc  [ 28062B17191C9450BF6C6C3EF8C7EB27, 4859C5708DFD119021F7B7FFB38F0B316675E1E4D5D51A10D4265F712CF8CDB6 ] C:\Windows\system32\igfxtray.exe
09:38:59.0086 0x0afc  IgfxTray - ok
09:38:59.0117 0x0afc  [ 28FC280487F0BAAE5E8119257C4EEF8C, F574BC70B79B77912FC683B3EB0BE6929E7758284ED5B47008E18B0E4A4A09FD ] C:\Windows\system32\hkcmd.exe
09:38:59.0136 0x0afc  HotKeysCmds - ok
09:38:59.0185 0x0afc  [ F29BEA821C753E4F00177690F70CDC13, 0EDB40F4A4C23553C0288E6E3AD65E7B523F6764C87C6C36C3ECB0C1940C5176 ] C:\Windows\system32\igfxpers.exe
09:38:59.0206 0x0afc  Persistence - ok
09:38:59.0318 0x0afc  [ 3E04F1E482357B1FC8B088197C3D9FF8, 85524ADDC27ADC831EBBD24E079B412CFDC69E5F594BD153319087665A28D546 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
09:38:59.0374 0x0afc  Adobe ARM - ok
09:38:59.0517 0x0afc  [ 1B7406B1EEF9924D589A7007C3733877, A11A823B6213A3AB6B4516662AE48D35E971E0C93D6A1C9D9CECF27F9D0B0523 ] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
09:38:59.0596 0x0afc  Rainlendar2 - ok
09:38:59.0684 0x0afc  [ 059C2F55E82C8EDB20E8F26B2A7D2B19, BC323A8B8E0C3A5C2ABF23EDA0314A6117B9C2BC417A66CA5D6B25773E84E8F1 ] C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe
09:38:59.0761 0x0afc  WinPatrol - ok
09:38:59.0763 0x0afc  Waiting for KSN requests completion. In queue: 26
09:39:00.0763 0x0afc  Waiting for KSN requests completion. In queue: 26
09:39:01.0763 0x0afc  Waiting for KSN requests completion. In queue: 26
09:39:02.0962 0x0afc  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.8.204.0 ), 0x61000 ( enabled : updated )
09:39:03.0003 0x0afc  Win FW state via NFP2: enabled
09:39:05.0657 0x0afc  ============================================================
09:39:05.0657 0x0afc  Scan finished
09:39:05.0657 0x0afc  ============================================================
09:39:05.0664 0x0a9c  Detected object count: 1
09:39:05.0664 0x0a9c  Actual detected object count: 1
09:39:18.0011 0x0a9c  BoxSyncUpdateService ( UnsignedFile.Multi.Generic ) - skipped by user
09:39:18.0011 0x0a9c  BoxSyncUpdateService ( UnsignedFile.Multi.Generic ) - User select action: Skip
         


Alt 31.05.2015, 14:39   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Glaube, mein Rechner ist verseucht. - Standard

Glaube, mein Rechner ist verseucht.



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> Glaube, mein Rechner ist verseucht.

Alt 31.05.2015, 16:03   #7
brainInfect
 
Glaube, mein Rechner ist verseucht. - Standard

Glaube, mein Rechner ist verseucht.



