| |
| |||||||
Log-Analyse und Auswertung: Flipmailer / Trojaner - ähnlich dem Problem von schima30 - Infoexenet flipmailer?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
07.06.2015, 21:36
| #1 |
| |  Flipmailer / Trojaner - ähnlich dem Problem von schima30 - Infoexenet flipmailer? Hallo, leider hat eine Familienmitglied bei folgender Mail auf "als Freund hinzufügen" geklickt. Nun ist wohl mindestens das E-Mail-Adressbuch geknackt und unsere Kontakte erhalten mit solche Emails angeblich in unserem Namen: "Klicken Sie hier, um hansig@online.des Lieblingswebseiten zu entdecken! hansig@online.de möchte dir folgen Ich möchte dich als Freund hinzufügen hansig@online.de Klicken Sie hier, um keine derartigen E-Mails von hansig@online.de oder sämtlichen Freunden mehr zu erhalten P.O. Box 70215, Plaza Station , Sunnyvale, CA 94086" Ich bin unsicher, inwieweit unser Rechner Schaden genommen hat und habe ihn daher ggw. noch nicht wieder für vertrauliche Daten (online-Banking etc.) eingesetzt. Der Virenscanner (Kaspersky PURE 3.0) hat nix gefunden, und Spybot auch nichts Einschlägiges. Unten die entsprechenden FRST-Log. Das FRST-Additonal und das GMER-Protokoll schicke ich gern mit der nächsten Nachricht - sonst wird diese zu lang. Bei der Auswertung tue ich mich als Laie schwer. Könnt Ihr mir hier helfen? VG Speedy Didi FRST Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-06-2015
Ran by Anja (administrator) on TOSHIBANBANJA on 07-06-2015 20:31:05
Running from E:\FRST
Loaded Profiles: Anja (Available Profiles: Anja)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\ATService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
() C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(TOSHIBA) C:\Program Files\Toshiba\TFPU\TFPUPWDBank.exe
(TOSHIBA) C:\Program Files\Toshiba\TFPU\TFPUTaskMonitor.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Expert System S.p.A.) C:\Program Files (x86)\Duden\Duden Korrektor\DKTray.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TNROTATE\TNROTATE.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Bibliographisches Institut GmbH) C:\Program Files (x86)\Duden\Duden-Bibliothek\dudenbib.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_17_0_0_169_ActiveX.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [910136 2009-11-10] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8305664 2009-10-30] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [313344 2009-09-11] (Alps Electric Co., Ltd.)
HKLM\...\Run: [TFPUPWDBankService] => C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe [925104 2009-11-06] (TOSHIBA)
HKLM\...\Run: [TFPUService] => C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe [793008 2009-11-06] (TOSHIBA)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1482592 2009-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [707416 2009-11-10] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [34648 2009-12-01] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2009-11-30] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1050000 2009-10-15] (Toshiba Europe GmbH)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [134032 2009-08-25] (Toshiba Europe GmbH)
HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Eastman Kodak Company)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM-x32\...\Run: [TOSDCR] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe [169296 2007-08-28] ()
HKLM-x32\...\Run: [TNRotate] => C:\Program Files (x86)\TOSHIBA\TNRotate\TNRotate.exe [607616 2008-06-12] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2009-11-24] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TUSBSleepChargeSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe [253312 2009-10-26] (TOSHIBA)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [370176 2010-06-17] (shbox.de)
HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-14] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [EKStatusMonitor] => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2844608 2012-10-15] (Eastman Kodak Company)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-10-13] (Geek Software GmbH)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3259377877-260377006-1008623290-1000\...\Run: [TOSHIBA Online Product Information] => C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA)
HKU\S-1-5-21-3259377877-260377006-1008623290-1000\...\Run: [Duden Korrektor SysTray] => C:\Program Files (x86)\Duden\Duden Korrektor\DKTray.exe [336528 2011-03-15] (Expert System S.p.A.)
HKU\S-1-5-21-3259377877-260377006-1008623290-1000\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-02-14] (Samsung)
HKU\S-1-5-21-3259377877-260377006-1008623290-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-02-14] (Samsung)
HKU\S-1-5-21-3259377877-260377006-1008623290-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-02-14] (Samsung)
HKU\S-1-5-21-3259377877-260377006-1008623290-1000\...\RunOnce: [Uninstall C:\Users\Anja\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Anja\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
HKU\S-1-5-21-3259377877-260377006-1008623290-1000\...\RunOnce: [Uninstall C:\Users\Anja\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Anja\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910"
HKU\S-1-5-21-3259377877-260377006-1008623290-1000\...\RunOnce: [Uninstall C:\Users\Anja\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Anja\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64"
HKU\S-1-5-21-3259377877-260377006-1008623290-1000\...\RunOnce: [Uninstall C:\Users\Anja\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Anja\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627"
HKU\S-1-5-18\...\Run: [TOSHIBA Online Product Information] => C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA)
HKU\S-1-5-18\...\Run: [Duden Korrektor SysTray] => C:\Program Files (x86)\Duden\Duden Korrektor\DKTray.exe [336528 2011-03-15] (Expert System S.p.A.)
HKU\S-1-5-18\...\RunOnce: [KodakHomeCenter] => C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe [2235840 2012-10-19] (Eastman Kodak Company)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2012-10-22]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk [2010-08-03]
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2010-05-22]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2010-05-22]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
ShellIconOverlayIdentifiers: [ATFPUOverlayIcon] -> {3239DBC1-B76D-4dc7-8B29-D99CBA3C7336} => C:\Program Files\TOSHIBA\TFPU\TFPUOverlayIcon.dll [2009-11-06] (TOSHIBA)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll [2014-06-29] (Kaspersky Lab ZAO)
ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll [2014-06-29] (Kaspersky Lab ZAO)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-3259377877-260377006-1008623290-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-3259377877-260377006-1008623290-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
HKU\S-1-5-21-3259377877-260377006-1008623290-1000\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
URLSearchHook: HKU\S-1-5-21-3259377877-260377006-1008623290-1000 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKU\S-1-5-21-3259377877-260377006-1008623290-1000 - ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=4.7&ts=1372602334090.000003&tguid=46364-3869-1372602334090-0A0EEE382BB8CE3E2B6E26AB54B07CE0&q={searchTerms}
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=4.7&ts=1372602334090.000003&tguid=46364-3869-1372602334090-0A0EEE382BB8CE3E2B6E26AB54B07CE0&q={searchTerms}
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=4.6&ts=1372602334090.000003&tguid=46364-3869-1372602334090-0A0EEE382BB8CE3E2B6E26AB54B07CE0&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3259377877-260377006-1008623290-1000 -> DefaultScope {4E5572DD-2485-4687-BCC8-F92354CADDF8} URL = hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=4.7&ts=1372602334090.000003&tguid=46364-3869-1372602334090-0A0EEE382BB8CE3E2B6E26AB54B07CE0&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3259377877-260377006-1008623290-1000 -> {13DD03BE-B4C7-42C1-AF46-EBA7DC4344DF} URL = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
SearchScopes: HKU\S-1-5-21-3259377877-260377006-1008623290-1000 -> {1C467582-7A9D-442B-8563-52849E84D538} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
SearchScopes: HKU\S-1-5-21-3259377877-260377006-1008623290-1000 -> {1F096B29-E9DA-4D64-8D63-936BE7762CC5} URL = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=28ac92bf0000000000000626b6e043bc&tlver=1.4.19.19&affID=17160
SearchScopes: HKU\S-1-5-21-3259377877-260377006-1008623290-1000 -> {4DAD408E-0BCC-485C-9F1D-5E8587482470} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=386496&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3259377877-260377006-1008623290-1000 -> {4E5572DD-2485-4687-BCC8-F92354CADDF8} URL = hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=4.7&ts=1372602334090.000003&tguid=46364-3869-1372602334090-0A0EEE382BB8CE3E2B6E26AB54B07CE0&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3259377877-260377006-1008623290-1000 -> {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKU\S-1-5-21-3259377877-260377006-1008623290-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=4.2&ts=1372602334090.000003&tguid=46364-3869-1372602334090-0A0EEE382BB8CE3E2B6E26AB54B07CE0&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3259377877-260377006-1008623290-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=4.6&ts=1372602334090.000003&tguid=46364-3869-1372602334090-0A0EEE382BB8CE3E2B6E26AB54B07CE0&q={searchTerms}
BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> C:\Program Files (x86)\McAfee\MSK\mskapbho64.dll No File
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-06-29] (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-06-29] (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-06-29] (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-06-29] (Kaspersky Lab ZAO)
BHO-x32: TFPUPWDBankBHO Class -> {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} -> C:\Program Files\TOSHIBA\TFPU\x86\TFPUPWDBankBHO.dll [2009-11-06] (TODO: <Company name>)
BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> C:\Program Files (x86)\McAfee\MSK\MskAPBho.dll No File
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-06-29] (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-06-29] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-24] (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-06-29] (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-24] (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-06-29] (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll [2010-11-21] (ICQ)
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-05-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-05-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-05-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-05-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-05-26] (Apple Inc.)
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2013-04-15]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-08-03]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010-10-07]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011-03-27]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-09-20]
FF HKLM\...\Firefox\Extensions: [{C1CA7765-44E4-452e-9D00-A04F3D434281}] -
FF HKLM-x32\...\Firefox\Extensions: [{C1CA7765-44E4-452e-9D00-A04F3D434281}] - C:\Program Files\TOSHIBA\TFPU\FirefoxAddin
FF Extension: Automatic password input in Fx - C:\Program Files\TOSHIBA\TFPU\FirefoxAddin [2010-05-22]
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2014-06-29]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2014-06-29]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2014-06-29]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2014-06-29]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2014-06-29]
Chrome:
=======
CHR HomePage: Default -> hxxp://search.certified-toolbar.com?si=46364&st=home&tid=3869&ver=4.7&ts=1372602334090.000003&tguid=46364-3869-1372602334090-0A0EEE382BB8CE3E2B6E26AB54B07CE0
CHR StartupUrls: Default -> "hxxp://search.certified-toolbar.com?si=46364&st=home&tid=3869&ver=4.7&ts=1372602334090.000003&tguid=46364-3869-1372602334090-0A0EEE382BB8CE3E2B6E26AB54B07CE0"
CHR Plugin: (Shockwave Flash) - C:\program files (x86)\google\chrome\application\42.0.2311.90\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\program files (x86)\google\chrome\application\42.0.2311.90\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\program files (x86)\google\chrome\application\42.0.2311.90\pdf.dll No File
CHR Plugin: (Babylon Chrome Plugin) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\BabylonChromePI.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Profile: C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-10]
CHR Extension: (Google Search) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-10]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-11-05]
CHR Extension: (Safe Money) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-11-05]
CHR Extension: (Content Blocker) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-11-05]
CHR Extension: (Virtual Keyboard) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-11-05]
CHR Extension: (Kaspersky Protection) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpoimibckejjdjcfbdnajaicnklhfplh [2014-11-05]
CHR Extension: (Google Wallet) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-12]
CHR Extension: (Gmail) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-10]
CHR Extension: (Anti-Banner) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-11-05]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx [2013-11-11]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888 2013-09-25] (Infowatch)
R2 ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [247608 2010-11-21] ()
R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116104 2009-10-15] (Toshiba Europe GmbH)
R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 mcmscsvc; C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe [X]
S4 McNASvc; "c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe" [X]
S4 McProxy; c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe [X]
S4 MpfService; "C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe" [X]
S4 MSK80Service; "C:\Program Files (x86)\McAfee\MSK\MskSrver.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [84536 2011-06-02] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66616 2011-06-02] (Infowatch)
S3 FsUsbExDisk; C:\windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] () [File not signed]
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-06-29] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2014-06-29] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628288 2014-06-29] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-06-29] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-11-11] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [177864 2015-02-20] (Kaspersky Lab ZAO)
S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus64.sys [261120 2005-09-23] (Pinnacle Systems GmbH) [File not signed]
R1 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [176144 2009-04-09] (McAfee, Inc.)
S3 Tosrfcom; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-07 20:30 - 2015-06-07 20:31 - 00000000 ____D C:\FRST
2015-06-07 20:18 - 2015-06-07 20:18 - 00000000 _____ C:\Users\Anja\defogger_reenable
2015-06-07 19:54 - 2015-06-07 19:54 - 00000000 ____D C:\Users\Anja\Documents\Johann Willi
2015-06-07 13:58 - 2015-06-07 13:58 - 00000000 ____D C:\Program Files (x86)\ESET
2015-06-07 13:48 - 2015-06-07 20:15 - 00000000 ____D C:\Users\Anja\Downloads\Viren und Malware
2015-06-06 07:30 - 2015-06-06 07:30 - 00001402 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-06-06 07:30 - 2015-06-06 07:30 - 00001390 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-06-06 07:30 - 2015-06-06 07:30 - 00000000 ____D C:\windows\System32\Tasks\Safer-Networking
2015-06-06 07:30 - 2015-06-06 07:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-06-06 07:29 - 2015-06-06 08:29 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-06-06 07:29 - 2015-06-06 07:31 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-06-06 07:29 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe
2015-06-06 07:17 - 2015-06-06 07:18 - 00000000 ____D C:\5b22efad4698490a329866ee
2015-05-24 09:37 - 2015-05-24 10:25 - 00101184 _____ (Amazon.com, Inc.) C:\windows\system32\stkMonitor.dll
2015-05-24 09:37 - 2015-05-24 10:25 - 00000000 ____D C:\Program Files (x86)\Amazon
2015-05-24 09:37 - 2015-05-24 09:37 - 00000000 ____D C:\Users\Anja\AppData\Local\Amazon
2015-05-17 18:31 - 2015-03-14 05:21 - 01632768 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll
2015-05-17 18:31 - 2015-03-14 05:21 - 00082944 _____ (Microsoft Corporation) C:\windows\system32\dwmapi.dll
2015-05-17 18:31 - 2015-03-14 05:04 - 01372160 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmcore.dll
2015-05-17 18:31 - 2015-03-14 05:04 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmapi.dll
2015-05-12 21:18 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 21:18 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 20:51 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-05-12 20:51 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-05-12 20:51 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-05-12 20:51 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-05-12 20:51 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-05-12 20:51 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-05-12 20:51 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-05-12 20:51 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-05-12 20:51 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-05-12 20:51 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-05-12 20:51 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-05-12 20:51 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-05-12 20:51 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-05-12 20:51 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-05-12 20:51 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-05-12 20:51 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-05-12 20:51 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-05-12 20:51 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-05-12 20:51 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-05-12 20:51 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-05-12 20:51 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-05-12 20:51 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-05-12 20:51 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-05-12 20:51 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-05-12 20:51 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-05-12 20:51 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-05-12 20:51 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-05-12 20:51 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-05-12 20:51 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-05-12 20:51 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-05-12 20:51 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-05-12 20:51 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-05-12 20:51 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-05-12 20:51 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-05-12 20:51 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-05-12 20:51 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-05-12 20:51 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-05-12 20:51 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-05-12 20:51 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-05-12 20:51 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-05-12 20:51 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-05-12 20:51 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-05-12 20:51 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-05-12 20:51 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-05-12 20:51 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-12 20:51 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-05-12 20:51 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-05-12 20:51 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-05-12 20:51 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-05-12 20:51 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-05-12 20:51 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-05-12 20:51 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-05-12 20:51 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-05-12 20:51 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-05-12 20:51 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-05-12 20:51 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-05-12 20:51 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-05-12 20:51 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-05-12 20:51 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-05-12 20:51 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-05-12 20:51 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2015-05-12 20:51 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2015-05-12 20:51 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\windows\SysWOW64\poqexec.exe
2015-05-12 20:51 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe
2015-05-12 20:50 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-05-12 20:50 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-05-12 20:50 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\windows\system32\services.exe
2015-05-12 20:49 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-05-12 20:49 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-05-12 20:49 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-05-12 20:49 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-05-12 20:49 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-05-12 20:49 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2015-05-12 20:49 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-05-12 20:49 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2015-05-12 20:49 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2015-05-12 20:49 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-05-12 20:49 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-05-12 20:49 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-05-12 20:49 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-05-12 20:49 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-05-12 20:49 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-05-12 20:49 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-05-12 20:49 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-05-12 20:49 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-05-12 20:49 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-05-12 20:49 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\windows\system32\sechost.dll
2015-05-12 20:49 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-05-12 20:49 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-05-12 20:49 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-05-12 20:49 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-05-12 20:49 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-05-12 20:49 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-05-12 20:49 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-05-12 20:49 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-05-12 20:49 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\windows\system32\tracerpt.exe
2015-05-12 20:49 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-05-12 20:49 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-05-12 20:49 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-05-12 20:49 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\logman.exe
2015-05-12 20:49 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\typeperf.exe
2015-05-12 20:49 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\relog.exe
2015-05-12 20:49 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-05-12 20:49 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\diskperf.exe
2015-05-12 20:49 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-05-12 20:49 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-05-12 20:49 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-05-12 20:49 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-05-12 20:49 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-05-12 20:49 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-12 20:49 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-12 20:49 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-12 20:49 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-12 20:49 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-12 20:49 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-12 20:49 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-12 20:49 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-12 20:49 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-12 20:49 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-12 20:49 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-12 20:49 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-12 20:49 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-12 20:49 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-12 20:49 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-12 20:49 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-12 20:49 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-12 20:49 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-12 20:49 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-12 20:49 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-12 20:49 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-12 20:49 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-12 20:49 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-12 20:49 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-12 20:49 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-12 20:49 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-12 20:49 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-12 20:49 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-12 20:49 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-05-12 20:49 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-05-12 20:49 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-05-12 20:49 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2015-05-12 20:49 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-05-12 20:49 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-05-12 20:49 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-05-12 20:49 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\windows\SysWOW64\sechost.dll
2015-05-12 20:49 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-05-12 20:49 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-05-12 20:49 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-05-12 20:49 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-05-12 20:49 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2015-05-12 20:49 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-05-12 20:49 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\windows\SysWOW64\tracerpt.exe
2015-05-12 20:49 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\logman.exe
2015-05-12 20:49 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\windows\SysWOW64\typeperf.exe
2015-05-12 20:49 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\windows\SysWOW64\relog.exe
2015-05-12 20:49 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-05-12 20:49 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-05-12 20:49 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-05-12 20:49 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-05-12 20:49 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-05-12 20:49 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-05-12 20:49 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\diskperf.exe
2015-05-12 20:49 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-05-12 20:49 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-05-12 20:49 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-05-12 20:49 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-05-12 20:49 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-05-12 20:49 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-12 20:49 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-12 20:49 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-12 20:49 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-12 20:49 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-12 20:49 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-12 20:49 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-12 20:49 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-12 20:49 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-12 20:49 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-12 20:49 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-12 20:49 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-12 20:49 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-12 20:49 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-12 20:49 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-12 20:49 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-12 20:49 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-12 20:49 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-12 20:49 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-12 20:49 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-12 20:49 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-12 20:49 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-12 20:49 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-12 20:49 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-12 20:49 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2015-05-12 20:49 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-05-12 20:49 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-05-12 20:49 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-12 20:49 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-12 20:49 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-12 20:49 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-12 20:48 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2015-05-12 20:48 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\jnwmon.dll
2015-05-12 20:48 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\windows\SysWOW64\InkEd.dll
2015-05-12 20:47 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-05-12 20:47 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-05-12 20:47 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2015-05-12 20:47 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-05-12 20:47 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\windows\system32\wpdshext.dll
2015-05-12 20:47 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\windows\SysWOW64\wpdshext.dll
2015-05-12 20:46 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\apphelp.dll
2015-05-12 20:46 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\windows\system32\aelupsvc.dll
2015-05-12 20:46 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\windows\system32\sdbinst.exe
2015-05-12 20:46 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\shimeng.dll
2015-05-12 20:46 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\shimeng.dll
2015-05-12 20:46 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\windows\SysWOW64\apphelp.dll
2015-05-12 20:46 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\windows\SysWOW64\sdbinst.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-07 20:20 - 2012-05-02 19:06 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-06-07 20:19 - 2010-05-21 23:55 - 01569119 _____ C:\windows\WindowsUpdate.log
2015-06-07 20:18 - 2010-08-01 19:20 - 00000000 ____D C:\Users\Anja
2015-06-07 19:57 - 2011-01-30 16:26 - 00001110 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-07 19:56 - 2009-07-14 05:20 - 00000000 ____D C:\windows\tracing
2015-06-07 19:52 - 2010-11-07 11:52 - 00000000 ____D C:\Users\Anja\Documents\Anja
2015-06-07 19:00 - 2011-02-27 16:43 - 00000000 ____D C:\Users\Anja\Documents\Outlook-Dateien
2015-06-07 18:14 - 2011-07-24 14:01 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-06-07 17:50 - 2009-07-14 19:58 - 00699682 _____ C:\windows\system32\perfh007.dat
2015-06-07 17:50 - 2009-07-14 19:58 - 00149790 _____ C:\windows\system32\perfc007.dat
2015-06-07 17:50 - 2009-07-14 07:13 - 01620684 _____ C:\windows\system32\PerfStringBackup.INI
2015-06-07 16:42 - 2014-07-29 20:56 - 00000000 ____D C:\Users\Anja\AppData\Local\Unity
2015-06-07 11:01 - 2009-07-14 06:45 - 00022208 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-07 11:01 - 2009-07-14 06:45 - 00022208 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-07 07:57 - 2011-01-30 16:26 - 00001106 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-07 07:03 - 2011-01-26 17:29 - 00000000 ____D C:\ProgramData\Kodak
2015-06-06 06:52 - 2015-03-28 22:48 - 00065536 _____ C:\windows\system32\Ikeext.etl
2015-06-06 06:52 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-06-06 06:52 - 2009-07-14 06:51 - 00153684 _____ C:\windows\setupact.log
2015-05-31 15:58 - 2010-11-12 20:42 - 00000000 ____D C:\Users\Anja\AppData\Local\FreePDF_XP
2015-05-31 14:35 - 2009-07-14 07:09 - 00000000 ____D C:\windows\System32\Tasks\WPD
2015-05-26 19:31 - 2010-11-06 11:42 - 00000000 ____D C:\Users\Anja\Documents\Didi
2015-05-25 14:46 - 2009-12-08 02:54 - 00806666 _____ C:\windows\PFRO.log
2015-05-24 20:17 - 2015-01-06 21:59 - 00000000 ____D C:\Users\Anja\Desktop\Fotos 2015
2015-05-24 09:34 - 2013-11-13 23:31 - 00000000 ____D C:\ProgramData\Oracle
2015-05-24 09:31 - 2010-08-03 22:01 - 00000000 ____D C:\Program Files (x86)\Java
2015-05-24 09:27 - 2014-10-19 19:44 - 00097888 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2015-05-20 22:17 - 2015-04-06 12:47 - 00000000 ___SD C:\windows\SysWOW64\GWX
2015-05-20 22:17 - 2015-04-06 12:47 - 00000000 ___SD C:\windows\system32\GWX
2015-05-16 07:52 - 2011-01-30 16:26 - 00004106 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-16 07:52 - 2011-01-30 16:26 - 00003854 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-14 15:38 - 2009-07-14 05:20 - 00000000 ____D C:\windows\rescache
2015-05-13 20:10 - 2009-07-14 06:45 - 00506248 _____ C:\windows\system32\FNTCACHE.DAT
2015-05-13 20:06 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-13 20:06 - 2009-07-14 05:20 - 00000000 ____D C:\windows\system32\AdvancedInstallers
2015-05-12 21:38 - 2009-12-08 03:03 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-05-12 21:35 - 2010-09-19 12:32 - 00000039 _____ C:\windows\vbaddin.ini
2015-05-12 21:34 - 2013-08-14 21:05 - 00000000 ____D C:\windows\system32\MRT
2015-05-12 21:27 - 2010-09-14 21:23 - 140425016 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-05-12 20:54 - 2013-04-09 22:59 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
==================== Files in the root of some directories =======
2013-06-14 20:11 - 2013-07-07 09:57 - 0001428 _____ () C:\Users\Anja\AppData\Roaming\TOSHIBANBJACOBS.MTBF.txt
2013-06-14 20:28 - 2013-06-18 08:28 - 0004608 _____ () C:\Users\Anja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-10-26 21:18 - 2012-10-31 18:03 - 0015494 _____ () C:\Users\Anja\AppData\Local\installer.log
2011-01-26 18:00 - 2011-01-26 18:00 - 0000236 _____ () C:\Users\Anja\AppData\Local\LaunchHomeCenter.log
2011-07-04 19:20 - 2011-07-04 19:20 - 0000000 _____ () C:\Users\Anja\AppData\Local\{FE52DF1B-FD79-46B7-9E55-C08B93007A9F}
2012-01-07 13:59 - 2012-01-07 15:12 - 0020531 ____H () C:\ProgramData\M33KI
2011-05-17 17:30 - 2011-05-22 10:11 - 0001492 _____ () C:\ProgramData\ss.ini
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-03 21:35
==================== End of log ============================
|
|
07.06.2015, 22:50
| #2 |
| /// the machine /// TB-Ausbilder    | Flipmailer / Trojaner - ähnlich dem Problem von schima30 - Infoexenet flipmailer? Hi,
__________________Dann Poste mal den Rest 
__________________ |
|
08.06.2015, 18:12
| #3 |
| | Flipmailer / Trojaner - ähnlich dem Problem von schima30 - Infoexenet flipmailer? Hallo, hier der Rest:
__________________FRST Addition: [CODE] Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version:07-06-2015
Ran by Anja at 2015-06-07 20:32:17
Running from E:\FRST
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Admin (S-1-5-21-3259377877-260377006-1008623290-1003 - Administrator - Enabled)
Administrator (S-1-5-21-3259377877-260377006-1008623290-500 - Administrator - Disabled)
Anja (S-1-5-21-3259377877-260377006-1008623290-1000 - Limited - Enabled) => C:\Users\Anja
Gast (S-1-5-21-3259377877-260377006-1008623290-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3259377877-260377006-1008623290-1002 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky PURE 3.0 (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky PURE 3.0 (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Kaspersky PURE 3.0 (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.2.8870 - Adobe Systems Inc.)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Photoshop Elements 2.0 (HKLM-x32\...\Adobe Photoshop Elements 2.0) (Version: 2.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
aioprnt (Version: 5.3.1.0 - Eastman Kodak Company) Hidden
aioscnnr (x32 Version: 6.2.3.10 - Your Company Name) Hidden
aioscnnr (x32 Version: 7.3.4.0 - Your Company Name) Hidden
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.105.303.213 - ALPS ELECTRIC CO., LTD.)