Code:
ATTFilter
ComboFix 15-05-28.01 - smoking caterpillar 31.05.2015  16:29:23.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4000.1954 [GMT 2:00]
ausgeführt von:: c:\users\smoking caterpillar\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\uninstall.exe
c:\uninstall.exe\023.dat
c:\uninstall.exe\023v.dat
c:\uninstall.exe\023w7.dat
c:\uninstall.exe\ActiveDrv.vbs
c:\uninstall.exe\AppDataFile.cfx
c:\uninstall.exe\AppDataFolder.cfx
c:\uninstall.exe\appinit.bad
c:\uninstall.exe\asp.str
c:\uninstall.exe\Assoc.cmd
c:\uninstall.exe\ATTRIB.3XE
c:\uninstall.exe\Auto-RC.cmd
c:\uninstall.exe\av.cmd
c:\uninstall.exe\av.vbs
c:\uninstall.exe\AWF.cmd
c:\uninstall.exe\badclsid
c:\uninstall.exe\BFE.dat
c:\uninstall.exe\Boot-Rk.cmd
c:\uninstall.exe\Boot.bat
c:\uninstall.exe\BootDrv.vbs
c:\uninstall.exe\c.bat
c:\uninstall.exe\c.mrk
c:\uninstall.exe\Catch-sub.cmd
c:\uninstall.exe\catchme.3XE
c:\uninstall.exe\CCS.bat
c:\uninstall.exe\CF-Script.cmd
c:\uninstall.exe\CF27003.3XE
c:\uninstall.exe\CHCP.bat
c:\uninstall.exe\clsid.c
c:\uninstall.exe\clsid.dat
c:\uninstall.exe\Clsid.hiv
c:\uninstall.exe\Combobatch.bat
c:\uninstall.exe\ComboFix-Download.3XE
c:\uninstall.exe\Create.cmd
c:\uninstall.exe\Creg.dat
c:\uninstall.exe\CregC.cmd
c:\uninstall.exe\CregC.dat
c:\uninstall.exe\CregC_.dat
c:\uninstall.exe\CSCRIPT.3XE
c:\uninstall.exe\d-delA.dat
c:\uninstall.exe\dd.3XE
c:\uninstall.exe\ddsDo.sed
c:\uninstall.exe\de-DE\ATTRIB.3XE.mui
c:\uninstall.exe\de-DE\CF27003.3XE.mui
c:\uninstall.exe\de-DE\cmd.3XE.mui
c:\uninstall.exe\de-DE\CSCRIPT.3XE.mui
c:\uninstall.exe\de-DE\PING.3XE.mui
c:\uninstall.exe\de-DE\REGT.3XE.mui
c:\uninstall.exe\de-DE\ROUTE.3XE.mui
c:\uninstall.exe\DelClsid.bat
c:\uninstall.exe\DelClsid64.bat
c:\uninstall.exe\desktop.ini
c:\uninstall.exe\DesktopFile.cfx
c:\uninstall.exe\DisclaimED.dat
c:\uninstall.exe\DPF.str
c:\uninstall.exe\DrvRun.vbs
c:\uninstall.exe\dumphive.3XE
c:\uninstall.exe\embedded.sed
c:\uninstall.exe\en-US\iexplore.exe
c:\uninstall.exe\ERDNT.e_e
c:\uninstall.exe\ERDNTDOS.LOC
c:\uninstall.exe\ERDNTWIN.LOC
c:\uninstall.exe\ERUNT.3XE
c:\uninstall.exe\erunt.dat
c:\uninstall.exe\ERUNT.LOC
c:\uninstall.exe\Exe.reg
c:\uninstall.exe\extract.3XE
c:\uninstall.exe\FavoriteFolder.cfx
c:\uninstall.exe\FavoritesFile.cfx
c:\uninstall.exe\FD-SV.cmd
c:\uninstall.exe\ffdefstr.dll
c:\uninstall.exe\ffext.pif
c:\uninstall.exe\FileKill.3XE
c:\uninstall.exe\files.pif
c:\uninstall.exe\Fin.dat
c:\uninstall.exe\FIND3M.bat
c:\uninstall.exe\FIXLSP.bat
c:\uninstall.exe\FIXLSP64.cmd
c:\uninstall.exe\FKMGen.cmd
c:\uninstall.exe\ForeignWht
c:\uninstall.exe\GetHive.cmd
c:\uninstall.exe\grep.3XE
c:\uninstall.exe\gsar.3XE
c:\uninstall.exe\handle.3XE
c:\uninstall.exe\hidec.3XE
c:\uninstall.exe\history.bat
c:\uninstall.exe\hwid.pif
c:\uninstall.exe\iexplore.exe
c:\uninstall.exe\image001.gif
c:\uninstall.exe\Imefile.dat
c:\uninstall.exe\Install-RC.cmd
c:\uninstall.exe\iphlpsvc.vista.dat
c:\uninstall.exe\iphlpsvc.w7.dat
c:\uninstall.exe\iphlpsvc.w8.dat
c:\uninstall.exe\katch.cmd
c:\uninstall.exe\Kill-All.cmd
c:\uninstall.exe\kmd.dat
c:\uninstall.exe\KNetSvcs.vbs
c:\uninstall.exe\Lang.bat
c:\uninstall.exe\List-B.bat
c:\uninstall.exe\List-C.bat
c:\uninstall.exe\List-D.bat
c:\uninstall.exe\List.bat
c:\uninstall.exe\lnkread.vbs
c:\uninstall.exe\LocalAppDataFile.cfx
c:\uninstall.exe\LocalAppDataFolder.cfx
c:\uninstall.exe\LocalService.dat
c:\uninstall.exe\LocalServiceNetworkRestricted.dat
c:\uninstall.exe\LocalSettingsFile.cfx
c:\uninstall.exe\LocalSettingsFolder.cfx
c:\uninstall.exe\LocalSystemNetworkRestricted.dat
c:\uninstall.exe\mbr.3XE
c:\uninstall.exe\mbr.chk
c:\uninstall.exe\md5sum.pif
c:\uninstall.exe\MDWht.dat
c:\uninstall.exe\MoveIt.bat
c:\uninstall.exe\MpsSvc.dat
c:\uninstall.exe\mtee.3XE
c:\uninstall.exe\MUI
c:\uninstall.exe\MWindows.dat
c:\uninstall.exe\mynul.dat
c:\uninstall.exe\MZChanged.dat
c:\uninstall.exe\N_\10094
c:\uninstall.exe\N_\11256
c:\uninstall.exe\N_\13145
c:\uninstall.exe\N_\1393
c:\uninstall.exe\N_\14148
c:\uninstall.exe\N_\15645
c:\uninstall.exe\N_\21484
c:\uninstall.exe\N_\21886
c:\uninstall.exe\N_\22695
c:\uninstall.exe\N_\22911
c:\uninstall.exe\N_\25476
c:\uninstall.exe\N_\26467
c:\uninstall.exe\N_\26943
c:\uninstall.exe\N_\27344
c:\uninstall.exe\N_\27747
c:\uninstall.exe\N_\32339
c:\uninstall.exe\N_\3499
c:\uninstall.exe\N_\4653
c:\uninstall.exe\N_\532
c:\uninstall.exe\N_\7183
c:\uninstall.exe\N_\828
c:\uninstall.exe\N_\9659
c:\uninstall.exe\N_\Path$
c:\uninstall.exe\ncmd.com
c:\uninstall.exe\ND_.bat
c:\uninstall.exe\ND_64.bat
c:\uninstall.exe\ndis_combofix.dat
c:\uninstall.exe\netsvc.bad.dat
c:\uninstall.exe\netsvc.dat
c:\uninstall.exe\NetworkService.dat
c:\uninstall.exe\NirCmd.3XE
c:\uninstall.exe\NircmdB.exe
c:\uninstall.exe\NirCmdC.3XE
c:\uninstall.exe\NIRKMD.3XE
c:\uninstall.exe\NlsLanguageDefault
c:\uninstall.exe\NT-OS.cmd
c:\uninstall.exe\NULL
c:\uninstall.exe\OSid.vbs
c:\uninstall.exe\pausep.3XE
c:\uninstall.exe\PersonalFile.cfx
c:\uninstall.exe\PersonalFolder.cfx
c:\uninstall.exe\pev.3XE
c:\uninstall.exe\PEV.exe
c:\uninstall.exe\pevb.3XE
c:\uninstall.exe\PING.3XE
c:\uninstall.exe\Policies.dat
c:\uninstall.exe\powp.dat
c:\uninstall.exe\Prep.inf
c:\uninstall.exe\ProfilesFile.cfx
c:\uninstall.exe\ProfilesFolder.cfx
c:\uninstall.exe\ProgramsFile.cfx
c:\uninstall.exe\ProgramsFolder.cfx
c:\uninstall.exe\Purity.dat
c:\uninstall.exe\PV.3XE
c:\uninstall.exe\pv.com
c:\uninstall.exe\rar_sfx.cmd
c:\uninstall.exe\RCLink.dat
c:\uninstall.exe\REGDACL.sed
c:\uninstall.exe\RegDo.sed
c:\uninstall.exe\region.dat
c:\uninstall.exe\RegScan.cmd
c:\uninstall.exe\RegScan64.cmd
c:\uninstall.exe\REGT.3XE
c:\uninstall.exe\Resident.txt
c:\uninstall.exe\restore_pt.vbs
c:\uninstall.exe\Rkey.cmd
c:\uninstall.exe\rmbr.3XE
c:\uninstall.exe\RNullFix64.3XE
c:\uninstall.exe\rogues.dat
c:\uninstall.exe\ROUTE.3XE
c:\uninstall.exe\run2.sed
c:\uninstall.exe\Rust.str
c:\uninstall.exe\s0rt.3XE
c:\uninstall.exe\safeboot.dat
c:\uninstall.exe\safeboot.def.dat
c:\uninstall.exe\sed.3XE
c:\uninstall.exe\SetEnvmt.bat
c:\uninstall.exe\setpath.3XE
c:\uninstall.exe\setpath_N.cmd
c:\uninstall.exe\SF.exe
c:\uninstall.exe\sfx.cmd
c:\uninstall.exe\ShAccess.dat
c:\uninstall.exe\smoking caterpillar.user.cf
c:\uninstall.exe\SnapShot.cmd
c:\uninstall.exe\sqlite3.3XE
c:\uninstall.exe\SRestore.cmd
c:\uninstall.exe\srizbi.md5
c:\uninstall.exe\Start_dat
c:\uninstall.exe\StartMenuFile.cfx
c:\uninstall.exe\StartMenuFolder.cfx
c:\uninstall.exe\StartUpFile.cfx
c:\uninstall.exe\SuppScan.cmd
c:\uninstall.exe\svc_wht.dat
c:\uninstall.exe\SvcDrv.vbs
c:\uninstall.exe\svchost.dat
c:\uninstall.exe\swreg.3XE
c:\uninstall.exe\swsc.3XE
c:\uninstall.exe\swxcacls.3XE
c:\uninstall.exe\system_ini.dat
c:\uninstall.exe\tail.3XE
c:\uninstall.exe\TemplatesFile.cfx
c:\uninstall.exe\TemplatesFolder.cfx
c:\uninstall.exe\toolbar.sed
c:\uninstall.exe\Update-CF.cmd
c:\uninstall.exe\VBR.pif
c:\uninstall.exe\VerCF.bat
c:\uninstall.exe\VikPev00
c:\uninstall.exe\VInfo
c:\uninstall.exe\VInfo2
c:\uninstall.exe\VINFO3
c:\uninstall.exe\Vipev.dat
c:\uninstall.exe\Vista.krl
c:\uninstall.exe\vistaMcode.dat
c:\uninstall.exe\vun.dat
c:\uninstall.exe\VwinTemp.dacl
c:\uninstall.exe\W6432.dat
c:\uninstall.exe\W7.mac
c:\uninstall.exe\w7Mcode.dat
c:\uninstall.exe\w7reg.dat
c:\uninstall.exe\w8reg.dat
c:\uninstall.exe\Wmi_rem.vbs
c:\uninstall.exe\xpmcode.dat
c:\uninstall.exe\XPSBoot.reg
c:\uninstall.exe\zDomain.dat
c:\uninstall.exe\zhsvc.dat
c:\uninstall.exe\zip.3XE
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\auth.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\burnlib.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\dsp_sps.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\enc_fhgaac.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\enc_flac.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\enc_lame.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\enc_vorbis.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\enc_wav.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\enc_wma.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\gen_classicart.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\gen_crasher.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\gen_ff.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\gen_find_on_disk.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\gen_hotkeys.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\gen_jumpex.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\gen_jumpex_original.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\gen_ml.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\gen_nopro.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\gen_orgler.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\gen_play_remove.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\gen_skinmanager.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\gen_timerestore.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\gen_tray.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\gen_undo.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\in_avi.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\in_cdda.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\in_dshow.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\in_flac.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\in_flv.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\in_linein.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\in_midi.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\in_mkv.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\in_mod.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\in_mp3.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\in_mp4.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\in_nsv.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\in_swf.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\in_vorbis.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\in_wav.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\in_wave.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\in_wm.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\in_wv.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\ml_addons.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\ml_autotag.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\ml_bookmarks.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\ml_devices.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\ml_disc.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\ml_downloads.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\ml_enqplay.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\ml_history.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\ml_impex.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\ml_local.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\ml_nowplaying.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\ml_online.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\ml_orb.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\ml_playlists.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\ml_plg.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\ml_pmp.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\ml_rg.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\ml_transcode.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\ml_wire.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\ombrowser.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\out_disk.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\out_ds.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\out_wave.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\playlist.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\pmp_activesync.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\pmp_android.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\pmp_ipod.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\pmp_njb.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\pmp_p4s.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\pmp_usb.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\pmp_wifi.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\tagz.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\vis_avs.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\vis_milk2.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\vis_nsfs.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\winamp.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\winampa.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\auth.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\burnlib.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\dsp_sps.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\enc_fhgaac.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\enc_flac.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\enc_lame.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\enc_vorbis.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\enc_wav.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\enc_wma.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\gen_classicart.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\gen_crasher.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\gen_ff.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\gen_find_on_disk.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\gen_hotkeys.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\gen_jumpex.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\gen_jumpex_original.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\gen_ml.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\gen_nopro.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\gen_orgler.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\gen_play_remove.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\gen_skinmanager.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\gen_timerestore.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\gen_tray.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\gen_undo.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\in_avi.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\in_cdda.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\in_dshow.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\in_flac.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\in_flv.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\in_linein.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\in_midi.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\in_mkv.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\in_mod.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\in_mp3.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\in_mp4.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\in_nsv.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\in_swf.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\in_vorbis.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\in_wav.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\in_wave.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\in_wm.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\in_wv.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\ml_addons.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\ml_autotag.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\ml_bookmarks.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\ml_devices.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\ml_disc.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\ml_downloads.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\ml_enqplay.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\ml_history.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\ml_impex.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\ml_local.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\ml_nowplaying.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\ml_online.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\ml_orb.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\ml_playlists.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\ml_plg.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\ml_pmp.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\ml_rg.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\ml_transcode.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\ml_wire.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\ombrowser.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\out_disk.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\out_ds.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\out_wave.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\playlist.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\pmp_activesync.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\pmp_android.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\pmp_ipod.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\pmp_njb.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\pmp_p4s.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\pmp_usb.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\pmp_wifi.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\tagz.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\vis_avs.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\vis_milk2.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\vis_nsfs.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\winamp.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\winampa.lng