Amazon Send to Kindle (HKLM-x32\...\SendToKindle) (Version: 1.0.1.240 - Amazon)
AuthenTec Fingerprint Software (HKLM\...\{3E38B0F4-1B86-421E-9B2A-9EA617DF6ABB}) (Version: 9.0.4.12 - AuthenTec, Inc.)
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version: - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM-x32\...\AVMFBoxPrinter) (Version: - AVM Berlin)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v7.10.01(T) - TOSHIBA CORPORATION)
BUDNI Fotowelt (HKLM-x32\...\BUDNI Fotowelt) (Version: 6.0.1 - CEWE Stiftung u Co. KGaA)
C4USelfUpdater (x32 Version: 1.00.0000 - Your Company Name) Hidden
center (x32 Version: 6.2.5.0 - Eastman Kodak Company) Hidden
CyberView X - MF v1.18a (HKLM-x32\...\{CB4B1827-6433-4C08-8E51-DB49A7C309AE}) (Version: 1.18 - Pacific Image Electronics Co., Ltd)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Duden Korrektor PLUS (HKLM-x32\...\{2E8ECB58-EE3A-452C-B57E-1B982735F0F2}) (Version: 7.00.0000 - Bibliographisches Institut GmbH)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
EPSON TWAIN 5 (HKLM-x32\...\{254BEB3E-1085-4D66-9CDC-0152C0DC2E93}) (Version: 5.71.0000 - SEIKO EPSON Corp.)
essentials (x32 Version: 6.0.14.0 - Eastman Kodak Company) Hidden
Exact Audio Copy 1.0beta2 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta2 - Andre Wiethoff)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Free Driver Scout (HKLM-x32\...\{36e136d1-209a-4733-9b4e-bcfa2797265a}) (Version: 1.0.0.101 - Covus Freemium)
Free Driver Scout (Version: 1.0.0.101 - Covus Freemium) Hidden
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GPL Ghostscript 9.00 (HKLM-x32\...\GPL Ghostscript 9.00) (Version: - )
ICQ Toolbar (HKLM-x32\...\ICQToolbar) (Version: 3.0.0 - ICQ)
ICQ7.5 (HKLM-x32\...\{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}) (Version: 7.5 - ICQ)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.1995 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 14.5 - Intel)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.0.1037 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Kaspersky PURE 3.0 (HKLM-x32\...\InstallWIX_{D0702EE9-9DE4-419A-9C6C-4730B1C985BA}) (Version: 13.0.2.558 - Kaspersky Lab)
Kaspersky PURE 3.0 (x32 Version: 13.0.2.558 - Kaspersky Lab) Hidden
Kodak AIO Printer (Version: 7.0.3.0 - Eastman Kodak Company) Hidden
KODAK All-in-One Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.6.12.20 - Eastman Kodak Company)
ksDIP (x32 Version: 3.20.0000.0001 - Eastman Kodak Company) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3259377877-260377006-1008623290-1000\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visio Premium 2010 (HKLM-x32\...\Office14.VISIOR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-3259377877-260377006-1008623290-1000\...\MyFreeCodec) (Version: - )
ocr (x32 Version: 6.2.3.50 - Eastman Kodak Company) Hidden
OpenOffice.org 3.2 (HKLM-x32\...\{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}) (Version: 3.2.9502 - OpenOffice.org)
PDF24 Creator 6.8.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5971 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - )
RICOH R5U230 Media Driver ver.2.07.03.02 (HKLM-x32\...\{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}) (Version: 2.07.03.02 - RICOH)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.1.0.11112_41 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.1.0.11112_41 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.34.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{359ADBEC-068A-4CC9-9174-77AB8EDB867A}) (Version: - Microsoft)
SilverFast AFL (HKLM-x32\...\SilverFast AFL_is1) (Version: - LaserSoft Imaging, Inc.)
SilverFast AFL TWAIN (HKLM-x32\...\SilverFast AFL TWAIN_is1) (Version: - LaserSoft Imaging, Inc.)
SilverFast Ai CD Dokumentation 6.4.0 (HKLM-x32\...\SilverFast Ai CD Dokumentation_is1) (Version: - LaserSoft Imaging AG)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
TFPU (Version: 1.0.0 - TOSHIBA) Hidden
TOSHIBA 180 Degrees Rotation Utility (HKLM-x32\...\InstallShield_{2E54DAC2-BDF7-49EC-87AF-B38E3B096BC6}) (Version: 1.2.0.0 - TOSHIBA Corporation)
Toshiba Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.10 - TOSHIBA)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{F64684A0-754B-4637-B7F9-6E8DAA8CD5CD}) (Version: 1.5.06.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.25 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.1.06-A - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.1.12.64 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: - )
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Fingerprint Utility (HKLM\...\TFPU{A7760E07-4C23-4766-A99E-F715F298E99C}) (Version: 1.0.2.18 - TOSHIBA Corporation)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.3 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.4 - TOSHIBA Corporation)
Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.00 - TOSHIBA)
Toshiba Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 2.08.0001 - TOSHIBA)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.5.1.64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 x64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{5BCC94A1-DEF1-4AB4-8046-BC13048E929A}) (Version: 1.5.08.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA)
Toshiba TEMPRO (HKLM-x32\...\{14555947-6F14-421F-8F61-6489E0FDFAE5}) (Version: 3.08 - Toshiba Europe GmbH)
TOSHIBA USB Sleep and Charge Utility (HKLM-x32\...\{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}) (Version: 1.3.2.0 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.2.34.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.2.6 - TOSHIBA Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3259377877-260377006-1008623290-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Anja\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-3259377877-260377006-1008623290-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Anja\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3259377877-260377006-1008623290-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Anja\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3259377877-260377006-1008623290-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Anja\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3259377877-260377006-1008623290-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Anja\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3259377877-260377006-1008623290-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Anja\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
07-06-2015 00:00:03 Geplanter Prüfpunkt
07-06-2015 16:48:53 Removed Microsoft Silverlight
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {00C69C58-453E-40D5-9EF6-2782749CF27F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {1C278268-BEF2-4708-8528-1EACB1E0EB64} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {2D71D649-7944-4967-967C-BB8D6683B6D6} - System32\Tasks\FreeDriverScout => C:\Program Files\Covus Freemium\Free Driver Scout\1Click.exe [2013-05-21] ()
Task: {34A0019D-AE19-4FA4-B54D-21C5B04ADED5} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {3AF5687F-A810-44C9-B7F7-531BAF7B24B2} - System32\Tasks\{1E2AD41C-7CC2-496A-9DC3-325B7315B09D} => pcalua.exe -a "C:\Users\Anja\AppData\Local\Temp\{66F1F013-008F-4875-B283-5A814B820347}\CleanerUI\cleanapi.exe" -d C:\Users\ANJAU~1.DID\AppData\Local\Temp\{66F1F013-008F-4875-B283-5A814B820347}\CleanerUI -c -d -s
Task: {3CD02DFE-38CF-4A32-9EDB-A0CAA5854987} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2009-10-28] (TOSHIBA CORPORATION)
Task: {3DC2C55D-D9E6-4F0D-AE6E-5A5F908EF446} - System32\Tasks\Software Updater Ui => C:\Program Files\SoftwareUpdater\SoftwareUpdater.Ui.exe [2013-12-19] () <==== ATTENTION
Task: {5519E408-4BC1-4F19-9753-760D95DCA78F} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {6581B606-B47E-4ECB-8B9C-644F2AB9716E} - System32\Tasks\{37EF21AC-8CA0-480B-8404-ED4CB8A510DA} => pcalua.exe -a "C:\Program Files (x86)\McAfee\MSC\mcuninst.exe"
Task: {6D2E9157-AF5E-4C0E-B408-4B1B18223778} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {6E16B30E-60B6-4BFA-AB0D-C3143883AF8D} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {8B1FF42A-7ADD-4D20-9E9B-AA5601EB1D81} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2012-03-10] (Microsoft Corporation)
Task: {93D8DD0E-9319-4793-90A9-6FA8B07E009C} - System32\Tasks\McDefragTask => c:\PROGRA~2\mcafee\mqc\QcConsol.exe
Task: {97606AE2-BC33-4ADC-8E1C-D1639528300B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {9DE417C0-6ABA-4FFE-8C9B-7218AA918058} - System32\Tasks\Software Updater => C:\Program Files\SoftwareUpdater\SoftwareUpdater.Bootstrapper.exe [2013-12-20] () <==== ATTENTION
Task: {A282EC6E-2507-4E17-B6B1-71A95C1E9002} - System32\Tasks\McQcTask => c:\PROGRA~2\mcafee\mqc\QcConsol.exe
Task: {AE2CBCF4-E23D-4EFC-83DA-03BA2F9A5F45} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {C0DFA583-0574-43C7-9D59-20F63E4E7E6A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {D63A96C6-57B0-4AA1-86FC-DA74EB0CC625} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {D784CF2C-3EA9-4908-A8C9-7D984E204FBB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {F7FFA04E-FCCE-4650-A6CF-B27ACE3585CB} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {FD00615D-72CC-4B13-A939-8AA4C39CE374} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\McDefragTask.job => c:\PROGRA~2\mcafee\mqc\QcConsol.exe C:\Windows\system32\defrag.exe
Task: C:\windows\Tasks\McQcTask.job => c:\PROGRA~2\mcafee\mqc\QcConsol.exe
==================== Loaded Modules (Whitelisted) ==============
2010-11-12 20:39 - 2010-06-17 22:56 - 00087040 _____ () C:\windows\System32\redmonnt.dll
2011-06-13 10:45 - 2010-11-21 11:49 - 00247608 _____ () C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
2009-09-28 14:46 - 2009-09-28 14:46 - 00559480 _____ () C:\Program Files\TOSHIBA\TECO\TecoPower.dll
2009-10-18 15:20 - 2009-10-18 15:20 - 07959864 _____ () C:\Program Files\Toshiba\FlashCards\BlackPng.dll
2009-11-03 13:26 - 2009-11-03 13:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2009-12-08 02:55 - 2009-06-22 15:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
2009-03-12 19:08 - 2009-03-12 19:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 16:38 - 2009-07-25 16:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2009-11-02 13:11 - 2009-11-02 13:11 - 00359344 _____ () C:\Program Files\Toshiba\TFPU\TFPUCommon.dll
2009-09-28 14:46 - 2009-09-28 14:46 - 00559480 _____ () C:\Program Files\Toshiba\TECO\TecoPower.dll
2009-11-30 11:06 - 2009-11-30 11:06 - 03241320 _____ () C:\Program Files\Toshiba\BulletinBoard\TosNcUi.dll
2009-11-05 09:18 - 2009-11-05 09:18 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2009-11-02 13:11 - 2009-11-02 13:11 - 00359344 _____ () C:\Program Files\TOSHIBA\TFPU\TFPUCommon.dll
2012-12-20 18:19 - 2012-12-20 18:19 - 00479752 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\dblite.dll
2012-12-20 18:19 - 2012-12-20 18:19 - 01310728 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\kpcengine.2.2.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-05-21 23:58 - 2009-10-02 13:18 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2011-03-15 19:52 - 2011-03-15 19:52 - 00115200 _____ () C:\Program Files (x86)\Duden\Duden Korrektor\MBControls.dll
2010-05-04 15:36 - 2010-05-04 15:36 - 00970752 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2015-06-06 07:29 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-06-06 07:29 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-06-06 07:29 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-06-06 07:29 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-06-06 07:29 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2009-11-02 13:11 - 2009-11-02 13:11 - 00244144 _____ () C:\Program Files\TOSHIBA\TFPU\x86\TFPUCommon.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3259377877-260377006-1008623290-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: mcmscsvc => 2
MSCONFIG\Services: McNASvc => 2
MSCONFIG\Services: McProxy => 2
MSCONFIG\Services: MpfService => 2
MSCONFIG\Services: MSK80Service => 2
MSCONFIG\startupreg: mcagent_exe => C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe /runkey
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{60DCFB43-103E-48F0-9DF7-CDFA7E8262EB}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{12AA2A89-389A-4C32-931D-93FF28D1A7E2}] => (Allow) svchost.exe
FirewallRules: [{454AD24D-86EF-4C3A-B5E4-E497A5BA0288}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{E6926288-2330-4F25-978C-1C83782B2D79}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MNA\McNaSvc.exe
FirewallRules: [{D410C6E9-2708-4370-8BFA-F73D45126040}] => (Allow) D:\fsetup.exe
FirewallRules: [{F868959F-FADF-4744-89A1-DF61E36CB8A9}] => (Allow) D:\fsetup.exe
FirewallRules: [{F65B6CE6-12D6-4595-BEA7-0012BD42A2D2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B12401D9-793A-4276-952A-07378F91B686}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{199D193C-F1FA-4B78-9BA9-C61C14A1FCFD}] => (Allow) LPort=5353
FirewallRules: [{181404C0-4C3B-4D41-AB44-4E8A634C374C}] => (Allow) LPort=9322
FirewallRules: [{F9B66BC1-965B-4C59-8BE6-749E8DFADEF7}] => (Allow) C:\Program Files (x86)\ICQ7.5\ICQ.exe
FirewallRules: [{B27A1701-A93F-4562-BC82-B7A939AB6845}] => (Allow) C:\Program Files (x86)\ICQ7.5\ICQ.exe
FirewallRules: [{0CCBBCF5-D5F9-4AC2-9199-1F15D6F62735}] => (Allow) C:\Program Files (x86)\ICQ7.5\ICQ.exe
FirewallRules: [{3BAE1B27-1D75-4AEE-A8D6-58B3EE94313B}] => (Allow) C:\Program Files (x86)\ICQ7.5\ICQ.exe
FirewallRules: [{C5C6E66E-158E-4ACE-8CC1-52BFEF142CF0}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{943C960B-D261-4AE9-89AE-353B0DC571B9}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{FD8EBDD3-8946-4556-87C6-0EFAC17A2D67}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe
FirewallRules: [{6B9CCAC6-66F8-4BBE-8E06-779C030A4C68}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe
FirewallRules: [{3A52A819-FFC1-4686-B425-277133D3C004}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe
FirewallRules: [{CDC89F5F-578C-4E58-9C83-F3D81DAC0134}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe
FirewallRules: [{72D888EC-581C-499B-BA77-C6483F454F05}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe
FirewallRules: [{BD7B7628-9EC3-47C6-9964-84089D15F740}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe
FirewallRules: [{4C6C5EF9-B1A8-4D81-8CC6-C36B04526AB1}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Firmware\KodakAiOUpdater.exe
FirewallRules: [{CF3EA7D8-F267-4D3A-B3E6-41CAAE4B297A}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Firmware\KodakAiOUpdater.exe
FirewallRules: [{2F8C85DB-CBD7-4ECE-8B54-F5F932BA4DB1}] => (Allow) C:\ProgramData\Kodak\Installer\Setup.exe
FirewallRules: [{A7C93D00-5823-4E49-82CC-6799DA0CDB09}] => (Allow) C:\ProgramData\Kodak\Installer\Setup.exe
FirewallRules: [{82FD96F9-1816-4BB5-B8AA-2715134EE358}] => (Allow) LPort=9322
FirewallRules: [{F041FAF4-0268-498D-A570-7F3E137A204D}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe
FirewallRules: [{75C150DB-AD47-4127-A2DF-6D5159230EFD}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe
FirewallRules: [{52DF3E70-8D20-450B-BFDA-2AF07561E39F}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe
FirewallRules: [{22D81910-D488-4BA2-BB0A-09BBBBAAA0DF}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe
FirewallRules: [{3257500D-E4A5-4949-AC54-2C4C6346D862}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe
FirewallRules: [{4B9614FC-EE3F-4CD0-8F64-1CB01BFA30BC}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe
FirewallRules: [{A8D26193-FDCE-42F5-BF44-7FD6B65CA780}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Firmware\KodakAiOUpdater.exe
FirewallRules: [{69A011AB-5170-4EDB-92AF-B6965B6BAD71}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Firmware\KodakAiOUpdater.exe
FirewallRules: [{AE8A2419-AB78-49E9-AB53-51C486F75178}] => (Allow) C:\ProgramData\Kodak\Installer\Setup.exe
FirewallRules: [{67882230-AB10-4FD5-9BB6-4FF5E584AA49}] => (Allow) C:\ProgramData\Kodak\Installer\Setup.exe
FirewallRules: [{1A8EDE96-B628-41AE-BB63-09DFF8BEC0CF}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\RM.exe
FirewallRules: [{DFEA5F71-8B4D-4F68-A025-110D44CA2321}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\RM.exe
FirewallRules: [{B7DCE385-6BA7-45F3-9ECB-3703E62CA06B}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\NGStudio.exe
FirewallRules: [{FA98F70A-0AEC-479F-B41A-107383344239}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\NGStudio.exe
FirewallRules: [{6C3B39F3-8BB2-452A-8B96-C56A315D573C}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\UMI.exe
FirewallRules: [{D8E74DDC-D9B4-4FDD-9AEE-4142DF38B326}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\UMI.exe
FirewallRules: [{951003A6-3631-40A4-B6B0-C3407E6152DE}] => (Allow) C:\Users\Anja\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{5BD08CE4-212D-4CF6-9410-073330ABA458}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{035D26BB-98BF-4841-9738-6687ADCEA64D}] => (Allow) LPort=2869
FirewallRules: [{FC7FCED4-019A-466D-89B8-0B2C74D77FCE}] => (Allow) LPort=1900
FirewallRules: [{E3899F7D-29C7-4769-8086-299D47FCE1F3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/07/2015 04:50:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: RPCRT4.dll, Version: 6.1.7601.18532, Zeitstempel: 0x53c339ee
Ausnahmecode: 0xc0020043
Fehleroffset: 0x000000000008a663
ID des fehlerhaften Prozesses: 0xd64
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Error: (06/07/2015 01:50:27 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.