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-04-28 bis 2015-05-31  ))))))))))))))))))))))))))))))
.
.
2015-05-31 14:49 . 2015-05-31 14:49	--------	d-----w-	c:\users\Public\AppData\Local\temp
2015-05-31 14:49 . 2015-05-31 14:49	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-05-31 14:49 . 2015-05-31 14:49	--------	d-----w-	c:\users\Ich\AppData\Local\temp
2015-05-31 06:58 . 2015-05-03 03:16	12214312	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{46E370E7-D744-4459-98A3-0D795FEFC870}\mpengine.dll
2015-05-31 06:50 . 2015-05-31 07:33	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-05-30 13:14 . 2015-05-30 13:17	--------	d-----w-	C:\FRST
2015-05-29 19:57 . 2015-05-03 03:16	12214312	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-05-24 08:09 . 2015-03-26 18:36	1187344	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E059CAD5-D857-4CEB-93B2-5B54FE637F52}\gapaengine.dll
2015-05-24 07:51 . 2015-05-24 07:51	--------	d-----w-	C:\found.001
2015-05-13 01:11 . 2015-05-01 13:17	124112	----a-w-	c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 01:11 . 2015-05-01 13:16	102608	----a-w-	c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 21:31 . 2015-04-21 17:14	24971776	----a-w-	c:\windows\system32\mshtml.dll
2015-05-12 04:43 . 2015-05-12 04:43	--------	d-----w-	C:\found.000
2015-05-01 18:10 . 2015-05-01 18:10	229608	----a-w-	c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-31 06:50 . 2015-03-27 14:41	136408	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-05-31 06:48 . 2015-03-27 14:40	107736	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-05-31 06:44 . 2012-10-02 16:24	778416	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-05-31 06:44 . 2012-10-02 16:24	142512	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-05-13 01:21 . 2012-10-02 15:28	140425016	----a-w-	c:\windows\system32\MRT.exe
2015-04-19 08:23 . 2014-01-15 18:53	111016	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2015-04-19 08:22 . 2014-10-20 15:19	98216	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-03-26 18:36 . 2012-10-05 06:17	1187344	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2015-03-25 03:24 . 2015-04-15 14:37	3298816	----a-w-	c:\windows\system32\wucltux.dll
2015-03-25 03:24 . 2015-04-15 14:36	98304	----a-w-	c:\windows\system32\wudriver.dll
2015-03-25 03:24 . 2015-04-15 14:36	37376	----a-w-	c:\windows\system32\wups2.dll
2015-03-25 03:24 . 2015-04-15 14:36	35328	----a-w-	c:\windows\system32\wups.dll
2015-03-25 03:24 . 2015-04-15 14:36	2553856	----a-w-	c:\windows\system32\wuaueng.dll
2015-03-25 03:24 . 2015-04-15 14:36	191488	----a-w-	c:\windows\system32\wuwebv.dll
2015-03-25 03:24 . 2015-04-15 14:37	696320	----a-w-	c:\windows\system32\wuapi.dll
2015-03-25 03:24 . 2015-04-15 14:37	60416	----a-w-	c:\windows\system32\WinSetupUI.dll
2015-03-25 03:23 . 2015-04-15 14:36	12288	----a-w-	c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:23 . 2015-04-15 14:37	36864	----a-w-	c:\windows\system32\wuapp.exe
2015-03-25 03:23 . 2015-04-15 14:37	135168	----a-w-	c:\windows\system32\wuauclt.exe
2015-03-25 03:00 . 2015-04-15 14:37	92672	----a-w-	c:\windows\SysWow64\wudriver.dll
2015-03-25 03:00 . 2015-04-15 14:37	29696	----a-w-	c:\windows\SysWow64\wups.dll
2015-03-25 03:00 . 2015-04-15 14:37	173056	----a-w-	c:\windows\SysWow64\wuwebv.dll
2015-03-25 03:00 . 2015-04-15 14:37	566784	----a-w-	c:\windows\SysWow64\wuapi.dll
2015-03-25 03:00 . 2015-04-15 14:37	33792	----a-w-	c:\windows\SysWow64\wuapp.exe
2015-03-17 05:22 . 2015-04-15 14:36	5557696	----a-w-	c:\windows\system32\ntoskrnl.exe
2015-03-17 05:19 . 2015-04-15 14:36	1727904	----a-w-	c:\windows\system32\ntdll.dll
2015-03-17 05:17 . 2015-04-15 14:36	362496	----a-w-	c:\windows\system32\wow64win.dll
2015-03-17 05:17 . 2015-04-15 14:36	243712	----a-w-	c:\windows\system32\wow64.dll
2015-03-17 05:17 . 2015-04-15 14:36	13312	----a-w-	c:\windows\system32\wow64cpu.dll
2015-03-17 05:16 . 2015-04-15 14:36	215040	----a-w-	c:\windows\system32\winsrv.dll
2015-03-17 05:16 . 2015-04-15 14:36	503808	----a-w-	c:\windows\system32\srcore.dll
2015-03-17 05:16 . 2015-04-15 14:36	50176	----a-w-	c:\windows\system32\srclient.dll
2015-03-17 05:16 . 2015-04-15 14:36	16384	----a-w-	c:\windows\system32\ntvdm64.dll
2015-03-17 05:16 . 2015-04-15 14:36	424448	----a-w-	c:\windows\system32\KernelBase.dll
2015-03-17 05:16 . 2015-04-15 14:36	1163264	----a-w-	c:\windows\system32\kernel32.dll
2015-03-17 05:16 . 2015-04-15 14:36	43520	----a-w-	c:\windows\system32\csrsrv.dll
2015-03-17 05:16 . 2015-04-15 14:36	112640	----a-w-	c:\windows\system32\smss.exe
2015-03-17 05:16 . 2015-04-15 14:36	296960	----a-w-	c:\windows\system32\rstrui.exe
2015-03-17 05:15 . 2015-04-15 14:36	338432	----a-w-	c:\windows\system32\conhost.exe
2015-03-17 05:15 . 2015-03-27 14:40	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2015-03-17 05:15 . 2015-03-27 14:40	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2015-03-17 05:11 . 2015-04-15 14:36	3584	---ha-w-	c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 14:36	5120	---ha-w-	c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 14:36	4608	---ha-w-	c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 14:36	4096	---ha-w-	c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 14:36	3072	---ha-w-	c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 14:36	3072	---ha-w-	c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 14:36	4608	---ha-w-	c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 14:36	4096	---ha-w-	c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 14:36	3584	---ha-w-	c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 14:36	3584	---ha-w-	c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 14:36	3072	---ha-w-	c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 14:36	3072	---ha-w-	c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 14:36	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 14:36	3584	---ha-w-	c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 14:36	3584	---ha-w-	c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 14:36	3584	---ha-w-	c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 14:36	3584	---ha-w-	c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 14:36	3072	---ha-w-	c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 14:36	3072	---ha-w-	c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 14:36	3072	---ha-w-	c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 14:36	3072	---ha-w-	c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 14:36	3072	---ha-w-	c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 14:36	3072	---ha-w-	c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 14:36	3072	---ha-w-	c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 14:36	3072	---ha-w-	c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 14:36	6144	---ha-w-	c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 14:36	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 14:36	3072	---ha-w-	c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 14:36	6656	----a-w-	c:\windows\system32\apisetschema.dll
2015-03-17 05:01 . 2015-04-15 14:36	3920824	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2015-03-17 05:01 . 2015-04-15 14:36	3976632	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2015-03-17 04:59 . 2015-04-15 14:36	1309696	----a-w-	c:\windows\SysWow64\ntdll.dll
2015-03-17 04:57 . 2015-04-15 14:36	43008	----a-w-	c:\windows\SysWow64\srclient.dll
2015-03-17 04:57 . 2015-04-15 14:36	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2015-03-17 04:56 . 2015-04-15 14:36	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2015-03-17 04:56 . 2015-04-15 14:36	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2015-03-17 04:56 . 2015-04-15 14:36	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2015-03-17 04:56 . 2015-04-15 14:36	274944	----a-w-	c:\windows\SysWow64\KernelBase.dll
2015-03-17 04:50 . 2015-04-15 14:36	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
2015-03-17 04:50 . 2015-04-15 14:36	5120	---ha-w-	c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 14:36	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 14:36	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 14:36	4608	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 14:36	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 14:36	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 14:36	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 14:36	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 14:36	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 14:36	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 14:36	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 14:36	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 14:36	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 14:36	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 14:36	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 14:36	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 14:36	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 14:36	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 14:36	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 14:36	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-04-14 15:19	1729752	----a-w-	c:\progra~2\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-04-14 15:19	1729752	----a-w-	c:\progra~2\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-04-14 15:19	1729752	----a-w-	c:\progra~2\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"="c:\program files (x86)\Rainlendar2\Rainlendar2.exe" [2013-03-10 2598496]
"WinPatrol"="c:\program files (x86)\Ruiware\WinPatrol\winpatrol.exe" [2014-07-21 1154112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
.
c:\users\smoking caterpillar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\smoking caterpillar\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-5-5 43374104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [x]
R4 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [x]
S2 BoxSyncUpdateService;Box Sync Update Service;c:\program files\Box\Box Sync\SyncUpdaterService.exe;c:\program files\Box\Box Sync\SyncUpdaterService.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys;c:\windows\SYSNATIVE\DRIVERS\bpenum.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2015-05-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-02 06:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxSyncFileLocked]
@="{C253B817-3A00-475f-A5A3-6F2DD704B48D}"
[HKEY_CLASSES_ROOT\CLSID\{C253B817-3A00-475f-A5A3-6F2DD704B48D}]
2010-11-21 03:23	444752	----a-w-	c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxSyncNotSynced]
@="{19ACC806-F7AA-46AA-A80A-726A07CA6637}"
[HKEY_CLASSES_ROOT\CLSID\{19ACC806-F7AA-46AA-A80A-726A07CA6637}]
2010-11-21 03:23	444752	----a-w-	c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxSyncProblem]
@="{8CEE0157-49FA-4ACE-87AF-C01BCA971E26}"
[HKEY_CLASSES_ROOT\CLSID\{8CEE0157-49FA-4ACE-87AF-C01BCA971E26}]
2010-11-21 03:23	444752	----a-w-	c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxSyncSynced]
@="{B7AC9C6D-F15B-4B1A-A88D-F518D13861D9}"
[HKEY_CLASSES_ROOT\CLSID\{B7AC9C6D-F15B-4B1A-A88D-F518D13861D9}]
2010-11-21 03:23	444752	----a-w-	c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-29 1337000]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-01-29 171992]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-01-29 399832]
"Persistence"="c:\windows\system32\igfxpers.exe" [2014-01-29 442328]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mDefault_Search_URL = www.google.com
mDefault_Page_URL = www.google.com
mStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = localhost;127.0.0.1
IE: Mit Mipony herunterladen - file://c:\program files (x86)\MiPony\Browser\IEContext.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~3\Office15\EXCEL.EXE/3000
Trusted Zone: secunia.com
TCP: DhcpNameServer = 192.168.2.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\smoking caterpillar\AppData\Roaming\Mozilla\Firefox\Profiles\cnfbof9z.default-1414958804586\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDD-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDE-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDF-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EE0-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-Debut - c:\program files (x86)\NCH Software\Debut\debut.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
@Denied: (A 2) (Everyone)
@="FlashProp Class"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\TeamViewer\TeamViewer_Service.exe
c:\program files (x86)\Panda USB Vaccine\USBVaccine.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-05-31  17:01:12 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-05-31 15:01
.
Vor Suchlauf: 13 Verzeichnis(se), 27.514.548.224 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 30.046.830.592 Bytes frei
.
- - End Of File - - 3B73A029945A252265930CA878B5CF16
         