Error: (06/07/2015 01:50:23 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.
Error: (06/07/2015 01:50:23 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.
Error: (05/31/2015 07:44:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm IEXPLORE.EXE, Version 11.0.9600.17801 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: d08
Startzeit: 01d09bc738c62467
Endzeit: 50
Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Berichts-ID:
Error: (05/31/2015 07:28:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm IEXPLORE.EXE, Version 11.0.9600.17801 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1aa8
Startzeit: 01d09ba72cc06f94
Endzeit: 30
Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Berichts-ID:
Error: (05/28/2015 09:03:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm IEXPLORE.EXE, Version 11.0.9600.17801 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: ae0
Startzeit: 01d09973a22ebfe2
Endzeit: 73
Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Berichts-ID:
Error: (05/12/2015 08:52:47 PM) (Source: MsiInstaller) (EventID: 1024) (User: ToshibaNBAnja)
Description: Produkt: Adobe Reader XI (11.0.10) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011011}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (05/03/2015 06:07:38 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: TSS Load: could not communicate with TMachInfo service
Error: (04/25/2015 04:18:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm IEXPLORE.EXE, Version 11.0.9600.17728 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 18c8
Startzeit: 01d07f60ec34f453
Endzeit: 578
Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Berichts-ID:
System errors:
=============
Error: (06/07/2015 08:18:55 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (06/07/2015 08:12:16 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (06/07/2015 08:12:16 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (06/07/2015 07:49:01 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (06/07/2015 07:49:00 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (06/07/2015 07:49:00 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (06/07/2015 07:46:54 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (06/07/2015 07:46:54 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (06/07/2015 05:11:30 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (06/07/2015 02:00:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Microsoft Office:
=========================
Error: (06/07/2015 04:50:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d672ee4RPCRT4.dll6.1.7601.1853253c339eec0020043000000000008a663d6401d0a014af966351C:\windows\Explorer.EXEC:\windows\system32\RPCRT4.dll9831994b-0d24-11e5-bfe4-002318afb680
Error: (06/07/2015 01:50:27 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifestC:\Users\Anja\Downloads\Viren und Malware\ESET\esetsmartinstaller_deu.exe
Error: (06/07/2015 01:50:23 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifestC:\Users\Anja\Downloads\Viren und Malware\ESET\esetsmartinstaller_deu.exe
Error: (06/07/2015 01:50:23 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifestC:\Users\Anja\Downloads\Viren und Malware\ESET\esetsmartinstaller_deu.exe
Error: (05/31/2015 07:44:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17801d0801d09bc738c6246750C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Error: (05/31/2015 07:28:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.178011aa801d09ba72cc06f9430C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Error: (05/28/2015 09:03:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17801ae001d09973a22ebfe273C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Error: (05/12/2015 08:52:47 PM) (Source: MsiInstaller) (EventID: 1024) (User: ToshibaNBAnja)
Description: Adobe Reader XI (11.0.10) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011011}1625(NULL)(NULL)(NULL)
Error: (05/03/2015 06:07:38 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: TSS Load: could not communicate with TMachInfo service
Error: (04/25/2015 04:18:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.1772818c801d07f60ec34f453578C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
CodeIntegrity Errors:
===================================
Date: 2015-02-16 20:57:19.442
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-16 20:57:19.379
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-13 16:26:39.210
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-13 16:26:39.194
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-13 16:23:45.909
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-13 16:23:45.893
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-11-13 21:06:31.279
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-11-13 21:06:31.279
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-11-13 21:06:31.232
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-11-13 21:06:31.232
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz
Percentage of memory in use: 63%
Total physical RAM: 3824.43 MB
Available physical RAM: 1397.41 MB
Total Pagefile: 7647.06 MB
Available Pagefile: 4425.01 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (TI30570000A) (Fixed) (Total:289.6 GB) (Free:25.88 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (KINGSTON) (Removable) (Total:1.9 GB) (Free:1.89 GB) FAT
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 5D4EDC6E)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=289.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=7 GB) - (Type=17)
========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 04030201)
Partition 1: (Not Active) - (Size=1.9 GB) - (Type=06)
==================== End of log ============================
und schließlich GMER Code:
ATTFilter GMER Logfile: Besten Gruß speedy didi |
|
09.06.2015, 10:09
| #4 |
| /// the machine /// TB-Ausbilder | Flipmailer / Trojaner - ähnlich dem Problem von schima30 - Infoexenet flipmailer? hi, Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
10.06.2015, 07:49
| #5 |
| | Flipmailer / Trojaner - ähnlich dem Problem von schima30 - Infoexenet flipmailer? Hallo schrauber, das mbar-Log folgt gleich mit gesondertem Posting - auch wenn ich mbar früher habe laufen lassen... hier das TDSS Killer-Log: Code:
ATTFilter 08:33:06.0491 0x0ddc TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
08:33:14.0509 0x0ddc ============================================================
08:33:14.0509 0x0ddc Current date / time: 2015/06/10 08:33:14.0509
08:33:14.0509 0x0ddc SystemInfo:
08:33:14.0509 0x0ddc
08:33:14.0509 0x0ddc OS Version: 6.1.7601 ServicePack: 1.0
08:33:14.0509 0x0ddc Product type: Workstation
08:33:14.0509 0x0ddc ComputerName: TOSHIBANBJACOBS
08:33:14.0509 0x0ddc UserName: Admin
08:33:14.0509 0x0ddc Windows directory: C:\windows
08:33:14.0509 0x0ddc System windows directory: C:\windows
08:33:14.0509 0x0ddc Running under WOW64
08:33:14.0509 0x0ddc Processor architecture: Intel x64
08:33:14.0509 0x0ddc Number of processors: 4
08:33:14.0509 0x0ddc Page size: 0x1000
08:33:14.0509 0x0ddc Boot type: Normal boot
08:33:14.0509 0x0ddc ============================================================
08:33:14.0962 0x0ddc KLMD registered as C:\windows\system32\drivers\72705452.sys
08:33:15.0898 0x0ddc System UUID: {B8064895-AD45-887E-62EC-12B12B9A016E}
08:33:16.0802 0x0ddc Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:33:16.0802 0x0ddc ============================================================
08:33:16.0802 0x0ddc \Device\Harddisk0\DR0:
08:33:16.0802 0x0ddc MBR partitions:
08:33:16.0802 0x0ddc \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x24333000
08:33:16.0802 0x0ddc ============================================================
08:33:16.0834 0x0ddc C: <-> \Device\Harddisk0\DR0\Partition1
08:33:16.0834 0x0ddc ============================================================
08:33:16.0834 0x0ddc Initialize success
08:33:16.0834 0x0ddc ============================================================
08:34:29.0265 0x219c ============================================================
08:34:29.0265 0x219c Scan started
08:34:29.0265 0x219c Mode: Manual; SigCheck; TDLFS;
08:34:29.0265 0x219c ============================================================
08:34:29.0265 0x219c KSN ping started
08:34:31.0776 0x219c KSN ping finished: true
08:34:33.0180 0x219c ================ Scan system memory ========================
08:34:33.0180 0x219c System memory - ok
08:34:33.0180 0x219c ================ Scan services =============================
08:34:33.0399 0x219c [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
08:34:33.0492 0x219c 1394ohci - ok
08:34:33.0555 0x219c [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\windows\system32\drivers\ACPI.sys
08:34:33.0601 0x219c ACPI - ok
08:34:33.0648 0x219c [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
08:34:33.0757 0x219c AcpiPmi - ok
08:34:33.0867 0x219c [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
08:34:33.0898 0x219c AdobeARMservice - ok
08:34:34.0038 0x219c [ 00CC35F515079F5F94FABC3AC5C7D363, 7CE8B1715009602059DEDD6CBCA9C18EF079EDA344E7809813D6C0A395622B82 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
08:34:34.0069 0x219c AdobeFlashPlayerUpdateSvc - ok
08:34:34.0132 0x219c [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
08:34:34.0163 0x219c adp94xx - ok
08:34:34.0241 0x219c [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
08:34:34.0288 0x219c adpahci - ok
08:34:34.0319 0x219c [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
08:34:34.0335 0x219c adpu320 - ok
08:34:34.0397 0x219c [ 83BFCCAC53795E8A5055A93672D0C46C, B2B03473D950A5BA9DE59D81E7B14C1FAFF17B2A4D8A5808588F5CC21D63B291 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
08:34:34.0475 0x219c AeLookupSvc - ok
08:34:34.0537 0x219c [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\windows\system32\drivers\afd.sys
08:34:34.0615 0x219c AFD - ok
08:34:34.0709 0x219c [ 98022774D9930ECBB292E70DB7601DF6, BE64A40B9BE997D73C0FC14D97E204C9D886EDA07EC4C9391A70CE477084E5F1 ] AgereSoftModem C:\windows\system32\DRIVERS\agrsm64.sys
08:34:34.0818 0x219c AgereSoftModem - ok
08:34:34.0896 0x219c [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\windows\system32\drivers\agp440.sys
08:34:34.0912 0x219c agp440 - ok
08:34:34.0959 0x219c [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\windows\System32\alg.exe
08:34:35.0037 0x219c ALG - ok
08:34:35.0115 0x219c [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\windows\system32\drivers\aliide.sys
08:34:35.0130 0x219c aliide - ok
08:34:35.0177 0x219c [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\windows\system32\drivers\amdide.sys
08:34:35.0208 0x219c amdide - ok
08:34:35.0239 0x219c [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
08:34:35.0317 0x219c AmdK8 - ok
08:34:35.0333 0x219c [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
08:34:35.0380 0x219c AmdPPM - ok
08:34:35.0458 0x219c [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\windows\system32\drivers\amdsata.sys
08:34:35.0489 0x219c amdsata - ok
08:34:35.0505 0x219c [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
08:34:35.0536 0x219c amdsbs - ok
08:34:35.0551 0x219c [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\windows\system32\drivers\amdxata.sys
08:34:35.0551 0x219c amdxata - ok
08:34:35.0598 0x219c [ 9FD4E8B6CA36B2593A1E253A41D2DFA3, 579204CBD767EF101C75DBCB5E4E5C81A59DE076DE884078E9DEFE091E0070B4 ] ApfiltrService C:\windows\system32\DRIVERS\Apfiltr.sys
08:34:35.0645 0x219c ApfiltrService - ok
08:34:35.0739 0x219c [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID C:\windows\system32\drivers\appid.sys
08:34:35.0817 0x219c AppID - ok
08:34:35.0848 0x219c [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc C:\windows\System32\appidsvc.dll
08:34:35.0879 0x219c AppIDSvc - ok
08:34:35.0988 0x219c [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\windows\System32\appinfo.dll
08:34:36.0066 0x219c Appinfo - ok
08:34:36.0129 0x219c [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\windows\System32\appmgmts.dll
08:34:36.0191 0x219c AppMgmt - ok
08:34:36.0222 0x219c [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\windows\system32\DRIVERS\arc.sys
08:34:36.0238 0x219c arc - ok
08:34:36.0253 0x219c [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
08:34:36.0269 0x219c arcsas - ok
08:34:36.0409 0x219c [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
08:34:36.0472 0x219c aspnet_state - ok
08:34:36.0519 0x219c [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
08:34:36.0659 0x219c AsyncMac - ok
08:34:36.0690 0x219c [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\windows\system32\drivers\atapi.sys
08:34:36.0706 0x219c atapi - ok
08:34:36.0784 0x219c [ 88A02B6046356E6BE4E387FAA7451439, 6F9ADE0F5278191EE2A46F8517BB7CB5AB3D279D248E39BB6060B8FE3E52DF30 ] athr C:\windows\system32\DRIVERS\athrx.sys
08:34:36.0909 0x219c athr - ok
08:34:37.0065 0x219c [ C1BDD60A80E607A9E4B72131C817CA22, B2FF9D8AABBAEC99C5964E15BAB8ED035FFA772EF812ACB4E4C0DB93DA07BF39 ] ATService C:\Program Files\Fingerprint Sensor\ATService.exe
08:34:37.0143 0x219c ATService - ok
08:34:37.0221 0x219c [ 9DAD5924FED7B98BFCBDED0D697E6294, 185FA90BFA8B9A114403E855952FB8079B3FE34313E318D7439A4497A218D9E8 ] ATSwpWDF C:\windows\system32\Drivers\ATSwpWDF.sys
08:34:37.0267 0x219c ATSwpWDF - ok
08:34:37.0345 0x219c [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
08:34:37.0408 0x219c AudioEndpointBuilder - ok
08:34:37.0439 0x219c [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv C:\windows\System32\Audiosrv.dll
08:34:37.0455 0x219c AudioSrv - ok
08:34:37.0579 0x219c AVP - ok
08:34:37.0642 0x219c [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\windows\System32\AxInstSV.dll
08:34:37.0767 0x219c AxInstSV - ok
08:34:37.0845 0x219c [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
08:34:37.0923 0x219c b06bdrv - ok
08:34:37.0954 0x219c [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
08:34:38.0016 0x219c b57nd60a - ok
08:34:38.0094 0x219c [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\windows\System32\bdesvc.dll
08:34:38.0172 0x219c BDESVC - ok
08:34:38.0203 0x219c [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\windows\system32\drivers\Beep.sys
08:34:38.0281 0x219c Beep - ok
08:34:38.0422 0x219c [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\windows\System32\bfe.dll
08:34:38.0515 0x219c BFE - ok
08:34:38.0609 0x219c [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\windows\System32\qmgr.dll
08:34:38.0812 0x219c BITS - ok
08:34:38.0859 0x219c [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
08:34:38.0890 0x219c blbdrive - ok
08:34:38.0937 0x219c [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\windows\system32\DRIVERS\bowser.sys
08:34:38.0999 0x219c bowser - ok
08:34:39.0015 0x219c [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
08:34:39.0124 0x219c BrFiltLo - ok
08:34:39.0155 0x219c [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
08:34:39.0202 0x219c BrFiltUp - ok
08:34:39.0280 0x219c [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\windows\System32\browser.dll
08:34:39.0358 0x219c Browser - ok
08:34:39.0405 0x219c [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\windows\System32\Drivers\Brserid.sys
08:34:39.0467 0x219c Brserid - ok
08:34:39.0498 0x219c [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
08:34:39.0529 0x219c BrSerWdm - ok
08:34:39.0545 0x219c [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
08:34:39.0592 0x219c BrUsbMdm - ok
08:34:39.0623 0x219c [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
08:34:39.0685 0x219c BrUsbSer - ok
08:34:39.0717 0x219c [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
08:34:39.0763 0x219c BTHMODEM - ok
08:34:39.0826 0x219c [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\windows\system32\bthserv.dll
08:34:39.0919 0x219c bthserv - ok
08:34:39.0951 0x219c [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
08:34:40.0029 0x219c cdfs - ok
08:34:40.0122 0x219c [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\windows\system32\drivers\cdrom.sys
08:34:40.0169 0x219c cdrom - ok
08:34:40.0263 0x219c [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\windows\System32\certprop.dll
08:34:40.0356 0x219c CertPropSvc - ok
08:34:40.0450 0x219c [ ADBDC69A0C25361870A1AC009D29F960, 3A4042DC5DB2A0A1AC4A94D6894E556F15E747AA11C25DEF1A8C2CDC5FF7A5EA ] cfWiMAXService C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
08:34:40.0481 0x219c cfWiMAXService - ok
08:34:40.0528 0x219c [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\windows\system32\DRIVERS\circlass.sys
08:34:40.0559 0x219c circlass - ok
08:34:40.0668 0x219c [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS C:\windows\system32\CLFS.sys
08:34:40.0715 0x219c CLFS - ok
08:34:40.0793 0x219c [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:34:40.0809 0x219c clr_optimization_v2.0.50727_32 - ok
08:34:40.0902 0x219c [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:34:40.0918 0x219c clr_optimization_v2.0.50727_64 - ok
08:34:41.0043 0x219c [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:34:41.0058 0x219c clr_optimization_v4.0.30319_32 - ok
08:34:41.0074 0x219c [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:34:41.0152 0x219c clr_optimization_v4.0.30319_64 - ok
08:34:41.0199 0x219c [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
08:34:41.0245 0x219c CmBatt - ok
08:34:41.0292 0x219c [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\windows\system32\drivers\cmdide.sys
08:34:41.0292 0x219c cmdide - ok
08:34:41.0386 0x219c [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG C:\windows\system32\Drivers\cng.sys
08:34:41.0433 0x219c CNG - ok
08:34:41.0464 0x219c [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
08:34:41.0479 0x219c Compbatt - ok
08:34:41.0542 0x219c [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
08:34:41.0589 0x219c CompositeBus - ok
08:34:41.0635 0x219c COMSysApp - ok
08:34:41.0682 0x219c [ CAB0EEAF5295FC96DDD3E19DCE27E131, 87BCAC18D920153322D325AA5B93BB0B447577D67261FDCC01C5B60643CEA792 ] ConfigFree Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
08:34:41.0698 0x219c ConfigFree Service - ok
08:34:41.0729 0x219c [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
08:34:41.0745 0x219c crcdisk - ok
08:34:41.0869 0x219c [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc C:\windows\system32\cryptsvc.dll
08:34:41.0947 0x219c CryptSvc - ok
08:34:42.0025 0x219c [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\windows\system32\drivers\csc.sys
08:34:42.0119 0x219c CSC - ok
08:34:42.0213 0x219c [ 04199CA5C4A6F6E935906A74EAFCA8E7, F02E807E04DA16117E9E4D183186DF9425E9E1AD7CBC34AEED63A38F7D1E75E6 ] CSCrySec C:\windows\system32\DRIVERS\CSCrySec.sys
08:34:42.0228 0x219c CSCrySec - ok
08:34:42.0337 0x219c [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\windows\System32\cscsvc.dll
08:34:42.0415 0x219c CscService - ok
08:34:42.0603 0x219c [ 0B7E221689F370C87F640C6D2EED7D3F, 2EBA565DAC2DC7182C43174BAAA373610C7083B57279CAD5EA5765E25EA27BCF ] CSObjectsSrv C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
08:34:42.0634 0x219c CSObjectsSrv - ok
08:34:42.0759 0x219c [ 7D7F90460F1309B5205BF8CDFAD63E42, 885B9EA530E7B6D51DC24A5009F37A2D4CCACAFCA0A7CB693F4320E110AFFA4F ] CSVirtualDiskDrv C:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys
08:34:42.0774 0x219c CSVirtualDiskDrv - ok
08:34:42.0852 0x219c [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\windows\system32\rpcss.dll
08:34:42.0961 0x219c DcomLaunch - ok
08:34:43.0008 0x219c [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\windows\System32\defragsvc.dll
08:34:43.0071 0x219c defragsvc - ok