Alt 01.06.2015, 09:23   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Glaube, mein Rechner ist verseucht. - Standard

Glaube, mein Rechner ist verseucht.



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 01.06.2015, 17:19   #9
brainInfect
 
Glaube, mein Rechner ist verseucht. - Standard

Glaube, mein Rechner ist verseucht.



Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org


Error, 01.06.2015 05:31:06, SYSTEM, SMOKINGCATERPIL, Protection, IsLicensed, 13, 
Protection, 01.06.2015 05:31:06, SYSTEM, SMOKINGCATERPIL, Protection, Malware Protection, Stopping, 
Protection, 01.06.2015 05:31:06, SYSTEM, SMOKINGCATERPIL, Protection, Malware Protection, Stopped, 
Error, 01.06.2015 15:26:23, SYSTEM, SMOKINGCATERPIL, Protection, IsLicensed, 13, 
Protection, 01.06.2015 15:26:23, SYSTEM, SMOKINGCATERPIL, Protection, Malware Protection, Stopping, 
Protection, 01.06.2015 15:26:23, SYSTEM, SMOKINGCATERPIL, Protection, Malware Protection, Stopped, 
Update, 01.06.2015 15:41:35, SYSTEM, SMOKINGCATERPIL, Manual, Remediation Database, 2015.4.6.2, 2015.5.13.1, 
Update, 01.06.2015 15:41:35, SYSTEM, SMOKINGCATERPIL, Manual, Rootkit Database, 2015.3.31.1, 2015.5.31.1, 
Update, 01.06.2015 15:41:55, SYSTEM, SMOKINGCATERPIL, Manual, Malware Database, 2015.4.13.5, 2015.6.1.2, 
Update, 01.06.2015 15:42:10, SYSTEM, SMOKINGCATERPIL, Manual, program, 2.1.4.1018, 2.1.6.0, 
Update, 01.06.2015 15:43:56, SYSTEM, SMOKINGCATERPIL, Manual, Rootkit Database, 2015.2.25.1, 2015.5.31.1, 
Update, 01.06.2015 15:43:56, SYSTEM, SMOKINGCATERPIL, Manual, Remediation Database, 2015.3.9.1, 2015.5.13.1, 
Update, 01.06.2015 15:44:06, SYSTEM, SMOKINGCATERPIL, Manual, Malware Database, 2015.3.9.5, 2015.6.1.2, 
Scan, 01.06.2015 17:58:50, SYSTEM, SMOKINGCATERPIL, Manual, Start: 01.06.2015 15:44:28, Dauer: 33 Minuten 18 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 0 Malwareerkennung, "8" nicht-Malwareerkennung, 
Error, 01.06.2015 18:00:37, SYSTEM, SMOKINGCATERPIL, Protection, IsLicensed, 13, 
Protection, 01.06.2015 18:00:37, SYSTEM, SMOKINGCATERPIL, Protection, Malware Protection, Stopping, 
Protection, 01.06.2015 18:00:37, SYSTEM, SMOKINGCATERPIL, Protection, Malware Protection, Stopped, 

(end)
         
Code:
ATTFilter
# AdwCleaner v4.206 - Bericht erstellt 01/06/2015 um 18:08:22
# Aktualisiert 01/06/2015 von Xplode
# Datenbank : 2015-06-01.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : smoking caterpillar - SMOKINGCATERPIL
# Gestarted von : C:\Users\smoking caterpillar\Desktop\AdwCleaner_4.206.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\smoking caterpillar\AppData\Roaming\ProgSense

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\ProgSense
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Taronja
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - localhost;127.0.0.1

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17801


-\\ Mozilla Firefox v38.0.1 (x86 de)


*************************

AdwCleaner[R0].txt - [1210 Bytes] - [01/06/2015 18:05:23]
AdwCleaner[S0].txt - [1078 Bytes] - [01/06/2015 18:08:22]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1137  Bytes] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.8.6 (05.31.2015:1)
OS: Windows 7 Home Premium x64
Ran by smoking caterpillar on 01.06.2015 at 18:13:01,12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [Folder] C:\Users\smoking caterpillar\AppData\Roaming\mozilla\firefox\profiles\ugu86ww1.default\extensions\staged
Emptied folder: C:\Users\smoking caterpillar\AppData\Roaming\mozilla\firefox\profiles\cnfbof9z.default-1414958804586\minidumps [51 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.06.2015 at 18:16:05,60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015
Ran by smoking caterpillar (administrator) on SMOKINGCATERPIL on 01-06-2015 18:17:36
Running from C:\Users\smoking caterpillar\Desktop
Loaded Profiles: smoking caterpillar (Available Profiles: smoking caterpillar)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3093878258-50056534-2936666279-1000\...\Run: [Rainlendar2] => C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe [2598496 2013-03-10] ()
HKU\S-1-5-21-3093878258-50056534-2936666279-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC)
Startup: C:\Users\smoking caterpillar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-01-07]
ShortcutTarget: Dropbox.lnk -> C:\Users\smoking caterpillar\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [000BoxSyncFileLocked] -> {C253B817-3A00-475f-A5A3-6F2DD704B48D} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [000BoxSyncNotSynced] -> {19ACC806-F7AA-46AA-A80A-726A07CA6637} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [000BoxSyncProblem] -> {8CEE0157-49FA-4ACE-87AF-C01BCA971E26} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [000BoxSyncSynced] -> {B7AC9C6D-F15B-4B1A-A88D-F518D13861D9} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3093878258-50056534-2936666279-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3093878258-50056534-2936666279-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-04-22] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-19] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-19] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-19] (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-19] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\smoking caterpillar\AppData\Roaming\Mozilla\Firefox\Profiles\cnfbof9z.default-1414958804586
FF Homepage: about:home
FF NetworkProxy: "backup.ftp", "76.181.194.34"
FF NetworkProxy: "backup.ftp_port", 3128
FF NetworkProxy: "backup.socks", "76.181.194.34"
FF NetworkProxy: "backup.socks_port", 3128
FF NetworkProxy: "backup.ssl", "76.181.194.34"
FF NetworkProxy: "backup.ssl_port", 3128
FF NetworkProxy: "ftp", "212.82.126.32"
FF NetworkProxy: "ftp_port", 80
FF NetworkProxy: "http", "212.82.126.32"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "212.82.126.32"
FF NetworkProxy: "socks_port", 80
FF NetworkProxy: "ssl", "212.82.126.32"
FF NetworkProxy: "ssl_port", 80
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-31] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-19] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-06-28] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-06-28] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-06-28] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-31] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll [2014-11-26] (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-08-13] (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-19] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-04-22] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-04-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\smoking caterpillar\AppData\Roaming\Mozilla\Firefox\Profiles\ugu86ww1.default\searchplugins\{10EAE007-E823-4FBA-96D3-2A6A8ECF38BB}.xml [2012-10-02]
FF SearchPlugin: C:\Users\smoking caterpillar\AppData\Roaming\Mozilla\Firefox\Profiles\ugu86ww1.default\searchplugins\{822630B8-4A7C-4A90-93A7-EBA67A4B226F}.xml [2012-10-02]
FF SearchPlugin: C:\Users\smoking caterpillar\AppData\Roaming\Mozilla\Firefox\Profiles\ugu86ww1.default\searchplugins\{99712A85-9A13-483E-8B77-0E84CA887CE1}.xml [2012-10-02]
FF Extension: LavaFox V2-Purple - C:\Users\smoking caterpillar\AppData\Roaming\Mozilla\Firefox\Profiles\cnfbof9z.default-1414958804586\Extensions\zigboom555@aol.com [2015-05-02]
FF Extension: WOT - C:\Users\smoking caterpillar\AppData\Roaming\Mozilla\Firefox\Profiles\cnfbof9z.default-1414958804586\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-05-29]
FF Extension: Speed Dial - C:\Users\smoking caterpillar\AppData\Roaming\Mozilla\Firefox\Profiles\cnfbof9z.default-1414958804586\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2014-11-08]
FF Extension: CookieCuller - C:\Users\smoking caterpillar\AppData\Roaming\Mozilla\Firefox\Profiles\cnfbof9z.default-1414958804586\Extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi [2014-11-08]
FF Extension: Adblock Edge - C:\Users\smoking caterpillar\AppData\Roaming\Mozilla\Firefox\Profiles\cnfbof9z.default-1414958804586\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-11-02]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [18944 2013-09-26] (Box Inc.) [File not signed]
S4 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [498688 2011-06-14] (Red Bend Ltd.) [File not signed]
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
S4 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [986112 2011-06-14] (Intel(R) Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [317440 2010-10-15] (Intel(R) Corporation) [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-01 18:16 - 2015-06-01 18:16 - 00000911 _____ () C:\Users\smoking caterpillar\Desktop\JRT.txt
2015-06-01 18:13 - 2015-06-01 18:13 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-SMOKINGCATERPIL-Windows-7-Home-Premium-(64-bit).dat
2015-06-01 18:13 - 2015-06-01 18:13 - 00000000 ____D () C:\RegBackup
2015-06-01 18:12 - 2015-06-01 18:12 - 02947675 _____ (Thisisu) C:\Users\smoking caterpillar\Desktop\JRT.exe
2015-06-01 18:05 - 2015-06-01 18:08 - 00000000 ____D () C:\AdwCleaner
2015-06-01 18:04 - 2015-06-01 18:04 - 02231296 _____ () C:\Users\smoking caterpillar\Desktop\AdwCleaner_4.206.exe
2015-06-01 18:03 - 2015-06-01 18:03 - 00001868 _____ () C:\Users\smoking caterpillar\Desktop\mbam.txt
2015-06-01 15:43 - 2015-06-01 15:43 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-31 17:01 - 2015-05-31 17:01 - 00045450 _____ () C:\ComboFix.txt
2015-05-31 16:27 - 2015-05-31 17:01 - 00000000 ____D () C:\Qoobox
2015-05-31 16:27 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-31 16:27 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-31 16:27 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-31 16:27 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-31 16:27 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-31 16:27 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-31 16:27 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-31 16:27 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-31 16:26 - 2015-05-31 16:26 - 05628678 ____R (Swearware) C:\Users\smoking caterpillar\Desktop\ComboFix.exe
2015-05-31 09:35 - 2015-05-31 09:35 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\smoking caterpillar\Desktop\tdsskiller.exe
2015-05-31 08:50 - 2015-05-31 09:33 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-31 08:47 - 2015-05-31 09:33 - 00000000 ____D () C:\Users\smoking caterpillar\Desktop\mbar
2015-05-31 08:47 - 2015-05-31 08:47 - 16502728 _____ (Malwarebytes Corp.) C:\Users\smoking caterpillar\Desktop\mbar-1.09.1.1004.exe
2015-05-30 16:29 - 2015-05-30 16:29 - 00002783 _____ () C:\Users\smoking caterpillar\AppData\Local\recently-used.xbel
2015-05-30 15:16 - 2015-05-30 15:17 - 00057898 _____ () C:\Users\smoking caterpillar\Desktop\Addition.txt
2015-05-30 15:15 - 2015-06-01 18:17 - 00015502 _____ () C:\Users\smoking caterpillar\Desktop\FRST.txt
2015-05-30 15:14 - 2015-06-01 18:17 - 00000000 ____D () C:\FRST
2015-05-30 15:12 - 2015-05-30 15:12 - 02108928 _____ (Farbar) C:\Users\smoking caterpillar\Desktop\FRST64.exe
2015-05-24 09:51 - 2015-05-24 09:51 - 00000000 ____D () C:\found.001
2015-05-13 03:11 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 03:11 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 23:32 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-12 23:32 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-12 23:32 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-12 23:32 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-12 23:32 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-12 23:32 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-12 23:32 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-12 23:32 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-12 23:32 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-12 23:32 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-12 23:32 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-12 23:32 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-12 23:32 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-12 23:32 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-12 23:32 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-12 23:32 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-12 23:32 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-12 23:32 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-12 23:32 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-12 23:32 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-12 23:32 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-12 23:32 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-12 23:32 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-12 23:32 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-12 23:32 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-12 23:32 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-12 23:32 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-12 23:32 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-12 23:32 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-12 23:32 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-12 23:32 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-12 23:32 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-12 23:32 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-12 23:32 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-12 23:32 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-12 23:32 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-12 23:32 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-12 23:32 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-12 23:32 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-12 23:32 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-12 23:32 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-12 23:32 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-12 23:32 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-12 23:32 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-12 23:32 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-12 23:32 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-12 23:32 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-12 23:32 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-12 23:32 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-12 23:32 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-12 23:32 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-12 23:32 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-12 23:32 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-12 23:32 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-12 23:32 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-12 23:32 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-12 23:32 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-12 23:32 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-12 23:32 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-12 23:32 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-12 23:32 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-12 23:32 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-12 23:32 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-12 23:32 - 2015-04-04 05:29 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-12 23:32 - 2015-04-04 05:29 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-12 23:32 - 2015-04-04 05:22 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-12 23:32 - 2015-04-04 05:22 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-12 23:32 - 2015-04-04 05:22 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-12 23:32 - 2015-04-04 05:22 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-12 23:32 - 2015-04-04 05:22 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-12 23:32 - 2015-04-04 05:22 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-12 23:32 - 2015-04-04 05:22 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-12 23:32 - 2015-04-04 05:22 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-12 23:32 - 2015-04-04 05:22 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-12 23:32 - 2015-04-04 05:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-12 23:32 - 2015-04-04 05:20 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-12 23:32 - 2015-04-04 05:20 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-12 23:32 - 2015-04-04 05:17 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-12 23:32 - 2015-04-04 05:17 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-12 23:32 - 2015-04-04 05:15 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-12 23:32 - 2015-04-04 05:05 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-12 23:32 - 2015-04-04 05:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-12 23:32 - 2015-04-04 05:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-12 23:32 - 2015-04-04 05:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-12 23:32 - 2015-04-04 05:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-12 23:32 - 2015-04-04 05:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-12 23:32 - 2015-04-04 05:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-12 23:32 - 2015-04-04 05:04 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-12 23:32 - 2015-04-04 05:04 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-12 23:32 - 2015-04-04 05:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-12 23:32 - 2015-04-04 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-12 23:32 - 2015-04-04 04:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-12 23:31 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-12 23:31 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-12 23:31 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-12 23:31 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-12 23:31 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-12 23:31 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-12 23:31 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-12 23:31 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-12 23:31 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-12 23:31 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-12 23:31 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-12 06:43 - 2015-05-12 06:43 - 00000000 ____D () C:\found.000