08:34:43.0149 0x219c [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\windows\system32\Drivers\dfsc.sys
08:34:43.0227 0x219c DfsC - ok
08:34:43.0336 0x219c [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\windows\system32\dhcpcore.dll
08:34:43.0429 0x219c Dhcp - ok
08:34:43.0570 0x219c [ AA5319FA8602676B5D3A2B4A1355896D, 57532E16FF0DDE3D62B6B6DC35E2598DD453140E9277247965A1E835645E588A ] DiagTrack C:\windows\system32\diagtrack.dll
08:34:43.0710 0x219c DiagTrack - ok
08:34:43.0741 0x219c [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\windows\system32\drivers\discache.sys
08:34:43.0835 0x219c discache - ok
08:34:43.0882 0x219c [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\windows\system32\DRIVERS\disk.sys
08:34:43.0897 0x219c Disk - ok
08:34:43.0929 0x219c [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\windows\System32\dnsrslvr.dll
08:34:44.0007 0x219c Dnscache - ok
08:34:44.0069 0x219c [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\windows\System32\dot3svc.dll
08:34:44.0147 0x219c dot3svc - ok
08:34:44.0209 0x219c [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\windows\system32\dps.dll
08:34:44.0287 0x219c DPS - ok
08:34:44.0381 0x219c [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
08:34:44.0443 0x219c drmkaud - ok
08:34:44.0553 0x219c [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
08:34:44.0599 0x219c DXGKrnl - ok
08:34:44.0662 0x219c [ 477E33019A855D9B8E7B3263CB9A1AE5, F28840936D992C99238AFECBBF03B75047DEDF0EC682C1444036931E4036AFBB ] e1kexpress C:\windows\system32\DRIVERS\e1k62x64.sys
08:34:44.0693 0x219c e1kexpress - ok
08:34:44.0740 0x219c [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\windows\System32\eapsvc.dll
08:34:44.0818 0x219c EapHost - ok
08:34:44.0989 0x219c [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
08:34:45.0192 0x219c ebdrv - ok
08:34:45.0255 0x219c [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] EFS C:\windows\System32\lsass.exe
08:34:45.0333 0x219c EFS - ok
08:34:45.0395 0x219c [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\windows\ehome\ehRecvr.exe
08:34:45.0504 0x219c ehRecvr - ok
08:34:45.0535 0x219c [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\windows\ehome\ehsched.exe
08:34:45.0613 0x219c ehSched - ok
08:34:45.0691 0x219c [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
08:34:45.0738 0x219c elxstor - ok
08:34:45.0785 0x219c [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\windows\system32\drivers\errdev.sys
08:34:45.0832 0x219c ErrDev - ok
08:34:45.0910 0x219c [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\windows\system32\es.dll
08:34:45.0972 0x219c EventSystem - ok
08:34:45.0988 0x219c [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\windows\system32\drivers\exfat.sys
08:34:46.0050 0x219c exfat - ok
08:34:46.0081 0x219c [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\windows\system32\drivers\fastfat.sys
08:34:46.0206 0x219c fastfat - ok
08:34:46.0315 0x219c [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\windows\system32\fxssvc.exe
08:34:46.0440 0x219c Fax - ok
08:34:46.0456 0x219c [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\windows\system32\DRIVERS\fdc.sys
08:34:46.0518 0x219c fdc - ok
08:34:46.0565 0x219c [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\windows\system32\fdPHost.dll
08:34:46.0659 0x219c fdPHost - ok
08:34:46.0690 0x219c [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\windows\system32\fdrespub.dll
08:34:46.0752 0x219c FDResPub - ok
08:34:46.0799 0x219c [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\windows\system32\drivers\fileinfo.sys
08:34:46.0830 0x219c FileInfo - ok
08:34:46.0846 0x219c [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\windows\system32\drivers\filetrace.sys
08:34:46.0893 0x219c Filetrace - ok
08:34:46.0908 0x219c [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
08:34:46.0955 0x219c flpydisk - ok
08:34:47.0033 0x219c [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
08:34:47.0064 0x219c FltMgr - ok
08:34:47.0173 0x219c [ E612E86FA15EA1EF9A52433A2743C447, 8A66164541D2EE2334B6DE3995C31138EA85E3A06BC7FD901E60D345E4E1E8A8 ] FontCache C:\windows\system32\FntCache.dll
08:34:47.0283 0x219c FontCache - ok
08:34:47.0361 0x219c [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:34:47.0376 0x219c FontCache3.0.0.0 - ok
08:34:47.0407 0x219c [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\windows\system32\drivers\FsDepends.sys
08:34:47.0423 0x219c FsDepends - ok
08:34:47.0501 0x219c [ B3EB502D2C3F47C47415F85387DFAEF1, 5240D4281BB9FBFBFEB98522D12F0C006BE063C084C2E6E23DACB6606CDC25AE ] fssfltr C:\windows\system32\DRIVERS\fssfltr.sys
08:34:47.0532 0x219c fssfltr - ok
08:34:47.0719 0x219c [ B6AB40819ECEC4BA07266EC0EBBC85A7, 71D385043720B622305FD64BD1187C6FFD7191C30794F95629CF6BFDC0A25BA2 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
08:34:47.0782 0x219c fsssvc - ok
08:34:47.0907 0x219c [ DDEE99DC54EFA20BD5A442CD733C4462, 941D6C5D91F6419198F1A53BF7D33AA2D9118CEAC028B6ED8E5308751810B9B5 ] FsUsbExDisk C:\windows\SysWOW64\FsUsbExDisk.SYS
08:34:47.0953 0x219c FsUsbExDisk - detected UnsignedFile.Multi.Generic ( 1 )
08:34:50.0418 0x219c Detect skipped due to KSN trusted
08:34:50.0418 0x219c FsUsbExDisk - ok
08:34:50.0496 0x219c [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
08:34:50.0512 0x219c Fs_Rec - ok
08:34:50.0559 0x219c [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
08:34:50.0574 0x219c fvevol - ok
08:34:50.0621 0x219c [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
08:34:50.0621 0x219c gagp30kx - ok
08:34:50.0715 0x219c [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\windows\System32\gpsvc.dll
08:34:50.0793 0x219c gpsvc - ok
08:34:50.0949 0x219c [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:34:50.0964 0x219c gupdate - ok
08:34:50.0995 0x219c [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:34:51.0011 0x219c gupdatem - ok
08:34:51.0042 0x219c [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
08:34:51.0120 0x219c hcw85cir - ok
08:34:51.0245 0x219c [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
08:34:51.0339 0x219c HdAudAddService - ok
08:34:51.0385 0x219c [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
08:34:51.0432 0x219c HDAudBus - ok
08:34:51.0479 0x219c [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64 C:\windows\system32\DRIVERS\HECIx64.sys
08:34:51.0495 0x219c HECIx64 - ok
08:34:51.0526 0x219c [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
08:34:51.0573 0x219c HidBatt - ok
08:34:51.0604 0x219c [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
08:34:51.0682 0x219c HidBth - ok
08:34:51.0713 0x219c [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\windows\system32\DRIVERS\hidir.sys
08:34:51.0775 0x219c HidIr - ok
08:34:51.0822 0x219c [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\windows\system32\hidserv.dll
08:34:51.0916 0x219c hidserv - ok
08:34:51.0947 0x219c [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
08:34:52.0009 0x219c HidUsb - ok
08:34:52.0087 0x219c [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\windows\system32\kmsvc.dll
08:34:52.0181 0x219c hkmsvc - ok
08:34:52.0259 0x219c [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\windows\system32\ListSvc.dll
08:34:52.0337 0x219c HomeGroupListener - ok
08:34:52.0399 0x219c [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\windows\system32\provsvc.dll
08:34:52.0462 0x219c HomeGroupProvider - ok
08:34:52.0540 0x219c [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
08:34:52.0571 0x219c HpSAMD - ok
08:34:52.0680 0x219c [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP C:\windows\system32\drivers\HTTP.sys
08:34:52.0774 0x219c HTTP - ok
08:34:52.0836 0x219c [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
08:34:52.0867 0x219c hwpolicy - ok
08:34:52.0914 0x219c [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\windows\system32\drivers\i8042prt.sys
08:34:52.0945 0x219c i8042prt - ok
08:34:52.0992 0x219c [ 631FA8935163B01FC0C02966CB3ADB92, F6BDA41EB4AB0A7215A4ABC88461AF174E1439AC37D7663D43D43ABB68F70E2F ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
08:34:53.0023 0x219c iaStor - ok
08:34:53.0101 0x219c [ 7493EA4DE41348F7D3EDBF9DB298F56A, D40BE4E8D90B5F6EF0B16F3B9E9F63273FE558492A560CB291C7DE2864794CCB ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
08:34:53.0117 0x219c IAStorDataMgrSvc - ok
08:34:53.0211 0x219c [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
08:34:53.0257 0x219c iaStorV - ok
08:34:53.0351 0x219c [ 7A95A3AD931B97FEC5067E40636CE37F, CFE275D54C267DE3827B27DC292BD8D0429E2E3DC0BE5F1C23B86F26F47D123E ] ICQ Service C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
08:34:53.0382 0x219c ICQ Service - ok
08:34:53.0491 0x219c [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:34:53.0554 0x219c idsvc - ok
08:34:53.0569 0x219c IEEtwCollectorService - ok
08:34:54.0053 0x219c [ 1BE8D9CA4F2363B8E8015621878E0043, 695B5F88A6F6943156D033DAA86188F50308AD71FCF26CF0AEDF7E23F774FB56 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
08:34:54.0521 0x219c igfx - ok
08:34:54.0568 0x219c [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
08:34:54.0583 0x219c iirsp - ok
08:34:54.0677 0x219c [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\windows\System32\ikeext.dll
08:34:54.0739 0x219c IKEEXT - ok
08:34:54.0817 0x219c [ 36FDF367A1DABFF903E2214023D71368, 60468692C1D048428AF25ED87DE23DAE756C7BA2B6CF6AF5EFD2E53C80F5FC68 ] Impcd C:\windows\system32\DRIVERS\Impcd.sys
08:34:54.0911 0x219c Impcd - ok
08:34:55.0036 0x219c [ AAB8CD9CF65DAADFDFCECE067650AF13, E702C84DDF69AEAAED59470FE36AE13040F494F725110820DD2F23741B5627A8 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
08:34:55.0098 0x219c IntcAzAudAddService - ok
08:34:55.0145 0x219c [ 408B401CD7CDB075C7470B0FF7BA8D0B, A3BC4ED47094D6A78732012D9020E0C31583E6132E3C0FD1FD64C80AFCC4738F ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
08:34:55.0223 0x219c IntcDAud - ok
08:34:55.0270 0x219c [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\windows\system32\drivers\intelide.sys
08:34:55.0285 0x219c intelide - ok
08:34:55.0332 0x219c [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
08:34:55.0379 0x219c intelppm - ok
08:34:55.0441 0x219c [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\windows\system32\ipbusenum.dll
08:34:55.0535 0x219c IPBusEnum - ok
08:34:55.0613 0x219c [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
08:34:55.0707 0x219c IpFilterDriver - ok
08:34:55.0800 0x219c [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\windows\System32\iphlpsvc.dll
08:34:55.0909 0x219c iphlpsvc - ok
08:34:55.0972 0x219c [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
08:34:56.0019 0x219c IPMIDRV - ok
08:34:56.0050 0x219c [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\windows\system32\drivers\ipnat.sys
08:34:56.0112 0x219c IPNAT - ok
08:34:56.0159 0x219c [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\windows\system32\drivers\irenum.sys
08:34:56.0299 0x219c IRENUM - ok
08:34:56.0362 0x219c [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\windows\system32\drivers\isapnp.sys
08:34:56.0377 0x219c isapnp - ok
08:34:56.0440 0x219c [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
08:34:56.0455 0x219c iScsiPrt - ok
08:34:56.0487 0x219c [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
08:34:56.0502 0x219c kbdclass - ok
08:34:56.0565 0x219c [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
08:34:56.0643 0x219c kbdhid - ok
08:34:56.0689 0x219c [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] KeyIso C:\windows\system32\lsass.exe
08:34:56.0705 0x219c KeyIso - ok
08:34:56.0814 0x219c [ 795EC29BA21F1D948FD6FD740C00B599, 780900717A812C5DB78C67057010BD62DF2C756C087599A6F8C67CB4EFA7518C ] kl1 C:\windows\system32\DRIVERS\kl1.sys
08:34:56.0845 0x219c kl1 - ok
08:34:56.0892 0x219c [ 70D959CB6DC1F2AC6AFF3AC20891939D, 22EECAD6C8DD9C2691D707950FFCD5DBA929942450B7E2E69F5DDE9DD4E7DBFE ] KLIF C:\windows\system32\DRIVERS\klif.sys
08:34:56.0923 0x219c KLIF - ok
08:34:57.0001 0x219c [ 31B69BFF28348503E4BD10C2A4F66D05, 891318C2DDF85E43DFCEE73717AEFCE79BC3DCD83FCD58E6F794AB6BF1739688 ] KLIM6 C:\windows\system32\DRIVERS\klim6.sys
08:34:57.0017 0x219c KLIM6 - ok
08:34:57.0111 0x219c [ AEB50941C6D67128B14F88DB9917C4E0, 2ACE46665DE298CC197660A442A3172B1FB460A40BD18AECEA786ACB011FDA43 ] klkbdflt C:\windows\system32\DRIVERS\klkbdflt.sys
08:34:57.0126 0x219c klkbdflt - ok
08:34:57.0189 0x219c [ 72CF64FBF38CD681FA7F37176047E967, BE5683C119DCEF7E678EE477D6CADF873E32D42372A253B7E86B8C335DF28E1C ] klmouflt C:\windows\system32\DRIVERS\klmouflt.sys
08:34:57.0204 0x219c klmouflt - ok
08:34:57.0313 0x219c [ 45ECF097BC6330C2054D7D43B7AD822B, 41684ED54E75FE6BEEA322E7CE888DFDD53EE1F45016E01CE10B84ABB02CBDA8 ] kltdi C:\windows\system32\DRIVERS\kltdi.sys
08:34:57.0329 0x219c kltdi - ok
08:34:57.0376 0x219c [ 0E71FAED99892750DFE1C5237A6F8FE6, 786FEEEF637BC89FDED3DDEA2563144C7128E7C9582261B23F16B98D69149088 ] kneps C:\windows\system32\DRIVERS\kneps.sys
08:34:57.0407 0x219c kneps - ok
08:34:57.0579 0x219c [ 775C6D5D60146D7DB08A01CB596D7EC6, 66D87041DD8E0CF8AFBC155AC709E9A647B765BBA56CDE07EA01468BDAD7C239 ] Kodak AiO Network Discovery Service C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
08:34:57.0641 0x219c Kodak AiO Network Discovery Service - ok
08:34:57.0797 0x219c [ 17AFF68AB32F8671BC46612D35351099, C782460B99EAAE84DDBEF5AEB628984984B4108A482F023CE62CE1D33A367FEB ] Kodak AiO Status Monitor Service C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
08:34:57.0859 0x219c Kodak AiO Status Monitor Service - ok
08:34:57.0906 0x219c [ BF69D973523D539A35807946C6DA7E16, 38F2C59B0857131961DBEA48C4A5DFA9BE7B564941935086B8DC8DBEF896F3EC ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
08:34:57.0922 0x219c KSecDD - ok
08:34:57.0984 0x219c [ 272C27711C8AA6E7815EE33F8ACA9C66, 0A5A10A7A3E87DB92E06395A6676B94FE8B7AD6704864075D443CDC9BABDB4DF ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
08:34:58.0015 0x219c KSecPkg - ok
08:34:58.0047 0x219c [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\windows\system32\drivers\ksthunk.sys
08:34:58.0125 0x219c ksthunk - ok
08:34:58.0171 0x219c [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\windows\system32\msdtckrm.dll
08:34:58.0265 0x219c KtmRm - ok
08:34:58.0327 0x219c [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\windows\system32\srvsvc.dll
08:34:58.0452 0x219c LanmanServer - ok
08:34:58.0483 0x219c [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
08:34:58.0546 0x219c LanmanWorkstation - ok
08:34:58.0593 0x219c [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
08:34:58.0686 0x219c lltdio - ok
08:34:58.0733 0x219c [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\windows\System32\lltdsvc.dll
08:34:58.0811 0x219c lltdsvc - ok
08:34:58.0842 0x219c [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\windows\System32\lmhsvc.dll
08:34:58.0920 0x219c lmhosts - ok
08:34:59.0014 0x219c [ A1C148801B4AF64847AEB9F3AD9594EF, FF6ED89EA47DF74C33CD8BFAC48FAED1B979348ABA6B6D94EE07CBD21810F37B ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
08:34:59.0061 0x219c LMS - detected UnsignedFile.Multi.Generic ( 1 )
08:35:03.0273 0x219c Detect skipped due to KSN trusted
08:35:03.0273 0x219c LMS - ok
08:35:03.0319 0x219c [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
08:35:03.0335 0x219c LSI_FC - ok
08:35:03.0382 0x219c [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
08:35:03.0382 0x219c LSI_SAS - ok
08:35:03.0413 0x219c [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
08:35:03.0429 0x219c LSI_SAS2 - ok
08:35:03.0429 0x219c [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
08:35:03.0444 0x219c LSI_SCSI - ok
08:35:03.0460 0x219c [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\windows\system32\drivers\luafv.sys
08:35:03.0522 0x219c luafv - ok
08:35:03.0616 0x219c [ 024DA28053D57E9E32BEE52600576BBB, 8EC636DAB90A835DEBA2EC6176F4547EEF557415FF77C6378EF423569702731E ] MarvinBus C:\windows\system32\DRIVERS\MarvinBus64.sys
08:35:03.0663 0x219c MarvinBus - detected UnsignedFile.Multi.Generic ( 1 )
08:35:06.0205 0x219c Detect skipped due to KSN trusted
08:35:06.0205 0x219c MarvinBus - ok
08:35:06.0268 0x219c [ 0307CF4184F4F22DB75F36ACCCEF7ED1, 32EAC5DADDD70175EA7AD4FC0A8624BECB138B9ED9E66AF74AC4A06EEB3EB4B7 ] mbamchameleon C:\windows\system32\drivers\mbamchameleon.sys
08:35:06.0299 0x219c mbamchameleon - ok
08:35:06.0299 0x219c mcmscsvc - ok
08:35:06.0330 0x219c McNASvc - ok
08:35:06.0330 0x219c McProxy - ok
08:35:06.0393 0x219c [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
08:35:06.0439 0x219c Mcx2Svc - ok
08:35:06.0486 0x219c [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\windows\system32\DRIVERS\megasas.sys
08:35:06.0517 0x219c megasas - ok
08:35:06.0533 0x219c [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
08:35:06.0564 0x219c MegaSR - ok
08:35:06.0627 0x219c Microsoft SharePoint Workspace Audit Service - ok
08:35:06.0689 0x219c [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\windows\system32\mmcss.dll
08:35:06.0783 0x219c MMCSS - ok
08:35:06.0814 0x219c [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\windows\system32\drivers\modem.sys
08:35:06.0861 0x219c Modem - ok
08:35:06.0861 0x219c [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\windows\system32\DRIVERS\monitor.sys
08:35:06.0907 0x219c monitor - ok
08:35:06.0985 0x219c [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
08:35:07.0017 0x219c mouclass - ok
08:35:07.0032 0x219c [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
08:35:07.0079 0x219c mouhid - ok
08:35:07.0141 0x219c [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr C:\windows\system32\drivers\mountmgr.sys
08:35:07.0173 0x219c mountmgr - ok
08:35:07.0188 0x219c [ AE2E68527013EB4F761ECCC630F7F1A3, 1BD4453FB2310306E296EB56AA31262260426EB7CB3F0793038B07DF175741AF ] MPFP C:\windows\system32\Drivers\Mpfp.sys
08:35:07.0204 0x219c MPFP - ok
08:35:07.0219 0x219c MpfService - ok
08:35:07.0282 0x219c [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\windows\system32\drivers\mpio.sys
08:35:07.0297 0x219c mpio - ok
08:35:07.0344 0x219c [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
08:35:07.0375 0x219c mpsdrv - ok
08:35:07.0469 0x219c [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\windows\system32\mpssvc.dll
08:35:07.0563 0x219c MpsSvc - ok
08:35:07.0609 0x219c [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
08:35:07.0625 0x219c MRxDAV - ok
08:35:07.0687 0x219c [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
08:35:07.0828 0x219c mrxsmb - ok
08:35:07.0890 0x219c [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
08:35:07.0953 0x219c mrxsmb10 - ok
08:35:07.0984 0x219c [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
08:35:08.0046 0x219c mrxsmb20 - ok
08:35:08.0077 0x219c [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\windows\system32\drivers\msahci.sys
08:35:08.0093 0x219c msahci - ok
08:35:08.0140 0x219c [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\windows\system32\drivers\msdsm.sys
08:35:08.0171 0x219c msdsm - ok
08:35:08.0202 0x219c [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\windows\System32\msdtc.exe
08:35:08.0218 0x219c MSDTC - ok
08:35:08.0249 0x219c [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\windows\system32\drivers\Msfs.sys
08:35:08.0311 0x219c Msfs - ok
08:35:08.0343 0x219c [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
08:35:08.0421 0x219c mshidkmdf - ok
08:35:08.0467 0x219c [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\windows\system32\drivers\msisadrv.sys
08:35:08.0483 0x219c msisadrv - ok
08:35:08.0530 0x219c [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\windows\system32\iscsiexe.dll
08:35:08.0608 0x219c MSiSCSI - ok
08:35:08.0608 0x219c msiserver - ok
08:35:08.0639 0x219c MSK80Service - ok
08:35:08.0655 0x219c [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
08:35:08.0717 0x219c MSKSSRV - ok
08:35:08.0748 0x219c [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
08:35:08.0779 0x219c MSPCLOCK - ok
08:35:08.0795 0x219c [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\windows\system32\drivers\MSPQM.sys
08:35:08.0857 0x219c MSPQM - ok
08:35:08.0920 0x219c [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
08:35:08.0967 0x219c MsRPC - ok
08:35:09.0013 0x219c [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
08:35:09.0029 0x219c mssmbios - ok
08:35:09.0045 0x219c [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\windows\system32\drivers\MSTEE.sys
08:35:09.0091 0x219c MSTEE - ok
08:35:09.0138 0x219c [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
08:35:09.0185 0x219c MTConfig - ok
08:35:09.0216 0x219c [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\windows\system32\Drivers\mup.sys
08:35:09.0232 0x219c Mup - ok
08:35:09.0310 0x219c [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\windows\system32\qagentRT.dll
08:35:09.0435 0x219c napagent - ok
08:35:09.0481 0x219c [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
08:35:09.0513 0x219c NativeWifiP - ok
08:35:09.0622 0x219c [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\windows\system32\drivers\ndis.sys
08:35:09.0669 0x219c NDIS - ok
08:35:09.0684 0x219c [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
08:35:09.0715 0x219c NdisCap - ok
08:35:09.0731 0x219c [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
08:35:09.0809 0x219c NdisTapi - ok
08:35:09.0856 0x219c [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
08:35:09.0887 0x219c Ndisuio - ok
08:35:09.0934 0x219c [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
08:35:10.0027 0x219c NdisWan - ok
08:35:10.0105 0x219c [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
08:35:10.0183 0x219c NDProxy - ok
08:35:10.0215 0x219c [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
08:35:10.0293 0x219c NetBIOS - ok
08:35:10.0355 0x219c [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
08:35:10.0433 0x219c NetBT - ok
08:35:10.0464 0x219c [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] Netlogon C:\windows\system32\lsass.exe
08:35:10.0480 0x219c Netlogon - ok
08:35:10.0527 0x219c [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\windows\System32\netman.dll
08:35:10.0605 0x219c Netman - ok
08:35:10.0714 0x219c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:35:10.0776 0x219c NetMsmqActivator - ok
08:35:10.0792 0x219c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:35:10.0807 0x219c NetPipeActivator - ok
08:35:10.0854 0x219c [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\windows\System32\netprofm.dll
08:35:10.0932 0x219c netprofm - ok
08:35:10.0979 0x219c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:35:11.0010 0x219c NetTcpActivator - ok
08:35:11.0010 0x219c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:35:11.0026 0x219c NetTcpPortSharing - ok
08:35:11.0073 0x219c [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
08:35:11.0088 0x219c nfrd960 - ok
08:35:11.0119 0x219c [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\windows\System32\nlasvc.dll
08:35:11.0197 0x219c NlaSvc - ok
08:35:11.0213 0x219c [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\windows\system32\drivers\Npfs.sys
08:35:11.0244 0x219c Npfs - ok
08:35:11.0275 0x219c [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\windows\system32\nsisvc.dll
08:35:11.0338 0x219c nsi - ok
08:35:11.0369 0x219c [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
08:35:11.0416 0x219c nsiproxy - ok
08:35:11.0509 0x219c [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
08:35:11.0572 0x219c Ntfs - ok
08:35:11.0587 0x219c [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\windows\system32\drivers\Null.sys
08:35:11.0665 0x219c Null - ok
08:35:11.0759 0x219c [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\windows\system32\drivers\nvraid.sys
08:35:11.0790 0x219c nvraid - ok
08:35:11.0806 0x219c [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\windows\system32\drivers\nvstor.sys
08:35:11.0821 0x219c nvstor - ok
08:35:11.0884 0x219c [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\windows\system32\drivers\nv_agp.sys
08:35:11.0915 0x219c nv_agp - ok
08:35:11.0962 0x219c [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
08:35:12.0024 0x219c ohci1394 - ok
08:35:12.0102 0x219c [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:35:12.0118 0x219c ose - ok
08:35:12.0305 0x219c [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
08:35:12.0523 0x219c osppsvc - ok
08:35:12.0586 0x219c [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\windows\system32\pnrpsvc.dll
08:35:12.0664 0x219c p2pimsvc - ok
08:35:12.0711 0x219c [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\windows\system32\p2psvc.dll
08:35:12.0757 0x219c p2psvc - ok
08:35:12.0820 0x219c [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\windows\system32\DRIVERS\parport.sys
08:35:12.0882 0x219c Parport - ok
08:35:12.0945 0x219c [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\windows\system32\drivers\partmgr.sys
08:35:12.0976 0x219c partmgr - ok
08:35:13.0038 0x219c [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc C:\windows\System32\pcasvc.dll
08:35:13.0116 0x219c PcaSvc - ok
08:35:13.0179 0x219c [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\windows\system32\drivers\pci.sys
08:35:13.0194 0x219c pci - ok
08:35:13.0257 0x219c [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\windows\system32\drivers\pciide.sys
08:35:13.0272 0x219c pciide - ok
08:35:13.0319 0x219c [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
08:35:13.0335 0x219c pcmcia - ok
08:35:13.0350 0x219c [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\windows\system32\drivers\pcw.sys
08:35:13.0366 0x219c pcw - ok
08:35:13.0444 0x219c [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH C:\windows\system32\drivers\peauth.sys
08:35:13.0475 0x219c PEAUTH - ok
08:35:13.0553 0x219c [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\windows\system32\peerdistsvc.dll
08:35:13.0662 0x219c PeerDistSvc - ok
08:35:13.0740 0x219c [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\windows\SysWow64\perfhost.exe
08:35:13.0771 0x219c PerfHost - ok
08:35:13.0818 0x219c [ 663962900E7FEA522126BA287715BB4A, 95CE12CA11E705C293BE4E18845581037D819A7EC812349BCAF4EABC8E7087B1 ] PGEffect C:\windows\system32\DRIVERS\pgeffect.sys
08:35:13.0818 0x219c PGEffect - ok
08:35:13.0959 0x219c [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\windows\system32\pla.dll
08:35:14.0021 0x219c pla - ok
08:35:14.0083 0x219c [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\windows\system32\umpnpmgr.dll
08:35:14.0177 0x219c PlugPlay - ok
08:35:14.0193 0x219c [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
08:35:14.0239 0x219c PNRPAutoReg - ok
08:35:14.0271 0x219c [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\windows\system32\pnrpsvc.dll
08:35:14.0302 0x219c PNRPsvc - ok
08:35:14.0380 0x219c [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
08:35:14.0458 0x219c PolicyAgent - ok
08:35:14.0505 0x219c [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\windows\system32\umpo.dll
08:35:14.0567 0x219c Power - ok
08:35:14.0661 0x219c [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
08:35:14.0739 0x219c PptpMiniport - ok
08:35:14.0785 0x219c [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\windows\system32\DRIVERS\processr.sys
08:35:14.0832 0x219c Processor - ok
08:35:14.0910 0x219c [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\windows\system32\profsvc.dll
08:35:14.0988 0x219c ProfSvc - ok
08:35:15.0004 0x219c [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] ProtectedStorage C:\windows\system32\lsass.exe
08:35:15.0019 0x219c ProtectedStorage - ok
08:35:15.0082 0x219c [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\windows\system32\DRIVERS\pacer.sys
08:35:15.0160 0x219c Psched - ok
08:35:15.0253 0x219c [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
08:35:15.0300 0x219c ql2300 - ok
08:35:15.0331 0x219c [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
08:35:15.0347 0x219c ql40xx - ok
08:35:15.0378 0x219c [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\windows\system32\qwave.dll
08:35:15.0394 0x219c QWAVE - ok
08:35:15.0409 0x219c [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
08:35:15.0456 0x219c QWAVEdrv - ok
08:35:15.0487 0x219c [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
08:35:15.0550 0x219c RasAcd - ok
08:35:15.0612 0x219c [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
08:35:15.0675 0x219c RasAgileVpn - ok
08:35:15.0706 0x219c [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\windows\System32\rasauto.dll
08:35:15.0737 0x219c RasAuto - ok
08:35:15.0815 0x219c [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
08:35:15.0909 0x219c Rasl2tp - ok
08:35:16.0002 0x219c [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\windows\System32\rasmans.dll
08:35:16.0111 0x219c RasMan - ok
08:35:16.0158 0x219c [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
08:35:16.0221 0x219c RasPppoe - ok
08:35:16.0252 0x219c [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
08:35:16.0314 0x219c RasSstp - ok
08:35:16.0361 0x219c [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
08:35:16.0423 0x219c rdbss - ok
08:35:16.0439 0x219c [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
08:35:16.0470 0x219c rdpbus - ok
08:35:16.0517 0x219c [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
08:35:16.0579 0x219c RDPCDD - ok
08:35:16.0626 0x219c [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\windows\system32\drivers\rdpdr.sys
08:35:16.0704 0x219c RDPDR - ok
08:35:16.0720 0x219c [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
08:35:16.0829 0x219c RDPENCDD - ok
08:35:16.0891 0x219c [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
08:35:16.0969 0x219c RDPREFMP - ok
08:35:17.0110 0x219c [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
08:35:17.0172 0x219c RdpVideoMiniport - ok
08:35:17.0235 0x219c [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\windows\system32\drivers\RDPWD.sys
08:35:17.0266 0x219c RDPWD - ok
08:35:17.0344 0x219c [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\windows\system32\drivers\rdyboost.sys
08:35:17.0359 0x219c rdyboost - ok
08:35:17.0406 0x219c [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\windows\System32\mprdim.dll
08:35:17.0469 0x219c RemoteAccess - ok
08:35:17.0500 0x219c [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\windows\system32\regsvc.dll
08:35:17.0547 0x219c RemoteRegistry - ok
08:35:17.0578 0x219c [ E20B1907FC72A3664ECE21E3C20FC63D, 7BB9CD6A90BDBF8AD3B22CBB1E29A240C9302EDEE104283DA2D153E9539104E5 ] rimspci C:\windows\system32\DRIVERS\rimspe64.sys
08:35:17.0593 0x219c rimspci - ok
08:35:17.0609 0x219c [ 7DDA2E5CF452DAD24B1BE704225C18EE, 90B18DC32A0687BFF0F615CA75EDCBAA036ABC1043494EBA30802998D156D765 ] risdpcie C:\windows\system32\DRIVERS\risdpe64.sys
08:35:17.0687 0x219c risdpcie - ok
08:35:17.0703 0x219c [ 6A1CD4674505E6791390A1AB71DA1FBE, EC095BFBAA44258975E1538767BB6BFFAA85C63C7F63CB314501F113C8D16208 ] rixdpcie C:\windows\system32\DRIVERS\rixdpe64.sys
08:35:17.0765 0x219c rixdpcie - ok
08:35:17.0796 0x219c [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
08:35:17.0843 0x219c RpcEptMapper - ok
08:35:17.0859 0x219c [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\windows\system32\locator.exe
08:35:17.0874 0x219c RpcLocator - ok
08:35:17.0952 0x219c [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\windows\system32\rpcss.dll
08:35:18.0015 0x219c RpcSs - ok
08:35:18.0046 0x219c [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
08:35:18.0093 0x219c rspndr - ok
08:35:18.0139 0x219c [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\windows\system32\drivers\vms3cap.sys
08:35:18.0171 0x219c s3cap - ok
08:35:18.0202 0x219c [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] SamSs C:\windows\system32\lsass.exe
08:35:18.0202 0x219c SamSs - ok
08:35:18.0233 0x219c [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\windows\system32\drivers\sbp2port.sys
08:35:18.0249 0x219c sbp2port - ok
08:35:18.0280 0x219c [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\windows\System32\SCardSvr.dll
08:35:18.0342 0x219c SCardSvr - ok
08:35:18.0389 0x219c [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
08:35:18.0467 0x219c scfilter - ok
08:35:18.0576 0x219c [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\windows\system32\schedsvc.dll
08:35:18.0685 0x219c Schedule - ok
08:35:18.0732 0x219c [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\windows\System32\certprop.dll
08:35:18.0795 0x219c SCPolicySvc - ok
08:35:18.0857 0x219c [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus C:\windows\system32\drivers\sdbus.sys
08:35:18.0919 0x219c sdbus - ok
08:35:18.0966 0x219c [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\windows\System32\SDRSVC.dll
08:35:19.0044 0x219c SDRSVC - ok
08:35:19.0200 0x219c [ D777F1417D9BB9F66CD9D9C3B61F730F, 0CBD830EB9D2B0F1946131F20907793B2D68A3BCEEC3EA5416972149F73DC815 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
08:35:19.0263 0x219c SDScannerService - ok
08:35:19.0403 0x219c [ 68D6C7F99BC73B88954D844FCCBEB2A0, F746861B103C8BE8EA234B9FCFBBDD2412C79FB65F2F1E0F5E6EBC0B34905FF1 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
08:35:19.0465 0x219c SDUpdateService - ok
08:35:19.0543 0x219c [ 9B9B368A8FF5CAF91D7A333CF62CD2CC, A4AE7FFBBAF983BFDE15B521ED162CBC4E6FC85BCDB200C75D45878B3FFDFA68 ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
08:35:19.0575 0x219c SDWSCService - ok
08:35:19.0606 0x219c [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\windows\system32\drivers\secdrv.sys
08:35:19.0668 0x219c secdrv - ok
08:35:19.0699 0x219c [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\windows\system32\seclogon.dll
08:35:19.0762 0x219c seclogon - ok
08:35:19.0809 0x219c [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\windows\System32\sens.dll
08:35:19.0840 0x219c SENS - ok
08:35:19.0855 0x219c [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\windows\system32\sensrsvc.dll
08:35:19.0887 0x219c SensrSvc - ok
08:35:19.0918 0x219c [ D666EBEC6374B2018CF61EE204C3CF50, 4BA0C0370F0C13AADBAE9724660F13210554B0B84C405494521502C2F6DEF27E ] Ser2pl C:\windows\system32\DRIVERS\ser2pl64.sys
08:35:19.0949 0x219c Ser2pl - ok
08:35:19.0965 0x219c [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\windows\system32\DRIVERS\serenum.sys
08:35:19.0996 0x219c Serenum - ok
08:35:20.0027 0x219c [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\windows\system32\DRIVERS\serial.sys
08:35:20.0058 0x219c Serial - ok
08:35:20.0136 0x219c [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
08:35:20.0199 0x219c sermouse - ok
08:35:20.0261 0x219c [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\windows\system32\sessenv.dll
08:35:20.0308 0x219c SessionEnv - ok
08:35:20.0370 0x219c [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\windows\system32\drivers\sffdisk.sys
08:35:20.0401 0x219c sffdisk - ok
08:35:20.0433 0x219c [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
08:35:20.0448 0x219c sffp_mmc - ok
08:35:20.0464 0x219c [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
08:35:20.0479 0x219c sffp_sd - ok
08:35:20.0495 0x219c [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
08:35:20.0542 0x219c sfloppy - ok
08:35:20.0620 0x219c [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\windows\System32\ipnathlp.dll
08:35:20.0667 0x219c SharedAccess - ok
08:35:20.0745 0x219c [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\windows\System32\shsvcs.dll
08:35:20.0807 0x219c ShellHWDetection - ok
08:35:20.0838 0x219c [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
08:35:20.0838 0x219c SiSRaid2 - ok
08:35:20.0854 0x219c [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
08:35:20.0869 0x219c SiSRaid4 - ok
08:35:20.0901 0x219c [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\windows\system32\DRIVERS\smb.sys
08:35:20.0932 0x219c Smb - ok
08:35:20.0979 0x219c [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\windows\System32\snmptrap.exe
08:35:21.0010 0x219c SNMPTRAP - ok
08:35:21.0041 0x219c [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\windows\system32\drivers\spldr.sys
08:35:21.0057 0x219c spldr - ok
08:35:21.0135 0x219c [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\windows\System32\spoolsv.exe
08:35:21.0228 0x219c Spooler - ok
08:35:21.0400 0x219c [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\windows\system32\sppsvc.exe
08:35:21.0618 0x219c sppsvc - ok
08:35:21.0665 0x219c [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\windows\system32\sppuinotify.dll
08:35:21.0727 0x219c sppuinotify - ok
08:35:21.0790 0x219c [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\windows\system32\DRIVERS\srv.sys
08:35:21.0837 0x219c srv - ok
08:35:21.0883 0x219c [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
08:35:21.0899 0x219c srv2 - ok
08:35:21.0930 0x219c [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
08:35:21.0977 0x219c srvnet - ok
08:35:22.0039 0x219c [ 52D6F40B50ECFC051979FEC68E74F0F8, 9C8C65AC69BA5C9885CF2A4BD72B869754948377AA3FED2680E7BF8C5639F2A2 ] ssadbus C:\windows\system32\DRIVERS\ssadbus.sys
08:35:22.0055 0x219c ssadbus - ok
08:35:22.0133 0x219c [ D6CFD3B2EABCF9327DE39C62BABFA1E3, C748AF55B07FCB9C5A3E3E0CB783CE6387A2C5D646BCA6B5F5FFF37ACCE82AD3 ] ssadmdfl C:\windows\system32\DRIVERS\ssadmdfl.sys
08:35:22.0149 0x219c ssadmdfl - ok
08:35:22.0164 0x219c [ 5EB01E6148742C3EC2185AC92F6D16FD, 5BD22C745D9BD47C60929F9C556E4B262F9415866EFE9F9263EAD916D74ECAE0 ] ssadmdm C:\windows\system32\DRIVERS\ssadmdm.sys
08:35:22.0195 0x219c ssadmdm - ok
08:35:22.0273 0x219c [ DF11D259C10C9D0DFCCBA1093C5DB1BD, A9AEF5D88DDDCE27A4640FE82CED92A4957C42F8E9EEDFC52DC128A66E0B43ED ] sscdbus C:\windows\system32\DRIVERS\sscdbus.sys
08:35:22.0289 0x219c sscdbus - ok
08:35:22.0351 0x219c [ 3EF9386DC95BF2AE60D08367E5E4E785, BC75B656EC8D9497F2A10A5A7B226CB06F1664C044BAF2C10AB0AD884A0E364A ] sscdmdfl C:\windows\system32\DRIVERS\sscdmdfl.sys
08:35:22.0367 0x219c sscdmdfl - ok
08:35:22.0414 0x219c [ 00D2AA893C662A9EB9B779F6CA2B0DFB, D9DF6D5C7006A417F629C89FB94F735F807FB781242B5C7B1D82D08828FA2BA9 ] sscdmdm C:\windows\system32\DRIVERS\sscdmdm.sys
08:35:22.0429 0x219c sscdmdm - ok
08:35:22.0476 0x219c [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
08:35:22.0554 0x219c SSDPSRV - ok
08:35:22.0585 0x219c [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\windows\system32\sstpsvc.dll
08:35:22.0648 0x219c SstpSvc - ok
08:35:22.0695 0x219c [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
08:35:22.0710 0x219c stexstor - ok
08:35:22.0804 0x219c [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\windows\System32\wiaservc.dll
08:35:22.0866 0x219c stisvc - ok
08:35:22.0897 0x219c [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\windows\system32\drivers\vmstorfl.sys
08:35:22.0913 0x219c storflt - ok
08:35:22.0944 0x219c [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc C:\windows\system32\storsvc.dll
08:35:22.0975 0x219c StorSvc - ok
08:35:23.0038 0x219c [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\windows\system32\drivers\storvsc.sys
08:35:23.0053 0x219c storvsc - ok
08:35:23.0116 0x219c [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\windows\system32\drivers\swenum.sys