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-01 18:16 - 2010-11-21 08:50 - 00906770 _____ () C:\Windows\system32\perfh007.dat
2015-06-01 18:16 - 2010-11-21 08:50 - 00216094 _____ () C:\Windows\system32\perfc007.dat
2015-06-01 18:16 - 2009-07-14 07:13 - 00006264 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-06-01 18:13 - 2009-07-14 06:45 - 00022512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-01 18:13 - 2009-07-14 06:45 - 00022512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-01 18:10 - 2015-03-02 07:31 - 00000000 ____D () C:\Users\smoking caterpillar\.rainlendar2
2015-06-01 18:10 - 2014-10-11 12:19 - 00000000 ___RD () C:\Users\smoking caterpillar\Dropbox
2015-06-01 18:10 - 2014-10-11 12:11 - 00000000 ____D () C:\Users\smoking caterpillar\AppData\Roaming\Dropbox
2015-06-01 18:09 - 2012-10-01 21:19 - 01145287 _____ () C:\Windows\WindowsUpdate.log
2015-06-01 18:09 - 2010-11-21 05:47 - 00160602 _____ () C:\Windows\PFRO.log
2015-06-01 18:09 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-06-01 18:09 - 2009-07-14 06:51 - 00199827 _____ () C:\Windows\setupact.log
2015-06-01 18:03 - 2015-03-27 16:41 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-01 17:59 - 2012-10-02 20:00 - 00000000 ____D () C:\Users\smoking caterpillar\AppData\Local\Last.fm
2015-06-01 17:24 - 2012-10-02 18:24 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-01 16:04 - 2015-04-26 11:46 - 00000000 ____D () C:\Users\smoking caterpillar\Desktop\Praktikum
2015-06-01 15:43 - 2015-03-27 16:40 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-05-31 16:51 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-05-31 08:45 - 2014-08-17 13:18 - 00000000 ____D () C:\Users\smoking caterpillar\AppData\Local\Adobe
2015-05-31 08:44 - 2012-10-02 18:24 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-31 08:44 - 2012-10-02 18:24 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-31 08:44 - 2012-10-02 18:24 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-05-30 16:30 - 2012-11-27 03:58 - 00000000 ____D () C:\Users\smoking caterpillar\.gimp-2.8
2015-05-27 16:57 - 2012-10-02 20:10 - 00000000 ____D () C:\Users\smoking caterpillar\AppData\Roaming\vlc
2015-05-25 04:16 - 2012-11-15 20:11 - 00000000 ____D () C:\Users\smoking caterpillar\AppData\Roaming\Mipony
2015-05-25 00:44 - 2014-12-06 15:01 - 00000000 ____D () C:\Users\smoking caterpillar\AppData\Local\Captcha_Brotherhood
2015-05-23 17:53 - 2014-02-21 21:07 - 00000000 ____D () C:\Users\smoking caterpillar\AppData\Local\gtk-2.0
2015-05-20 16:08 - 2012-10-02 17:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-20 06:40 - 2012-10-06 21:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-05-17 14:30 - 2015-03-22 03:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-15 23:46 - 2012-12-10 19:22 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-13 11:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-05-13 08:53 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-13 08:53 - 2009-07-14 06:45 - 00389040 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-13 08:51 - 2014-04-11 03:00 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-13 08:51 - 2014-04-11 03:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-13 03:37 - 2010-11-21 09:00 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-13 03:34 - 2013-06-24 08:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-05-13 03:34 - 2013-06-21 13:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-13 03:33 - 2012-10-04 00:03 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-13 03:33 - 2012-10-04 00:03 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-05-13 03:32 - 2012-10-04 00:02 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-05-13 03:32 - 2012-10-04 00:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-05-13 03:28 - 2013-07-24 08:32 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-13 03:21 - 2012-10-02 17:28 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-13 03:07 - 2014-04-11 03:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-09 21:42 - 2013-11-04 17:53 - 00000000 ____D () C:\Users\smoking caterpillar\AppData\Roaming\Aquamarin Haushaltsbuch
2015-05-08 15:56 - 2014-10-11 12:18 - 00000000 ____D () C:\Users\smoking caterpillar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-02 22:33 - 2013-06-21 13:49 - 00000000 ____D () C:\Users\smoking caterpillar\AppData\Local\Microsoft Help

==================== Files in the root of some directories =======

2014-02-28 17:55 - 2014-12-07 13:05 - 0023978 _____ () C:\Users\smoking caterpillar\AppData\Roaming\Notepad2.ini
2015-03-22 03:23 - 2015-03-22 03:23 - 0000043 _____ () C:\Users\smoking caterpillar\AppData\Roaming\WB.CFG
2012-10-02 00:32 - 2012-10-02 00:32 - 0003584 _____ () C:\Users\smoking caterpillar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-07 23:44 - 2013-10-07 23:44 - 0001480 _____ () C:\Users\smoking caterpillar\AppData\Local\RecConfig.xml
2015-05-30 16:29 - 2015-05-30 16:29 - 0002783 _____ () C:\Users\smoking caterpillar\AppData\Local\recently-used.xbel
2013-10-05 22:14 - 2013-10-05 22:14 - 0007605 _____ () C:\Users\smoking caterpillar\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\smoking caterpillar\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpiat8px.dll
C:\Users\smoking caterpillar\AppData\Local\Temp\Quarantine.exe
C:\Users\smoking caterpillar\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-24 03:38

==================== End of log ============================
         

Alt 02.06.2015, 07:35   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Glaube, mein Rechner ist verseucht. - Standard

Glaube, mein Rechner ist verseucht.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 03.06.2015, 05:22   #11
brainInfect
 
Glaube, mein Rechner ist verseucht. - Standard

Glaube, mein Rechner ist verseucht.



Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=8e5493fd3d290c4da224e543520ec91d
# end=init
# utc_time=2015-06-02 08:44:23
# local_time=2015-06-02 10:44:23 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24140
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=8e5493fd3d290c4da224e543520ec91d
# end=updated
# utc_time=2015-06-02 08:49:18
# local_time=2015-06-02 10:49:18 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=8e5493fd3d290c4da224e543520ec91d
# engine=24140
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-06-02 10:20:58
# local_time=2015-06-03 12:20:58 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 967684 104577280 0 0
# scanned=176859
# found=0
# cleaned=0
# scan_time=5499
         
Code:
ATTFilter
 Results of screen317's Security Check version 1.002  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 45  
 Adobe Flash Player 17.0.0.188  
 Adobe Reader XI  
 Mozilla Firefox (38.0.1) 
 Mozilla Thunderbird (31.7.0) 
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 WinPatrol winpatrol.exe 
 Ruiware WinPatrol WinPatrol.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015
Ran by smoking caterpillar (administrator) on SMOKINGCATERPIL on 03-06-2015 06:18:28
Running from C:\Users\smoking caterpillar\Desktop
Loaded Profiles: smoking caterpillar (Available Profiles: smoking caterpillar)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Box Inc.) C:\Program Files\Box\Box Sync\SyncUpdaterService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Dropbox, Inc.) C:\Users\smoking caterpillar\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3093878258-50056534-2936666279-1000\...\Run: [Rainlendar2] => C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe [2598496 2013-03-10] ()
HKU\S-1-5-21-3093878258-50056534-2936666279-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC)
Startup: C:\Users\smoking caterpillar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-01-07]
ShortcutTarget: Dropbox.lnk -> C:\Users\smoking caterpillar\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [000BoxSyncFileLocked] -> {C253B817-3A00-475f-A5A3-6F2DD704B48D} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [000BoxSyncNotSynced] -> {19ACC806-F7AA-46AA-A80A-726A07CA6637} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [000BoxSyncProblem] -> {8CEE0157-49FA-4ACE-87AF-C01BCA971E26} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [000BoxSyncSynced] -> {B7AC9C6D-F15B-4B1A-A88D-F518D13861D9} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3093878258-50056534-2936666279-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3093878258-50056534-2936666279-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-04-22] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-19] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-19] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-19] (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-19] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\smoking caterpillar\AppData\Roaming\Mozilla\Firefox\Profiles\cnfbof9z.default-1414958804586
FF Homepage: about:home
FF NetworkProxy: "backup.ftp", "76.181.194.34"
FF NetworkProxy: "backup.ftp_port", 3128
FF NetworkProxy: "backup.socks", "76.181.194.34"
FF NetworkProxy: "backup.socks_port", 3128
FF NetworkProxy: "backup.ssl", "76.181.194.34"
FF NetworkProxy: "backup.ssl_port", 3128
FF NetworkProxy: "ftp", "212.82.126.32"
FF NetworkProxy: "ftp_port", 80
FF NetworkProxy: "http", "212.82.126.32"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "212.82.126.32"
FF NetworkProxy: "socks_port", 80
FF NetworkProxy: "ssl", "212.82.126.32"
FF NetworkProxy: "ssl_port", 80
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-31] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-19] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-06-28] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-06-28] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-06-28] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-31] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll [2014-11-26] (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-08-13] (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-19] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-04-22] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-04-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\smoking caterpillar\AppData\Roaming\Mozilla\Firefox\Profiles\ugu86ww1.default\searchplugins\{10EAE007-E823-4FBA-96D3-2A6A8ECF38BB}.xml [2012-10-02]
FF SearchPlugin: C:\Users\smoking caterpillar\AppData\Roaming\Mozilla\Firefox\Profiles\ugu86ww1.default\searchplugins\{822630B8-4A7C-4A90-93A7-EBA67A4B226F}.xml [2012-10-02]
FF SearchPlugin: C:\Users\smoking caterpillar\AppData\Roaming\Mozilla\Firefox\Profiles\ugu86ww1.default\searchplugins\{99712A85-9A13-483E-8B77-0E84CA887CE1}.xml [2012-10-02]
FF Extension: LavaFox V2-Purple - C:\Users\smoking caterpillar\AppData\Roaming\Mozilla\Firefox\Profiles\cnfbof9z.default-1414958804586\Extensions\zigboom555@aol.com [2015-05-02]
FF Extension: WOT - C:\Users\smoking caterpillar\AppData\Roaming\Mozilla\Firefox\Profiles\cnfbof9z.default-1414958804586\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-05-29]
FF Extension: Speed Dial - C:\Users\smoking caterpillar\AppData\Roaming\Mozilla\Firefox\Profiles\cnfbof9z.default-1414958804586\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2014-11-08]
FF Extension: CookieCuller - C:\Users\smoking caterpillar\AppData\Roaming\Mozilla\Firefox\Profiles\cnfbof9z.default-1414958804586\Extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi [2014-11-08]
FF Extension: Adblock Edge - C:\Users\smoking caterpillar\AppData\Roaming\Mozilla\Firefox\Profiles\cnfbof9z.default-1414958804586\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-11-02]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [18944 2013-09-26] (Box Inc.) [File not signed]
S4 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [498688 2011-06-14] (Red Bend Ltd.) [File not signed]
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
S4 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [986112 2011-06-14] (Intel(R) Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [317440 2010-10-15] (Intel(R) Corporation) [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-03 05:46 - 2015-06-03 05:46 - 00852639 _____ () C:\Users\smoking caterpillar\Desktop\SecurityCheck.exe
2015-06-02 22:44 - 2015-06-02 22:44 - 02870984 _____ (ESET) C:\Users\smoking caterpillar\Desktop\esetsmartinstaller_deu.exe
2015-06-01 18:16 - 2015-06-01 18:16 - 00000911 _____ () C:\Users\smoking caterpillar\Desktop\JRT.txt
2015-06-01 18:13 - 2015-06-01 18:13 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-SMOKINGCATERPIL-Windows-7-Home-Premium-(64-bit).dat
2015-06-01 18:13 - 2015-06-01 18:13 - 00000000 ____D () C:\RegBackup
2015-06-01 18:12 - 2015-06-01 18:12 - 02947675 _____ (Thisisu) C:\Users\smoking caterpillar\Desktop\JRT.exe
2015-06-01 18:05 - 2015-06-01 18:08 - 00000000 ____D () C:\AdwCleaner
2015-06-01 18:04 - 2015-06-01 18:04 - 02231296 _____ () C:\Users\smoking caterpillar\Desktop\AdwCleaner_4.206.exe
2015-06-01 18:03 - 2015-06-01 18:03 - 00001868 _____ () C:\Users\smoking caterpillar\Desktop\mbam.txt
2015-06-01 15:43 - 2015-06-01 15:43 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-31 17:01 - 2015-05-31 17:01 - 00045450 _____ () C:\ComboFix.txt
2015-05-31 16:27 - 2015-05-31 17:01 - 00000000 ____D () C:\Qoobox
2015-05-31 16:27 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-31 16:27 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-31 16:27 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-31 16:27 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-31 16:27 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-31 16:27 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-31 16:27 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-31 16:27 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-31 16:26 - 2015-05-31 16:26 - 05628678 ____R (Swearware) C:\Users\smoking caterpillar\Desktop\ComboFix.exe
2015-05-31 09:35 - 2015-05-31 09:35 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\smoking caterpillar\Desktop\tdsskiller.exe
2015-05-31 08:50 - 2015-05-31 09:33 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-31 08:47 - 2015-05-31 09:33 - 00000000 ____D () C:\Users\smoking caterpillar\Desktop\mbar
2015-05-31 08:47 - 2015-05-31 08:47 - 16502728 _____ (Malwarebytes Corp.) C:\Users\smoking caterpillar\Desktop\mbar-1.09.1.1004.exe
2015-05-30 16:29 - 2015-05-30 16:29 - 00002783 _____ () C:\Users\smoking caterpillar\AppData\Local\recently-used.xbel
2015-05-30 15:16 - 2015-05-30 15:17 - 00057898 _____ () C:\Users\smoking caterpillar\Desktop\Addition.txt
2015-05-30 15:15 - 2015-06-03 06:18 - 00016083 _____ () C:\Users\smoking caterpillar\Desktop\FRST.txt
2015-05-30 15:14 - 2015-06-03 06:18 - 00000000 ____D () C:\FRST
2015-05-30 15:12 - 2015-05-30 15:12 - 02108928 _____ (Farbar) C:\Users\smoking caterpillar\Desktop\FRST64.exe
2015-05-24 09:51 - 2015-05-24 09:51 - 00000000 ____D () C:\found.001
2015-05-13 03:11 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 03:11 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 23:32 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-12 23:32 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-12 23:32 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-12 23:32 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-12 23:32 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-12 23:32 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-12 23:32 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-12 23:32 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-12 23:32 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-12 23:32 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-12 23:32 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-12 23:32 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-12 23:32 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-12 23:32 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-12 23:32 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-12 23:32 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-12 23:32 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-12 23:32 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-12 23:32 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-12 23:32 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-12 23:32 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-12 23:32 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-12 23:32 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-12 23:32 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-12 23:32 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-12 23:32 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-12 23:32 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-12 23:32 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-12 23:32 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-12 23:32 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-12 23:32 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-12 23:32 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-12 23:32 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-12 23:32 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-12 23:32 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-12 23:32 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-12 23:32 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-12 23:32 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-12 23:32 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-12 23:32 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-12 23:32 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-12 23:32 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-12 23:32 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-12 23:32 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-12 23:32 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-12 23:32 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-12 23:32 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-12 23:32 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-12 23:32 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-12 23:32 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-12 23:32 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-12 23:32 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-12 23:32 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-12 23:32 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-12 23:32 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-12 23:32 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-12 23:32 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-12 23:32 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-12 23:32 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-12 23:32 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-12 23:32 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-12 23:32 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-12 23:32 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-12 23:32 - 2015-04-04 05:29 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-12 23:32 - 2015-04-04 05:29 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-12 23:32 - 2015-04-04 05:22 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-12 23:32 - 2015-04-04 05:22 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-12 23:32 - 2015-04-04 05:22 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-12 23:32 - 2015-04-04 05:22 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-12 23:32 - 2015-04-04 05:22 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-12 23:32 - 2015-04-04 05:22 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-12 23:32 - 2015-04-04 05:22 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-12 23:32 - 2015-04-04 05:22 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-12 23:32 - 2015-04-04 05:22 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-12 23:32 - 2015-04-04 05:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-12 23:32 - 2015-04-04 05:20 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-12 23:32 - 2015-04-04 05:20 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-12 23:32 - 2015-04-04 05:17 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-12 23:32 - 2015-04-04 05:17 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-12 23:32 - 2015-04-04 05:15 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-12 23:32 - 2015-04-04 05:05 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-12 23:32 - 2015-04-04 05:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-12 23:32 - 2015-04-04 05:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-12 23:32 - 2015-04-04 05:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-12 23:32 - 2015-04-04 05:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-12 23:32 - 2015-04-04 05:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-12 23:32 - 2015-04-04 05:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-12 23:32 - 2015-04-04 05:04 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-12 23:32 - 2015-04-04 05:04 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-12 23:32 - 2015-04-04 05:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-12 23:32 - 2015-04-04 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-12 23:32 - 2015-04-04 04:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-12 23:31 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-12 23:31 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-12 23:31 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-12 23:31 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-12 23:31 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-12 23:31 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-12 23:31 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-12 23:31 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-12 23:31 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-12 23:31 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-12 23:31 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-12 06:43 - 2015-05-12 06:43 - 00000000 ____D () C:\found.000