08:35:23.0131 0x219c swenum - ok
08:35:23.0163 0x219c [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\windows\System32\swprv.dll
08:35:23.0209 0x219c swprv - ok
08:35:23.0334 0x219c [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\windows\system32\sysmain.dll
08:35:23.0428 0x219c SysMain - ok
08:35:23.0490 0x219c [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\windows\System32\TabSvc.dll
08:35:23.0553 0x219c TabletInputService - ok
08:35:23.0599 0x219c [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\windows\System32\tapisrv.dll
08:35:23.0677 0x219c TapiSrv - ok
08:35:23.0709 0x219c [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\windows\System32\tbssvc.dll
08:35:23.0802 0x219c TBS - ok
08:35:23.0911 0x219c [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\windows\system32\drivers\tcpip.sys
08:35:23.0974 0x219c Tcpip - ok
08:35:24.0036 0x219c [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
08:35:24.0083 0x219c TCPIP6 - ok
08:35:24.0145 0x219c [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
08:35:24.0192 0x219c tcpipreg - ok
08:35:24.0270 0x219c [ FD542B661BD22FA69CA789AD0AC58C29, 75FFAF1834B1E22DF37608ED451F161052FF1FE3C681B4E20A68DCA92CC7FD8C ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys
08:35:24.0286 0x219c tdcmdpst - ok
08:35:24.0301 0x219c [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
08:35:24.0333 0x219c TDPIPE - ok
08:35:24.0395 0x219c [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
08:35:24.0442 0x219c TDTCP - ok
08:35:24.0520 0x219c [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx C:\windows\system32\DRIVERS\tdx.sys
08:35:24.0551 0x219c tdx - ok
08:35:24.0613 0x219c [ 601486B76ABB0CAC959EDC79DF304287, 3F3E2A01DAE21FF3DAE27E8A3FFDA1AAB2ED8C03487FBC9FA7CDF21B28BAE7D3 ] TemproMonitoringService C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
08:35:24.0629 0x219c TemproMonitoringService - ok
08:35:24.0691 0x219c [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\windows\system32\drivers\termdd.sys
08:35:24.0707 0x219c TermDD - ok
08:35:24.0801 0x219c [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\windows\System32\termsrv.dll
08:35:24.0847 0x219c TermService - ok
08:35:24.0863 0x219c [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\windows\system32\themeservice.dll
08:35:24.0925 0x219c Themes - ok
08:35:24.0972 0x219c [ C013F6ACAA9761F571BD28DADA7C157D, E57246132B36FE38D4B177AAE3367D25AF28449201CD4D02CB7957C32AF02AC6 ] Thpdrv C:\windows\system32\DRIVERS\thpdrv.sys
08:35:24.0988 0x219c Thpdrv - ok
08:35:25.0035 0x219c [ B4E609047434ED948AF7BDEF2FA66E38, 353B7A120E532E9CDF0DE91EC39DF5B9B92A1A99B537FF4FB0D1EA13DBE30D17 ] Thpevm C:\windows\system32\DRIVERS\Thpevm.SYS
08:35:25.0050 0x219c Thpevm - ok
08:35:25.0097 0x219c [ F6927BBA3B09AFF26A53A9191F7378F9, ECB6FD262882E9E2714DC61A634045B4C4906BF159A42ECB5D3166BD42EC65D1 ] Thpsrv C:\windows\system32\ThpSrv.exe
08:35:25.0128 0x219c Thpsrv - ok
08:35:25.0159 0x219c [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\windows\system32\mmcss.dll
08:35:25.0191 0x219c THREADORDER - ok
08:35:25.0237 0x219c [ 28644B0523D64EFF2FC7312A2EE74B0A, 09A36DE0B2B90842BD5B8353CC34B7C71C0FBBF6DD5862720FCEE760849C4561 ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
08:35:25.0253 0x219c TMachInfo - ok
08:35:25.0284 0x219c [ ED32035BDFECED1AD66D459FD9CC1140, B82A15FAB4CBB5A633B9BF722441D5B20D946B63DD10BBE2A89D3A8BA3BE3339 ] TODDSrv C:\windows\system32\TODDSrv.exe
08:35:25.0300 0x219c TODDSrv - ok
08:35:25.0393 0x219c [ 98C864481D62F86EC8AF65BE3419A95B, 61F0C7CBFAB151FBB62081A37C655D4E818A558E140F3F3BA5C26B024AE24EBB ] TosCoSrv C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
08:35:25.0425 0x219c TosCoSrv - ok
08:35:25.0456 0x219c [ B578F7E7914E7D9EB161032A613DE3BD, 93D5F6F8896C2380A630C876A545B8E726A74B82D787B7CD6979A36D71C5E80D ] TOSHIBA Bluetooth Service C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
08:35:25.0487 0x219c TOSHIBA Bluetooth Service - ok
08:35:25.0549 0x219c [ 6938CBD31B47092B042420A5FD2E9AAE, EE22EC33BFB9DA4143A0286F2BE8CF0B1D44D22973D406125AD3CF518BB4FB48 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
08:35:25.0565 0x219c TOSHIBA eco Utility Service - ok
08:35:25.0612 0x219c [ 4218356616E08518E6C2CB102AC3798A, 2AFF17E29F9F5A9A62471100CE49A859262B0296A38BB30CB62D3CF48FC0308D ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
08:35:25.0612 0x219c TOSHIBA HDD SSD Alert Service - ok
08:35:25.0627 0x219c Tosrfcom - ok
08:35:25.0674 0x219c [ 11699D47B3491D86249C168496D55C92, BAE7DC248F44BB036641C1E60103F368B7BFE1AAFDCB4BD25FE9A3A970B3A572 ] tosrfec C:\windows\system32\DRIVERS\tosrfec.sys
08:35:25.0690 0x219c tosrfec - ok
08:35:25.0752 0x219c [ 09FF7B0B1B5C3D225495CB6F5A9B39F8, 0D2CC72B7E02B92C9A1D6B76300B75A39427046903326642B9D511A51A795027 ] tos_sps64 C:\windows\system32\DRIVERS\tos_sps64.sys
08:35:25.0799 0x219c tos_sps64 - ok
08:35:25.0846 0x219c [ 270CEBD8B5DD9F232CD50D18D19C10A0, 9845BB48B5595C10C84DECB49F74B61CF4950369C86703A2B595C75102F0354D ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
08:35:25.0877 0x219c TPCHSrv - ok
08:35:25.0908 0x219c [ DBCC20C02E8A3E43B03C304A4E40A84F, BF5F3ACCB0342304A6870E94D2576644B08DBF307C853C7DBA4B82B0C7309DA4 ] TPM C:\windows\system32\drivers\tpm.sys
08:35:25.0908 0x219c TPM - ok
08:35:25.0955 0x219c [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\windows\System32\trkwks.dll
08:35:26.0033 0x219c TrkWks - ok
08:35:26.0127 0x219c [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
08:35:26.0220 0x219c TrustedInstaller - ok
08:35:26.0267 0x219c [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
08:35:26.0298 0x219c tssecsrv - ok
08:35:26.0345 0x219c [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
08:35:26.0376 0x219c TsUsbFlt - ok
08:35:26.0439 0x219c [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
08:35:26.0485 0x219c tunnel - ok
08:35:26.0517 0x219c [ EFFCE6E033EBDD0F3C0F14A413558F65, 576E7C8F1FBE874A0F8F7AA97FC19F472474CFD4A6F663034341E98FF5A28BB5 ] TVALZ C:\windows\system32\DRIVERS\TVALZ.SYS
08:35:26.0532 0x219c TVALZ - ok
08:35:26.0563 0x219c [ 9C7191F4B2E49BFF47A6C1144B5923FA, DF4E663499946F4E68B7528CA399574D1EB69797FF81F681943B84F3E5E6A40E ] TVALZFL C:\windows\system32\DRIVERS\TVALZFL.sys
08:35:26.0563 0x219c TVALZFL - ok
08:35:26.0595 0x219c [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
08:35:26.0610 0x219c uagp35 - ok
08:35:26.0688 0x219c [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\windows\system32\DRIVERS\udfs.sys
08:35:26.0751 0x219c udfs - ok
08:35:26.0797 0x219c [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\windows\system32\UI0Detect.exe
08:35:26.0844 0x219c UI0Detect - ok
08:35:26.0922 0x219c [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
08:35:26.0938 0x219c uliagpkx - ok
08:35:26.0969 0x219c [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\windows\system32\drivers\umbus.sys
08:35:26.0985 0x219c umbus - ok
08:35:27.0016 0x219c [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\windows\system32\DRIVERS\umpass.sys
08:35:27.0031 0x219c UmPass - ok
08:35:27.0078 0x219c [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\windows\System32\umrdp.dll
08:35:27.0125 0x219c UmRdpService - ok
08:35:27.0312 0x219c [ 41118D920B2B268C0ADC36421248CDCF, 4F99C4913DCFE02B0783FD97F02558E4DD4D7C98553D95A8E26FAAA0C0D67616 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
08:35:27.0375 0x219c UNS - detected UnsignedFile.Multi.Generic ( 1 )
08:35:29.0855 0x219c Detect skipped due to KSN trusted
08:35:29.0855 0x219c UNS - ok
08:35:29.0902 0x219c [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\windows\System32\upnphost.dll
08:35:29.0995 0x219c upnphost - ok
08:35:30.0073 0x219c [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\windows\system32\drivers\usbaudio.sys
08:35:30.0089 0x219c usbaudio - ok
08:35:30.0151 0x219c [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
08:35:30.0229 0x219c usbccgp - ok
08:35:30.0292 0x219c [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\windows\system32\drivers\usbcir.sys
08:35:30.0370 0x219c usbcir - ok
08:35:30.0432 0x219c [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\windows\system32\drivers\usbehci.sys
08:35:30.0479 0x219c usbehci - ok
08:35:30.0541 0x219c [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
08:35:30.0588 0x219c usbhub - ok
08:35:30.0635 0x219c [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\windows\system32\drivers\usbohci.sys
08:35:30.0666 0x219c usbohci - ok
08:35:30.0713 0x219c [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
08:35:30.0729 0x219c usbprint - ok
08:35:30.0791 0x219c [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\windows\system32\drivers\usbscan.sys
08:35:30.0822 0x219c usbscan - ok
08:35:30.0869 0x219c [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
08:35:30.0947 0x219c USBSTOR - ok
08:35:30.0994 0x219c [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\windows\system32\drivers\usbuhci.sys
08:35:31.0041 0x219c usbuhci - ok
08:35:31.0134 0x219c [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
08:35:31.0197 0x219c usbvideo - ok
08:35:31.0228 0x219c [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\windows\System32\uxsms.dll
08:35:31.0321 0x219c UxSms - ok
08:35:31.0368 0x219c [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] VaultSvc C:\windows\system32\lsass.exe
08:35:31.0368 0x219c VaultSvc - ok
08:35:31.0431 0x219c [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
08:35:31.0446 0x219c vdrvroot - ok
08:35:31.0540 0x219c [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\windows\System32\vds.exe
08:35:31.0618 0x219c vds - ok
08:35:31.0665 0x219c [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\windows\system32\DRIVERS\vgapnp.sys
08:35:31.0680 0x219c vga - ok
08:35:31.0696 0x219c [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\windows\System32\drivers\vga.sys
08:35:31.0758 0x219c VgaSave - ok
08:35:31.0821 0x219c [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\windows\system32\drivers\vhdmp.sys
08:35:31.0852 0x219c vhdmp - ok
08:35:31.0899 0x219c [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\windows\system32\drivers\viaide.sys
08:35:31.0914 0x219c viaide - ok
08:35:31.0977 0x219c [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\windows\system32\drivers\vmbus.sys
08:35:32.0008 0x219c vmbus - ok
08:35:32.0023 0x219c [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\windows\system32\drivers\VMBusHID.sys
08:35:32.0023 0x219c VMBusHID - ok
08:35:32.0039 0x219c [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\windows\system32\drivers\volmgr.sys
08:35:32.0055 0x219c volmgr - ok
08:35:32.0117 0x219c [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\windows\system32\drivers\volmgrx.sys
08:35:32.0148 0x219c volmgrx - ok
08:35:32.0164 0x219c [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\windows\system32\drivers\volsnap.sys
08:35:32.0179 0x219c volsnap - ok
08:35:32.0211 0x219c [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
08:35:32.0226 0x219c vsmraid - ok
08:35:32.0367 0x219c [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\windows\system32\vssvc.exe
08:35:32.0491 0x219c VSS - ok
08:35:32.0523 0x219c [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
08:35:32.0616 0x219c vwifibus - ok
08:35:32.0616 0x219c [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
08:35:32.0663 0x219c vwififlt - ok
08:35:32.0694 0x219c [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
08:35:32.0725 0x219c vwifimp - ok
08:35:32.0757 0x219c [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\windows\system32\w32time.dll
08:35:32.0803 0x219c W32Time - ok
08:35:32.0835 0x219c [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
08:35:32.0881 0x219c WacomPen - ok
08:35:32.0959 0x219c [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
08:35:33.0037 0x219c WANARP - ok
08:35:33.0053 0x219c [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
08:35:33.0084 0x219c Wanarpv6 - ok
08:35:33.0240 0x219c [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
08:35:33.0287 0x219c WatAdminSvc - ok
08:35:33.0396 0x219c [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\windows\system32\wbengine.exe
08:35:33.0521 0x219c wbengine - ok
08:35:33.0552 0x219c [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\windows\System32\wbiosrvc.dll
08:35:33.0599 0x219c WbioSrvc - ok
08:35:33.0661 0x219c [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\windows\System32\wcncsvc.dll
08:35:33.0708 0x219c wcncsvc - ok
08:35:33.0724 0x219c [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
08:35:33.0786 0x219c WcsPlugInService - ok
08:35:33.0817 0x219c [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\windows\system32\DRIVERS\wd.sys
08:35:33.0833 0x219c Wd - ok
08:35:33.0927 0x219c [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
08:35:33.0973 0x219c Wdf01000 - ok
08:35:34.0036 0x219c [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost C:\windows\system32\wdi.dll
08:35:34.0098 0x219c WdiServiceHost - ok
08:35:34.0114 0x219c [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost C:\windows\system32\wdi.dll
08:35:34.0129 0x219c WdiSystemHost - ok
08:35:34.0207 0x219c [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\windows\System32\webclnt.dll
08:35:34.0254 0x219c WebClient - ok
08:35:34.0285 0x219c [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\windows\system32\wecsvc.dll
08:35:34.0332 0x219c Wecsvc - ok
08:35:34.0332 0x219c [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\windows\System32\wercplsupport.dll
08:35:34.0379 0x219c wercplsupport - ok
08:35:34.0410 0x219c [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\windows\System32\WerSvc.dll
08:35:34.0457 0x219c WerSvc - ok
08:35:34.0473 0x219c [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
08:35:34.0519 0x219c WfpLwf - ok
08:35:34.0535 0x219c [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\windows\system32\drivers\wimmount.sys
08:35:34.0551 0x219c WIMMount - ok
08:35:34.0566 0x219c WinDefend - ok
08:35:34.0582 0x219c WinHttpAutoProxySvc - ok
08:35:34.0629 0x219c [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
08:35:34.0722 0x219c Winmgmt - ok
08:35:34.0816 0x219c [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\windows\system32\WsmSvc.dll
08:35:34.0894 0x219c WinRM - ok
08:35:34.0941 0x219c [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\windows\system32\drivers\WinUsb.sys
08:35:34.0956 0x219c WinUsb - ok
08:35:35.0003 0x219c [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\windows\System32\wlansvc.dll
08:35:35.0050 0x219c Wlansvc - ok
08:35:35.0299 0x219c [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:35:35.0377 0x219c wlidsvc - ok
08:35:35.0424 0x219c [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
08:35:35.0455 0x219c WmiAcpi - ok
08:35:35.0487 0x219c [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
08:35:35.0533 0x219c wmiApSrv - ok
08:35:35.0580 0x219c WMPNetworkSvc - ok
08:35:35.0611 0x219c [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\windows\System32\wpcsvc.dll
08:35:35.0643 0x219c WPCSvc - ok
08:35:35.0689 0x219c [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
08:35:35.0736 0x219c WPDBusEnum - ok
08:35:35.0767 0x219c [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
08:35:35.0799 0x219c ws2ifsl - ok
08:35:35.0830 0x219c [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\windows\System32\wscsvc.dll
08:35:35.0845 0x219c wscsvc - ok
08:35:35.0861 0x219c WSearch - ok
08:35:36.0001 0x219c [ 0814A74C853F50B354F08F83DDA9F7FB, 0A63BAA8DE451B8C2C71FEF961718E769B9BAC305C76D24048C664CB27D0DF28 ] wuauserv C:\windows\system32\wuaueng.dll
08:35:36.0142 0x219c wuauserv - ok
08:35:36.0204 0x219c [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\windows\system32\drivers\WudfPf.sys
08:35:36.0267 0x219c WudfPf - ok
08:35:36.0298 0x219c [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\windows\system32\drivers\WUDFRd.sys
08:35:36.0345 0x219c WUDFRd - ok
08:35:36.0391 0x219c [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\windows\System32\WUDFSvc.dll
08:35:36.0423 0x219c wudfsvc - ok
08:35:36.0469 0x219c [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\windows\System32\wwansvc.dll
08:35:36.0563 0x219c WwanSvc - ok
08:35:36.0594 0x219c ================ Scan global ===============================
08:35:36.0625 0x219c [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\windows\system32\basesrv.dll
08:35:36.0688 0x219c [ 2313AF8D5A9CEB4A55400A01DD311A95, A5779FE967EA2703E86BEDC32CD736617AF278C72048228F038DFC628E1E0AA2 ] C:\windows\system32\winsrv.dll
08:35:36.0703 0x219c [ 2313AF8D5A9CEB4A55400A01DD311A95, A5779FE967EA2703E86BEDC32CD736617AF278C72048228F038DFC628E1E0AA2 ] C:\windows\system32\winsrv.dll
08:35:36.0735 0x219c [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\windows\system32\sxssrv.dll
08:35:36.0813 0x219c [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\windows\system32\services.exe
08:35:36.0828 0x219c [ Global ] - ok
08:35:36.0828 0x219c ================ Scan MBR ==================================
08:35:36.0828 0x219c [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
08:35:37.0203 0x219c \Device\Harddisk0\DR0 - ok
08:35:37.0203 0x219c ================ Scan VBR ==================================
08:35:37.0218 0x219c [ 9CB43BB80123C18D8ABCA9EBBB1938BC ] \Device\Harddisk0\DR0\Partition1
08:35:37.0218 0x219c \Device\Harddisk0\DR0\Partition1 - ok
08:35:37.0218 0x219c ================ Scan generic autorun ======================
08:35:37.0296 0x219c [ 852F12CA7C4FC7E3D77B606492435556, CCDA88794836D40701BF5B0A6872686DDE19C54AFCE6A954C9D83102BB12AEAF ] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
08:35:37.0327 0x219c IAStorIcon - ok
08:35:37.0359 0x219c [ CE7648AF53E26CEB484F54866F195328, 0A9A563A83296A54EE3DD7AD8EB2FC6B50E329439C367B506592147214C0AA0E ] C:\Program Files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe
08:35:37.0374 0x219c TOSDCR - ok
08:35:37.0421 0x219c [ DD005815926707C14D47131568668651, 344D1C93BFA750F98C79799FD3F060A6E1EEEDA04FE2B342770820CCC8B5B3B0 ] C:\Program Files (x86)\TOSHIBA\TNRotate\TNRotate.exe
08:35:37.0452 0x219c TNRotate - ok
08:35:37.0577 0x219c [ EEEB1B5D59D1EE6899E0F803B5A275F5, 9357F8DA0F89DEFD34BF8531B5BAFFDCA228783116C0194849658BC97DD35333 ] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
08:35:37.0655 0x219c TWebCamera - ok
08:35:37.0686 0x219c [ B9FBE2C4DE9A72E8997697C8D5CAD009, EF2F8C2D4AE2D45232C97D60734B398E3EC59245702F4B5D3D7E5077DBF83B1D ] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
08:35:37.0686 0x219c ITSecMng - ok
08:35:37.0764 0x219c [ 541B822882607023E75FFEC0C8F90FAF, 1D734219F99EE4FEDFD8D146DCA4733C8633540CF2613A6002363B0F69859687 ] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
08:35:37.0827 0x219c ToshibaServiceStation - ok
08:35:37.0858 0x219c [ E1FE4FF49B44032A6B954DC9BD8FC801, 7BAAB68D960E46DC7FD1BDEE55B0F5F9D180A7ABFDFC052A6671154361245FCF ] C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
08:35:37.0873 0x219c TUSBSleepChargeSrv - ok
08:35:37.0967 0x219c [ 187F4C75A89E3F412322C94526320074, D78FA7EF93C8C7B4326A5B6DB04A92ADD091DF00658FA8731D07C5D3BE29ED04 ] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
08:35:37.0983 0x219c BCSSync - ok
08:35:38.0029 0x219c [ 02753F61256257D97E5DB793D754E904, 35709D754F102DCF1164E4720BC2C54355C0E8B35E6A329C36A76831DBA9663B ] C:\Program Files (x86)\FreePDF_XP\fpassist.exe
08:35:38.0045 0x219c FreePDF Assistant - detected UnsignedFile.Multi.Generic ( 1 )
08:35:40.0603 0x219c Detect skipped due to KSN trusted
08:35:40.0603 0x219c FreePDF Assistant - ok
08:35:40.0603 0x219c Conime - ok
08:35:40.0728 0x219c [ A0251ED3ABBA7ACC84416738C8282ACA, 67240ED2BD24D557003AD7062E314F6CDC63BA95EB99A38AB7606432605DDE84 ] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
08:35:40.0759 0x219c KiesTrayAgent - ok
08:35:40.0962 0x219c [ 5C59E612AA95F10DBD29F6249EA379D3, CC1B5D70960C49DAEBD0BBFA908A1F6D823FCF5030AEBEEA646A04DAC338579B ] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
08:35:41.0103 0x219c EKStatusMonitor - ok
08:35:41.0181 0x219c [ 9ACCBC5891BA51B5B29C1A88F80D4CE3, 4EA3D9CB239874232AE0D7F824AF8CC7AD9BB4657CB9978B41067B4447FBE71B ] C:\Program Files (x86)\QuickTime\QTTask.exe
08:35:41.0227 0x219c QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
08:35:43.0708 0x219c Detect skipped due to KSN trusted
08:35:43.0708 0x219c QuickTime Task - ok
08:35:43.0801 0x219c [ B899B4608BB72DB2FCC11D350A36D2C6, 7804CA2F8C72936B47D2490A5D36DA45C706ABD2FF247ED7ABC6544EE1BDF09D ] C:\Program Files (x86)\PDF24\pdf24.exe
08:35:43.0848 0x219c PDFPrint - ok
08:35:44.0347 0x219c [ 3E04F1E482357B1FC8B088197C3D9FF8, 85524ADDC27ADC831EBBD24E079B412CFDC69E5F594BD153319087665A28D546 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
08:35:44.0519 0x219c Adobe ARM - ok
08:35:44.0706 0x219c [ 34084D25BE6F48D072AA54DE630438FD, 522C96429FC679C2D07E9254E8D1793FEC018D65CD43D88FE9851CC8CEB61A07 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
08:35:44.0769 0x219c SunJavaUpdateSched - ok
08:35:45.0268 0x219c [ 7EE68A122ED08E4AAD8DA551E34D2515, B3C9AB270AF595D3DBAFBF4A312B96CBF00C16F0A03CCC86BE56825CD1EB7143 ] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
08:35:45.0455 0x219c SDTray - ok
08:35:45.0658 0x219c [ 7E91655B4947EC1B18B3BC1645839145, 4425326D019A7A6380B71D6710AD94D58A11E1BC5BA42159DD4A17437A296C48 ] C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
08:35:45.0689 0x219c AVP - ok
08:35:45.0814 0x219c [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
08:35:45.0876 0x219c Sidebar - ok
08:35:45.0892 0x219c [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
08:35:45.0939 0x219c mctadmin - ok
08:35:46.0001 0x219c [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
08:35:46.0048 0x219c Sidebar - ok
08:35:46.0048 0x219c [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
08:35:46.0079 0x219c mctadmin - ok
08:35:46.0313 0x219c [ BBFED9378719CF8E0C3DEDC979B5D649, CF1E3137325E463A265B78354D938BC8269186D958FEA60FECC5D7BC5A180C6A ] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe
08:35:46.0594 0x219c TOSHIBA Online Product Information - ok
08:35:46.0687 0x219c [ 32FDDC7D071C9F38D4555A13AB934087, 4BD1D45192389186272742FA17360A0CF2559D11F5B899EE53C22583EC0E8DFA ] C:\Program Files (x86)\Duden\Duden Korrektor\DKTray.exe
08:35:46.0719 0x219c Duden Korrektor SysTray - ok
08:35:46.0906 0x219c [ 0F71621E15B9E668CDC3CCC15FCBC6C5, 05365380D6708FECD8EBF7954BAA75F6D52F9944CF50228AF06CC7BEAA13B53C ] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
08:35:46.0984 0x219c KiesPDLR - ok
08:35:47.0109 0x219c [ F5ED26AB8BDD951BFAC8BBD0D68BA3E9, 418A80F9213A6E830777DE6E8A0F5E5B4BE5B36F4767B056827682EC7F3C8BBF ] C:\Program Files (x86)\Samsung\Kies\Kies.exe
08:35:47.0155 0x219c KiesPreload - ok
08:35:47.0233 0x219c [ 5746BD7E255DD6A8AFA06F7C42C1BA41, DB06C3534964E3FC79D2763144BA53742D7FA250CA336F4A0FE724B75AAFF386 ] C:\windows\system32\cmd.exe
08:35:47.0343 0x219c Uninstall C:\Users\Anja\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64 - ok
08:35:47.0358 0x219c [ 5746BD7E255DD6A8AFA06F7C42C1BA41, DB06C3534964E3FC79D2763144BA53742D7FA250CA336F4A0FE724B75AAFF386 ] C:\windows\system32\cmd.exe
08:35:47.0389 0x219c Uninstall C:\Users\Anja\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910 - ok
08:35:47.0405 0x219c [ 5746BD7E255DD6A8AFA06F7C42C1BA41, DB06C3534964E3FC79D2763144BA53742D7FA250CA336F4A0FE724B75AAFF386 ] C:\windows\system32\cmd.exe
08:35:47.0452 0x219c Uninstall C:\Users\Anja\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64 - ok
08:35:47.0467 0x219c [ 5746BD7E255DD6A8AFA06F7C42C1BA41, DB06C3534964E3FC79D2763144BA53742D7FA250CA336F4A0FE724B75AAFF386 ] C:\windows\system32\cmd.exe
08:35:47.0514 0x219c Uninstall C:\Users\Anja\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627 - ok
08:35:47.0748 0x219c [ BBFED9378719CF8E0C3DEDC979B5D649, CF1E3137325E463A265B78354D938BC8269186D958FEA60FECC5D7BC5A180C6A ] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe
08:35:47.0904 0x219c TOSHIBA Online Product Information - ok
08:35:47.0904 0x219c Waiting for KSN requests completion. In queue: 92
08:35:48.0918 0x219c Waiting for KSN requests completion. In queue: 92
08:35:49.0932 0x219c Waiting for KSN requests completion. In queue: 92
08:35:51.0071 0x219c AV detected via SS2: Kaspersky PURE 3.0, C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\wmiav.exe ( 13.0.2.558 ), 0x41000 ( enabled : updated )
08:35:51.0071 0x219c FW detected via SS2: Kaspersky PURE 3.0, C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\wmifw.exe ( 13.0.2.558 ), 0x41010 ( enabled )
08:35:53.0567 0x219c ============================================================
08:35:53.0567 0x219c Scan finished
08:35:53.0567 0x219c ============================================================
08:35:53.0583 0x17b0 Detected object count: 0
08:35:53.0583 0x17b0 Actual detected object count: 0
Klingt für mich zusammen mit dem Ergebnis von mbar positiv. Gibt's noch was zu tun? Besten Gruß speedy didi |
|
10.06.2015, 07:58
| #6 |
| | Flipmailer / Trojaner - ähnlich dem Problem von schima30 - Infoexenet flipmailer? Hier die Log(s) von mbar: a) Gestern abends - der Computer hat sich dann heute nach nach einem automatischen Windows-update selbst neu gestartet: Code:
ATTFilter ---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 11.0.9600.17801
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 4010201088, free: 1223876608
Downloaded database version: v2015.06.09.05
Downloaded database version: v2015.06.02.01
Downloaded database version: v2015.05.13.01
=======================================
------------ Kernel report ------------
06/09/2015 21:43:53
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\kl1.sys
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\CSCrySec.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\vmbus.sys
\SystemRoot\system32\drivers\winhv.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\TVALZ.SYS
\SystemRoot\system32\DRIVERS\tos_sps64.sys
\SystemRoot\system32\DRIVERS\Thpevm.SYS
\SystemRoot\system32\DRIVERS\thpdrv.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\system32\DRIVERS\klif.sys
\SystemRoot\system32\DRIVERS\klflt.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Mpfp.sys
\SystemRoot\System32\Drivers\TDI.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\ipfltdrv.sys
\SystemRoot\system32\DRIVERS\kltdi.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\klim6.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\system32\DRIVERS\kneps.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\CSVirtualDiskDrv.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\e1k62x64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\risdpe64.sys
\SystemRoot\system32\DRIVERS\rimspe64.sys
\SystemRoot\system32\DRIVERS\rixdpe64.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\drivers\tpm.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\klkbdflt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\Apfiltr.sys
\SystemRoot\system32\DRIVERS\klmouflt.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\tdcmdpst.sys
\SystemRoot\system32\DRIVERS\Impcd.sys
\SystemRoot\system32\DRIVERS\TVALZFL.sys
\SystemRoot\system32\DRIVERS\tosrfec.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\Drivers\ATSwpWDF.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\pgeffect.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\ser2pl64.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\WUDFRd.sys
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
Scan started
Database versions:
main: v2015.06.09.05
rootkit: v2015.06.02.01
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004b4f060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004b4fb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004b4f060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004b4d060, DeviceName: \Device\THPDRV1\, DriverName: \Driver\Thpdrv\
DevicePointer: 0xfffffa800499c1b0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80049a0050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 5D4EDC6E
Partition information:
Partition 0 type is Other (0x27)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 3072000
Partition file system is NTFS
Partition is bootable
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 3074048 Numsec = 607334400
Partition 2 type is HIDDEN (0x17)
Partition is NOT ACTIVE.
Partition starts at LBA: 610408448 Numsec = 14733312
Partition is not bootable
Hidden partition VBR is not infected.
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 320072933376 bytes
Sector size: 512 bytes
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8007849060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80070cf880, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007849060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006cb7a00, DeviceName: \Device\00000081\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4030201
Partition information:
Partition 0 type is Other (0x6)
Partition is NOT ACTIVE.
Partition starts at LBA: 240 Numsec = 3987216
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 2041577472 bytes
Sector size: 512 bytes
Done!
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-AF16F94C5F45F4097ABA15A97AEA21002BF9F951.bin.VE1" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-AF16F94C5F45F4097ABA15A97AEA21002BF9F951.bin.VF" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-C23B8C96F05F35E632F6DAB9C9DC476BA197DB33.bin.VE1" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-C23B8C96F05F35E632F6DAB9C9DC476BA197DB33.bin.VF" is compressed (flags = 1)
Scan finished
=======================================
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org
Database version:
main: v2015.06.09.06
rootkit: v2015.06.02.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17843
Admin :: TOSHIBANB [administrator]
10.06.2015 06:58:38
mbar-log-2015-06-10 (06-58-38).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 445476
Time elapsed: 1 hour(s), 23 minute(s), 21 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
speedy didi |
|
11.06.2015, 06:19
| #7 |
| /// the machine /// TB-Ausbilder | Flipmailer / Trojaner - ähnlich dem Problem von schima30 - Infoexenet flipmailer? hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
11.06.2015, 08:07
| #8 |
| | Flipmailer / Trojaner - ähnlich dem Problem von schima30 - Infoexenet flipmailer? Hallo schrauber, vielen Dank für Deine schnellen Antworten. hier das log von Combofix: Code:
ATTFilter Combofix Logfile: Besten Gruß speedy didi |
|
12.06.2015, 05:34
| #9 |
| /// the machine /// TB-Ausbilder | Flipmailer / Trojaner - ähnlich dem Problem von schima30 - Infoexenet flipmailer? Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
12.06.2015, 12:56
| #10 |
| | Flipmailer / Trojaner - ähnlich dem Problem von schima30 - Infoexenet flipmailer? Hallo schrauber, hier die logs: Anitmalware Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 12.06.2015 Suchlauf-Zeit: 08:23:46 Logdatei: mbam.txt Administrator: Ja Version: 2.01.6.1022 Malware Datenbank: v2015.06.12.01 Rootkit Datenbank: v2015.06.02.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Admin Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 428804 Verstrichene Zeit: 26 Min, 0 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 1 PUP.Optional.ICQToolbar.A, C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe, 1960, Löschen bei Neustart, [6d644e6b24661c1abb7c2acf16ed53ad] Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 24 PUP.Optional.ICQToolbar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}, In Quarantäne, [5180d3e696f4d95d48d16ef7689b20e0], PUP.Optional.ICQToolbar.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}, In Quarantäne, [5180d3e696f4d95d48d16ef7689b20e0], PUP.Optional.ICQToolbar.A, HKLM\SOFTWARE\CLASSES\ICQToolBar.IEHook.1, In Quarantäne, [5180d3e696f4d95d48d16ef7689b20e0], PUP.Optional.ICQToolbar.A, HKLM\SOFTWARE\CLASSES\ICQToolBar.IEHook, In Quarantäne, [5180d3e696f4d95d48d16ef7689b20e0], PUP.Optional.ICQToolbar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ICQToolBar.IEHook, In Quarantäne, [5180d3e696f4d95d48d16ef7689b20e0], PUP.Optional.ICQToolbar.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ICQToolBar.IEHook, In Quarantäne, [5180d3e696f4d95d48d16ef7689b20e0], PUP.Optional.ICQToolbar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ICQToolBar.IEHook.1, In Quarantäne, [5180d3e696f4d95d48d16ef7689b20e0], PUP.Optional.ICQToolbar.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ICQToolBar.IEHook.1, In Quarantäne, [5180d3e696f4d95d48d16ef7689b20e0], PUP.Optional.ICQToolbar.A, HKU\S-1-5-21-3259377877-260377006-1008623290-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{855F3B16-6D32-4FE6-8A56-BBB695989046}, In Quarantäne, [5180d3e696f4d95d48d16ef7689b20e0], PUP.Optional.ICQToolbar.A, HKU\S-1-5-21-3259377877-260377006-1008623290-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{855F3B16-6D32-4FE6-8A56-BBB695989046}, In Quarantäne, [5180d3e696f4d95d48d16ef7689b20e0], PUP.Optional.ICQToolbar.A, HKU\S-1-5-21-3259377877-260377006-1008623290-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{855F3B16-6D32-4FE6-8A56-BBB695989046}, In Quarantäne, [5180d3e696f4d95d48d16ef7689b20e0], PUP.Optional.ICQToolbar.A, HKU\S-1-5-21-3259377877-260377006-1008623290-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{855F3B16-6D32-4FE6-8A56-BBB695989046}, In Quarantäne, [5180d3e696f4d95d48d16ef7689b20e0], PUP.Optional.ICQToolbar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\EXPLORER BARS\{855F3B16-6D32-4FE6-8A56-BBB695989046}, In Quarantäne, [5180d3e696f4d95d48d16ef7689b20e0], PUP.Optional.Widdit.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}, In Quarantäne, [bd14b306494120168b055531709559a7], PUP.Optional.Widdit.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}, In Quarantäne, [329fceeb048689ad0090f19513f2f010], PUP.Optional.ICQToolbar.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ICQ SERVICE, In Quarantäne, [6d644e6b24661c1abb7c2acf16ed53ad], PUP.Optional.InstallCore.C, HKU\S-1-5-21-3259377877-260377006-1008623290-1000\SOFTWARE\InstallCore, In Quarantäne, [0bc60baeccbea294d15f7a11a461748c], PUP.Optional.Babylon.A, HKU\S-1-5-21-3259377877-260377006-1008623290-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}, In Quarantäne, [5e73af0a1575181e07f623c9b64d35cb], PUP.Optional.Spigot.A, HKU\S-1-5-21-3259377877-260377006-1008623290-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{4DAD408E-0BCC-485C-9F1D-5E8587482470}, In Quarantäne, [18b9a6136f1b0b2b7ac1f5fb0ef515eb], PUP.Optional.Widdit.A, HKU\S-1-5-21-3259377877-260377006-1008623290-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{4E5572DD-2485-4687-BCC8-F92354CADDF8}, In Quarantäne, [4a876c4d9af059dda9e64f37ca3bc23e], PUP.Optional.ICQ.A, HKU\S-1-5-21-3259377877-260377006-1008623290-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6552C7DD-90A4-4387-B795-F8F96747DE19}, In Quarantäne, [d4fdb603d0ba85b16d2df78c47be3bc5], PUP.Optional.Widdit.A, HKU\S-1-5-21-3259377877-260377006-1008623290-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}, In Quarantäne, [557c784196f46dc936598ef8fc0924dc], PUP.Optional.Widdit.A, HKU\S-1-5-21-3259377877-260377006-1008623290-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}, In Quarantäne, [478ab306a5e55cda513e3f47bf4607f9], PUP.Optional.ICQToolbar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ICQToolbar, In Quarantäne, [14bd16a3deac5adc8965df06867d629e], Registrierungswerte: 18 PUP.Optional.ICQToolbar.A, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{855F3B16-6D32-4FE6-8A56-BBB695989046}, In Quarantäne, [5180d3e696f4d95d48d16ef7689b20e0], PUP.Optional.ICQToolbar.A, HKU\S-1-5-21-3259377877-260377006-1008623290-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{855F3B16-6D32-4FE6-8A56-BBB695989046}, In Quarantäne, [5180d3e696f4d95d48d16ef7689b20e0], PUP.Optional.ICQToolbar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{855F3B16-6D32-4FE6-8A56-BBB695989046}, ICQToolBar, In Quarantäne, [5180d3e696f4d95d48d16ef7689b20e0] PUP.Optional.ICQToolbar.A, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{855F3B16-6D32-4fe6-8A56-BBB695989046}, In Quarantäne, [f6db556497f3330358c1d392659e817f], PUP.Optional.ICQToolbar.A, HKU\S-1-5-21-3259377877-260377006-1008623290-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{855F3B16-6D32-4fe6-8A56-BBB695989046}, In Quarantäne, [ede4ad0c1773a6904bce30359f643cc4], PUP.Optional.ICQToolbar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{855F3B16-6D32-4FE6-8A56-BBB695989046}, In Quarantäne, [a9286e4b4c3ef93dbd5c8bdad033f808], PUP.Optional.Widdit.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}|SuggestionsURL_JSON, hxxp://api.widdit.com/suggestions/?format=ffplugin&ua=ie&src=addon&si=46364&gid=46364-3869-1372602334090-0A0EEE382BB8CE3E2B6E26AB54B07CE0&dbCode=1&command={searchTerms}, In Quarantäne, [bd14b306494120168b055531709559a7] PUP.Optional.Widdit.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{afdbddaa-5d3f-42ee-b79c-185a7020515b}|SuggestionsURL_JSON, hxxp://api.widdit.com/suggestions/?format=ffplugin&ua=ie&src=addon&si=46364&gid=46364-3869-1372602334090-0A0EEE382BB8CE3E2B6E26AB54B07CE0&dbCode=1&command={searchTerms}, In Quarantäne, [329fceeb048689ad0090f19513f2f010] PUP.Optional.ICQToolbar.