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-03 05:56 - 2012-10-01 21:19 - 01206387 _____ () C:\Windows\WindowsUpdate.log
2015-06-03 05:44 - 2012-10-02 20:10 - 00000000 ____D () C:\Users\smoking caterpillar\AppData\Roaming\vlc
2015-06-03 05:41 - 2012-10-02 18:24 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-02 09:26 - 2009-07-14 06:45 - 00022512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-02 09:26 - 2009-07-14 06:45 - 00022512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-02 04:32 - 2010-11-21 08:50 - 00936354 _____ () C:\Windows\system32\perfh007.dat
2015-06-02 04:32 - 2010-11-21 08:50 - 00225566 _____ () C:\Windows\system32\perfc007.dat
2015-06-02 04:32 - 2009-07-14 07:13 - 00006264 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-06-02 04:28 - 2015-03-02 07:31 - 00000000 ____D () C:\Users\smoking caterpillar\.rainlendar2
2015-06-02 04:28 - 2014-10-11 12:19 - 00000000 ___RD () C:\Users\smoking caterpillar\Dropbox
2015-06-02 04:28 - 2014-10-11 12:11 - 00000000 ____D () C:\Users\smoking caterpillar\AppData\Roaming\Dropbox
2015-06-02 04:28 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-06-02 04:27 - 2009-07-14 06:51 - 00199883 _____ () C:\Windows\setupact.log
2015-06-02 00:23 - 2015-04-26 11:46 - 00000000 ____D () C:\Users\smoking caterpillar\Desktop\Praktikum
2015-06-01 18:54 - 2012-10-02 20:00 - 00000000 ____D () C:\Users\smoking caterpillar\AppData\Local\Last.fm
2015-06-01 18:09 - 2010-11-21 05:47 - 00160602 _____ () C:\Windows\PFRO.log
2015-06-01 18:03 - 2015-03-27 16:41 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-01 15:43 - 2015-03-27 16:40 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-05-31 16:51 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-05-31 08:45 - 2014-08-17 13:18 - 00000000 ____D () C:\Users\smoking caterpillar\AppData\Local\Adobe
2015-05-31 08:44 - 2012-10-02 18:24 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-31 08:44 - 2012-10-02 18:24 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-31 08:44 - 2012-10-02 18:24 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-05-30 16:30 - 2012-11-27 03:58 - 00000000 ____D () C:\Users\smoking caterpillar\.gimp-2.8
2015-05-25 04:16 - 2012-11-15 20:11 - 00000000 ____D () C:\Users\smoking caterpillar\AppData\Roaming\Mipony
2015-05-25 00:44 - 2014-12-06 15:01 - 00000000 ____D () C:\Users\smoking caterpillar\AppData\Local\Captcha_Brotherhood
2015-05-23 17:53 - 2014-02-21 21:07 - 00000000 ____D () C:\Users\smoking caterpillar\AppData\Local\gtk-2.0
2015-05-20 16:08 - 2012-10-02 17:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-20 06:40 - 2012-10-06 21:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-05-17 14:30 - 2015-03-22 03:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-15 23:46 - 2012-12-10 19:22 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-13 11:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-05-13 08:53 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-13 08:53 - 2009-07-14 06:45 - 00389040 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-13 08:51 - 2014-04-11 03:00 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-13 08:51 - 2014-04-11 03:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-13 03:37 - 2010-11-21 09:00 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-13 03:34 - 2013-06-24 08:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-05-13 03:34 - 2013-06-21 13:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-13 03:33 - 2012-10-04 00:03 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-13 03:33 - 2012-10-04 00:03 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-05-13 03:32 - 2012-10-04 00:02 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-05-13 03:32 - 2012-10-04 00:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-05-13 03:28 - 2013-07-24 08:32 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-13 03:21 - 2012-10-02 17:28 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-13 03:07 - 2014-04-11 03:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-09 21:42 - 2013-11-04 17:53 - 00000000 ____D () C:\Users\smoking caterpillar\AppData\Roaming\Aquamarin Haushaltsbuch
2015-05-08 15:56 - 2014-10-11 12:18 - 00000000 ____D () C:\Users\smoking caterpillar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

==================== Files in the root of some directories =======

2014-02-28 17:55 - 2014-12-07 13:05 - 0023978 _____ () C:\Users\smoking caterpillar\AppData\Roaming\Notepad2.ini
2015-03-22 03:23 - 2015-03-22 03:23 - 0000043 _____ () C:\Users\smoking caterpillar\AppData\Roaming\WB.CFG
2012-10-02 00:32 - 2012-10-02 00:32 - 0003584 _____ () C:\Users\smoking caterpillar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-07 23:44 - 2013-10-07 23:44 - 0001480 _____ () C:\Users\smoking caterpillar\AppData\Local\RecConfig.xml
2015-05-30 16:29 - 2015-05-30 16:29 - 0002783 _____ () C:\Users\smoking caterpillar\AppData\Local\recently-used.xbel
2013-10-05 22:14 - 2013-10-05 22:14 - 0007605 _____ () C:\Users\smoking caterpillar\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\smoking caterpillar\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfs50u3.dll
C:\Users\smoking caterpillar\AppData\Local\Temp\Quarantine.exe
C:\Users\smoking caterpillar\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-03 00:46

==================== End of log ============================
         
Scheint alles wieder normal zu sein. Besten Dank, schrauber.

Alt 03.06.2015, 19:39   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Glaube, mein Rechner ist verseucht. - Standard

Glaube, mein Rechner ist verseucht.




Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen.


Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:

Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie .
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Glaube, mein Rechner ist verseucht.
brauch, dinge, downloaden, eurer, experte, experten, gestern, glaube, grund, kleine, laptop, neue, neuen, ordner, rechner, surfe, surfen, tab, tab öffnen, verseucht, würde, öffen, öffnen




Ähnliche Themen: Glaube, mein Rechner ist verseucht.


  1. iich glaube ich hab ein throjaner auf mein lapi.bin laie brauche hilfe..
    Plagegeister aller Art und deren Bekämpfung - 07.04.2015 (32)
  2. Ich glaube es scant wer meinen Rechner
    Plagegeister aller Art und deren Bekämpfung - 01.12.2014 (20)
  3. Trojaner? Mein Rechner und meine Joomla-Seiten sind verseucht
    Log-Analyse und Auswertung - 18.07.2010 (1)
  4. Ich glaube mein pc hat viren bitte hilfee
    Log-Analyse und Auswertung - 23.07.2009 (1)
  5. Ich glaube ich habe Trojaner oder andere Schädlinge auf dem Rechner..
    Log-Analyse und Auswertung - 03.06.2009 (1)
  6. Hilfe mein Rechner ist verseucht!!!
    Mülltonne - 31.10.2008 (0)
  7. ich glaube mein lap wird ausspioniert
    Überwachung, Datenschutz und Spam - 01.08.2008 (5)
  8. Könnt Ihr bitte mein HiJackThis Log auswerten, glaube Virus!
    Log-Analyse und Auswertung - 30.04.2008 (10)
  9. Glaube mein Rechner läuft langsam!!!
    Log-Analyse und Auswertung - 07.01.2008 (5)
  10. Ich glaube ich habe zig trojaner aufm rechner...
    Plagegeister aller Art und deren Bekämpfung - 07.06.2007 (6)
  11. Ist mein Rechner verseucht?
    Log-Analyse und Auswertung - 18.03.2007 (6)
  12. Ich glaube mein PC ist mit einem trojaner oä befallen
    Log-Analyse und Auswertung - 10.12.2006 (21)
  13. Ich glaube mein Pc ist hinüber
    Mülltonne - 23.11.2006 (1)
  14. Glaube mein Rechner ist schwer Krank
    Log-Analyse und Auswertung - 22.11.2006 (8)
  15. Hilfe ich glaube bei mir ist es verseucht
    Log-Analyse und Auswertung - 04.04.2006 (8)
  16. Mein Rechner ist verseucht, brauche Hilfe ...
    Log-Analyse und Auswertung - 28.06.2005 (12)
  17. hilfe mein rechner ist verseucht
    Plagegeister aller Art und deren Bekämpfung - 08.11.2003 (2)

Zum Thema Glaube, mein Rechner ist verseucht. - Seit gestern ist er ohne jeden (offensichtlichen) Grund arschlangsam und braucht für die kleinsten Dinge (einen neuen Tab öffnen, surfen + downloaden, einen Ordner öffen, ..) kleine Ewigkeiten. Wäre toll, - Glaube, mein Rechner ist verseucht....
Archiv
Du betrachtest: Glaube, mein Rechner ist verseucht. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.