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ICQ SERVICE|ImagePath, C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe, In Quarantäne, [6d644e6b24661c1abb7c2acf16ed53ad] PUP.Optional.Babylon.A, HKU\S-1-5-21-3259377877-260377006-1008623290-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}|URL, hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=28ac92bf0000000000000626b6e043bc&tlver=1.4.19.19&affID=17160, In Quarantäne, [5e73af0a1575181e07f623c9b64d35cb] PUP.Optional.Babylon.A, HKU\S-1-5-21-3259377877-260377006-1008623290-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}|DisplayName, Search the web (Babylon), In Quarantäne, [468b9227d9b153e36b2298e73ec77a86] PUP.Optional.Spigot.A, HKU\S-1-5-21-3259377877-260377006-1008623290-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{4DAD408E-0BCC-485C-9F1D-5E8587482470}|URL, hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=386496&p={searchTerms}, In Quarantäne, [18b9a6136f1b0b2b7ac1f5fb0ef515eb] PUP.Optional.Spigot.A, HKU\S-1-5-21-3259377877-260377006-1008623290-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{4DAD408E-0BCC-485C-9F1D-5E8587482470}|OSDFileURL, file:///C:/Program%20Files%20(x86)/Common%20Files/Spigot/Search%20Settings/yahoo_ie.xml, In Quarantäne, [8d442099741695a11af353346d98768a] PUP.Optional.Widdit.A, HKU\S-1-5-21-3259377877-260377006-1008623290-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{4E5572DD-2485-4687-BCC8-F92354CADDF8}|SuggestionsURL_JSON, hxxp://api.widdit.com/suggestions/?format=ffplugin&ua=ie&src=addon&si=46364&gid=46364-3869-1372602334090-0A0EEE382BB8CE3E2B6E26AB54B07CE0&dbCode=1&command={searchTerms}, In Quarantäne, [4a876c4d9af059dda9e64f37ca3bc23e] PUP.Optional.ICQ.A, HKU\S-1-5-21-3259377877-260377006-1008623290-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6552C7DD-90A4-4387-B795-F8F96747DE19}|URL, hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd, In Quarantäne, [d4fdb603d0ba85b16d2df78c47be3bc5] PUP.Optional.ICQ.A, HKU\S-1-5-21-3259377877-260377006-1008623290-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6552C7DD-90A4-4387-B795-F8F96747DE19}|FaviconURL, hxxp://c.icq.com/favicon.ico, In Quarantäne, [943d5a5fd2b8aa8ccad03a490104946c] PUP.Optional.Widdit.A, HKU\S-1-5-21-3259377877-260377006-1008623290-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}|SuggestionsURL_JSON, hxxp://api.widdit.com/suggestions/?format=ffplugin&ua=ie&src=addon&si=46364&gid=46364-3869-1372602334090-0A0EEE382BB8CE3E2B6E26AB54B07CE0&dbCode=1&command={searchTerms}, In Quarantäne, [557c784196f46dc936598ef8fc0924dc] PUP.Optional.Widdit.A, HKU\S-1-5-21-3259377877-260377006-1008623290-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{afdbddaa-5d3f-42ee-b79c-185a7020515b}|SuggestionsURL_JSON, hxxp://api.widdit.com/suggestions/?format=ffplugin&ua=ie&src=addon&si=46364&gid=46364-3869-1372602334090-0A0EEE382BB8CE3E2B6E26AB54B07CE0&dbCode=1&command={searchTerms}, In Quarantäne, [478ab306a5e55cda513e3f47bf4607f9] Registrierungsdaten: 0 (Keine schädliche Elemente gefunden) Ordner: 19 PUP.Optional.Babylon.A, C:\Users\Anja\AppData\LocalLow\BabylonToolbar, In Quarantäne, [18b9e8d1bbcf64d2545a21a6b64d857b], PUP.Optional.Babylon.A, C:\Users\Anja\AppData\LocalLow\BabylonToolbar\BabylonToolbar, In Quarantäne, [18b9e8d1bbcf64d2545a21a6b64d857b], PUP.Optional.Babylon.A, C:\Users\Anja\AppData\LocalLow\BabylonToolbar\BabylonToolbar\Microsoft, In Quarantäne, [18b9e8d1bbcf64d2545a21a6b64d857b], PUP.Optional.Babylon.A, C:\Users\Anja\AppData\LocalLow\BabylonToolbar\BabylonToolbar\Microsoft\Windows, In Quarantäne, [18b9e8d1bbcf64d2545a21a6b64d857b], PUP.Optional.Babylon.A, C:\Users\Anja\AppData\LocalLow\BabylonToolbar\BabylonToolbar\Microsoft\Windows\IETldCache, In Quarantäne, [18b9e8d1bbcf64d2545a21a6b64d857b], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar, In Quarantäne, [4190ae0b66247cba5895aa3b4ab9f20e], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML, In Quarantäne, [4190ae0b66247cba5895aa3b4ab9f20e], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\BG, In Quarantäne, [4190ae0b66247cba5895aa3b4ab9f20e], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\CZ, In Quarantäne, [4190ae0b66247cba5895aa3b4ab9f20e], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\DE, In Quarantäne, [4190ae0b66247cba5895aa3b4ab9f20e], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\EN, In Quarantäne, [4190ae0b66247cba5895aa3b4ab9f20e], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\ES, In Quarantäne, [4190ae0b66247cba5895aa3b4ab9f20e], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\FR, In Quarantäne, [4190ae0b66247cba5895aa3b4ab9f20e], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\HE, In Quarantäne, [4190ae0b66247cba5895aa3b4ab9f20e], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\IT, In Quarantäne, [4190ae0b66247cba5895aa3b4ab9f20e], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\RU, In Quarantäne, [4190ae0b66247cba5895aa3b4ab9f20e], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\SK, In Quarantäne, [4190ae0b66247cba5895aa3b4ab9f20e], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\TR, In Quarantäne, [4190ae0b66247cba5895aa3b4ab9f20e], PUP.Optional.ICQToolbar.A, C:\Program Files (x86)\ICQ6Toolbar, Löschen bei Neustart, [14bd16a3deac5adc8965df06867d629e], Dateien: 58 PUP.Optional.ICQToolbar.A, C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll, In Quarantäne, [5180d3e696f4d95d48d16ef7689b20e0], PUP.Optional.Simplytech, C:\Windows\Launcher.exe, In Quarantäne, [765b8f2ab1d93df93aa44a559570649c], PUP.Optional.ICQToolbar.A, C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe, Löschen bei Neustart, [6d644e6b24661c1abb7c2acf16ed53ad], PUP.Optional.Babylon.A, C:\Users\Anja\AppData\LocalLow\BabylonToolbar\BabylonToolbar\Microsoft\Windows\IETldCache\index.dat, In Quarantäne, [18b9e8d1bbcf64d2545a21a6b64d857b], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\Configuration.xml, In Quarantäne, [4190ae0b66247cba5895aa3b4ab9f20e], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\OptionDlg.xml, In Quarantäne, [4190ae0b66247cba5895aa3b4ab9f20e], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\RegionalSettings.xml, In Quarantäne, [4190ae0b66247cba5895aa3b4ab9f20e], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\UserInterface.xml, In Quarantäne, [4190ae0b66247cba5895aa3b4ab9f20e], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\BG\Configuration.xml, In Quarantäne, [4190ae0b66247cba5895aa3b4ab9f20e], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\BG\OptionDlg.xml, In Quarantäne, [4190ae0b66247cba5895aa3b4ab9f20e], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\BG\RegionalSettings.xml, In Quarantäne, [4190ae0b66247cba5895aa3b4ab9f20e], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\BG\UserInterface.xml, In Quarantäne, [4190ae0b66247cba5895aa3b4ab9f20e], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\CZ\Configuration.xml, In Quarantäne, [4190ae0b66247cba5895aa3b4ab9f20e], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\CZ\OptionDlg.xml, In Quarantäne, [4190ae0b66247cba5895aa3b4ab9f20e], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\CZ\RegionalSettings.xml, In Quarantäne, [4190ae0b66247cba5895aa3b4ab9f20e], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\CZ\UserInterface.xml, In Quarantäne, [4190ae0b66247cba5895aa3b4ab9f20e], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\EN\Configuration.xml, In Quarantäne, [4190ae0b66247cba5895aa3b4ab9f20e], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\EN\OptionDlg.xml, In Quarantäne, [4190ae0b66247cba5895aa3b4ab9f20e], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\EN\RegionalSettings.xml, In Quarantäne, [4190ae0b66247cba5895aa3b4ab9f20e], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\EN\UserInterface.xml, In Quarantäne, [4190ae0b66247cba5895aa3b4ab9f20e], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\ES\Configuration.xml, In Quarantäne, [4190ae0b66247cba5895aa3b4ab9f20e], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\ES\OptionDlg.xml, In Quarantäne, [4190ae0b66247cba5895aa3b4ab9f20e], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\ES\RegionalSettings.xml, In Quarantäne, [4190ae0b66247cba5895aa3b4ab9f20e], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\ES\UserInterface.xml, In Quarantäne, [4190ae0b66247cba5895aa3b4ab9f20e], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\FR\Configuration.xml, In Quarantäne, [4190ae0b66247cba5895aa3b4ab9f20e], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\FR\OptionDlg.xml, In Quarantäne, [4190ae0b66247cba5895aa3b4ab9f20e], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\FR\RegionalSettings.xml, In Quarantäne, [4190ae0b66247cba5895aa3b4ab9f20e], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\FR\UserInterface.xml, In Quarantäne, [4190ae0b66247cba5895aa3b4ab9f20e], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\HE\Configuration.xml, In Quarantäne, [4190ae0b66247cba5895aa3b4ab9f20e], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\HE\OptionDlg.xml, In Quarantäne, [4190ae0b66247cba5895aa3b4ab9f20e], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\HE\RegionalSettings.xml, In Quarantäne, [4190ae0b66247cba5895aa3b4ab9f20e], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\HE\UserInterface.xml, In Quarantäne, [4190ae0b66247cba5895aa3b4ab9f20e], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\IT\Configuration.xml, In Quarantäne, [4190ae0b66247cba5895aa3b4ab9f20e], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\IT\OptionDlg.xml, In Quarantäne, [4190ae0b66247cba5895aa3b4ab9f20e], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\IT\RegionalSettings.xml, In Quarantäne, [4190ae0b66247cba5895aa3b4ab9f20e], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\IT\UserInterface.xml, In Quarantäne, [4190ae0b66247cba5895aa3b4ab9f20e], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\RU\Configuration.xml, In Quarantäne, [4190ae0b66247cba5895aa3b4ab9f20e], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\RU\OptionDlg.xml, In Quarantäne, [4190ae0b66247cba5895aa3b4ab9f20e], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\RU\RegionalSettings.xml, In Quarantäne, [4190ae0b66247cba5895aa3b4ab9f20e], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\RU\UserInterface.xml, In Quarantäne, [4190ae0b66247cba5895aa3b4ab9f20e], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\SK\Configuration.xml, In Quarantäne, [4190ae0b66247cba5895aa3b4ab9f20e], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\SK\OptionDlg.xml, In Quarantäne, [4190ae0b66247cba5895aa3b4ab9f20e], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\SK\RegionalSettings.xml, In Quarantäne, [4190ae0b66247cba5895aa3b4ab9f20e], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\SK\UserInterface.xml, In Quarantäne, [4190ae0b66247cba5895aa3b4ab9f20e], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\TR\Configuration.xml, In Quarantäne, [4190ae0b66247cba5895aa3b4ab9f20e], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\TR\OptionDlg.xml, In Quarantäne, [4190ae0b66247cba5895aa3b4ab9f20e], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\TR\RegionalSettings.xml, In Quarantäne, [4190ae0b66247cba5895aa3b4ab9f20e], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\TR\UserInterface.xml, In Quarantäne, [4190ae0b66247cba5895aa3b4ab9f20e], PUP.Optional.ICQToolbar.A, C:\Program Files (x86)\ICQ6Toolbar\config.xml, In Quarantäne, [14bd16a3deac5adc8965df06867d629e], PUP.Optional.ICQToolbar.A, C:\Program Files (x86)\ICQ6Toolbar\Icons.bmp, In Quarantäne, [14bd16a3deac5adc8965df06867d629e], PUP.Optional.ICQToolbar.A, C:\Program Files (x86)\ICQ6Toolbar\icq6Toolbar.ico, In Quarantäne, [14bd16a3deac5adc8965df06867d629e], PUP.Optional.ICQToolbar.A, C:\Program Files (x86)\ICQ6Toolbar\ICQUnToolbar.exe, In Quarantäne, [14bd16a3deac5adc8965df06867d629e], PUP.Optional.ICQToolbar.A, C:\Program Files (x86)\ICQ6Toolbar\logo_small.gif, In Quarantäne, [14bd16a3deac5adc8965df06867d629e], PUP.Optional.ICQToolbar.A, C:\Program Files (x86)\ICQ6Toolbar\ServiceStarter.exe, In Quarantäne, [14bd16a3deac5adc8965df06867d629e], PUP.Optional.ICQToolbar.A, C:\Program Files (x86)\ICQ6Toolbar\short.wav, In Quarantäne, [14bd16a3deac5adc8965df06867d629e], PUP.Optional.ICQToolbar.A, C:\Program Files (x86)\ICQ6Toolbar\Version.txt, In Quarantäne, [14bd16a3deac5adc8965df06867d629e], PUP.Optional.ICQToolbar.A, C:\Program Files (x86)\ICQ6Toolbar\voucher.bmp, In Quarantäne, [14bd16a3deac5adc8965df06867d629e], PUP.Optional.ICQToolbar.A, C:\Program Files (x86)\ICQ6Toolbar\voucher2.bmp, In Quarantäne, [14bd16a3deac5adc8965df06867d629e], Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.206 - Bericht erstellt 12/06/2015 um 09:23:43
# Aktualisiert 01/06/2015 von Xplode
# Datenbank : 2015-05-31.5 [Lokal]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x64)
# Benutzername : Admin - TOSHIBANBJACOBS
# Gestarted von : C:\Users\Anja\Desktop\AdwCleaner_4.206.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\DriverBoost
Ordner Gelöscht : C:\Program Files (x86)\SoftwareUpdater
Ordner Gelöscht : C:\Program Files\SoftwareUpdater
Ordner Gelöscht : C:\Users\Anja\AppData\Local\Software_Updater
Ordner Gelöscht : C:\Users\Anja\AppData\Local\SoftwareUpdater
Ordner Gelöscht : C:\Users\Anja\AppData\Local\DriverTuner
Datei Gelöscht : C:\Users\Anja\AppData\Roaming\TOSHIBANB.MTBF.txt
***** [ Geplante Tasks ] *****
Task Gelöscht : FreeDriverScout
Task Gelöscht : Software Updater
Task Gelöscht : Software Updater Ui
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\ICQ\ICQToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\MGShareware
Schlüssel Gelöscht : HKLM\SOFTWARE\Myfree Codec
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17840
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
-\\ Google Chrome v43.0.2357.124
[C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=4.7&ts=1372602334090.000003&tguid=46364-3869-1372602334090-0A0EEE382BB8CE3E2B6E26AB54B07CE0&q={searchTerms}
[C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Extension] : fgibjgmnimooanbagcfpnkmngejcojaf
[C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Homepage] : hxxp://search.certified-toolbar.com?si=46364&st=home&tid=3869&ver=4.7&ts=1372602334090.000003&tguid=46364-3869-1372602334090-0A0EEE382BB8CE3E2B6E26AB54B07CE0
[C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Startup_URLs] : hxxp://search.certified-toolbar.com?si=46364&st=home&tid=3869&ver=4.7&ts=1372602334090.000003&tguid=46364-3869-1372602334090-0A0EEE382BB8CE3E2B6E26AB54B07CE0
*************************
AdwCleaner[R0].txt - [4304 Bytes] - [12/06/2015 09:17:53]
AdwCleaner[S0].txt - [4057 Bytes] - [12/06/2015 09:23:43]
########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [4116 Bytes] ##########
[/CODE] und nochmal FRST FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-06-2015 Ran by Anja (ATTENTION: The logged in user is not administrator) on TOSHIBANB on 12-06-2015 11:00:29 Running from C:\Users\Anja\Desktop Loaded Profiles: Anja & Admin (Available Profiles: Anja & Admin) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) Failed to access process -> smss.exe Failed to access process -> csrss.exe Failed to access process -> wininit.exe Failed to access process -> csrss.exe Failed to access process -> services.exe Failed to access process -> lsass.exe Failed to access process -> lsm.exe Failed to access process -> winlogon.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> avp.exe Failed to access process -> svchost.exe Failed to access process -> LMS.exe Failed to access process -> SDFSSvc.exe Failed to access process -> svchost.exe Failed to access process -> WLIDSVC.EXE Failed to access process -> WLIDSVCM.EXE Failed to access process -> svchost.exe Failed to access process -> SearchIndexer.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe Failed to access process -> svchost.exe Failed to access process -> ATService.exe Failed to access process -> wmpnetwk.exe Failed to access process -> spoolsv.exe Failed to access process -> SDUpdSvc.exe Failed to access process -> SDWSCSvc.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe Failed to access process -> taskeng.exe Failed to access process -> TrustedInstaller.exe Failed to access process -> ProtectedObjectsSrv.exe Failed to access process -> WUDFHost.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_17_0_0_188_ActiveX.exe Failed to access process -> svchost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-05] (TOSHIBA Corporation) HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation) HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation) HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [910136 2009-11-10] (TOSHIBA Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8305664 2009-10-30] (Realtek Semiconductor) HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [313344 2009-09-11] (Alps Electric Co., Ltd.) HKLM\...\Run: [TFPUPWDBankService] => C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe [925104 2009-11-06] (TOSHIBA) HKLM\...\Run: [TFPUService] => C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe [793008 2009-11-06] (TOSHIBA) HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation) HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1482592 2009-09-28] (TOSHIBA Corporation) HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-11-05] (TOSHIBA Corporation) HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [707416 2009-11-10] (TOSHIBA Corporation) HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [34648 2009-12-01] (TOSHIBA Corporation) HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2009-11-30] (TOSHIBA Corporation) HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation) HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1050000 2009-10-15] (Toshiba Europe GmbH) HKLM\...\Run: [Toshiba Registration] => C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [134032 2009-08-25] (Toshiba Europe GmbH) HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Eastman Kodak Company) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation) HKLM-x32\...\Run: [TOSDCR] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe [169296 2007-08-28] () HKLM-x32\...\Run: [TNRotate] => C:\Program Files (x86)\TOSHIBA\TNRotate\TNRotate.exe [607616 2008-06-12] (TOSHIBA Corporation) HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2009-11-24] (TOSHIBA CORPORATION.) HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION) HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [370176 2010-06-17] (shbox.de) HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-14] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [EKStatusMonitor] => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2844608 2012-10-15] (Eastman Kodak Company) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-10-13] (Geek Software GmbH) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO) HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe [54072 2015-04-14] (Malwarebytes Corporation) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-3259377877-260377006-1008623290-1000\...\Run: [TOSHIBA Online Product Information] => C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA) HKU\S-1-5-21-3259377877-260377006-1008623290-1000\...\Run: [Duden Korrektor SysTray] => C:\Program Files (x86)\Duden\Duden Korrektor\DKTray.exe [336528 2011-03-15] (Expert System S.p.A.) HKU\S-1-5-21-3259377877-260377006-1008623290-1000\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-02-14] (Samsung) HKU\S-1-5-21-3259377877-260377006-1008623290-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-02-14] (Samsung) HKU\S-1-5-21-3259377877-260377006-1008623290-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-02-14] (Samsung) HKU\S-1-5-21-3259377877-260377006-1008623290-1000\...\RunOnce: [Uninstall C:\Users\Anja\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Anja\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" HKU\S-1-5-21-3259377877-260377006-1008623290-1000\...\RunOnce: [Uninstall C:\Users\Anja\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Anja\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910" HKU\S-1-5-21-3259377877-260377006-1008623290-1000\...\RunOnce: [Uninstall C:\Users\Anja\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Anja\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64" HKU\S-1-5-21-3259377877-260377006-1008623290-1000\...\RunOnce: [Uninstall C:\Users\Anja\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Anja\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627" HKU\S-1-5-18\...\Run: [TOSHIBA Online Product Information] => C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA) HKU\S-1-5-18\...\Run: [Duden Korrektor SysTray] => C:\Program Files (x86)\Duden\Duden Korrektor\DKTray.exe [336528 2011-03-15] (Expert System S.p.A.) HKU\S-1-5-18\...\RunOnce: [KodakHomeCenter] => C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe [2235840 2012-10-19] (Eastman Kodak Company) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2012-10-22] ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk [2010-08-03] ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2010-05-22] ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2010-05-22] ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) ShellIconOverlayIdentifiers: [ATFPUOverlayIcon] -> {3239DBC1-B76D-4dc7-8B29-D99CBA3C7336} => C:\Program Files\TOSHIBA\TFPU\TFPUOverlayIcon.dll [2009-11-06] (TOSHIBA) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll [2014-06-29] (Kaspersky Lab ZAO) ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll [2014-06-29] (Kaspersky Lab ZAO) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-3259377877-260377006-1008623290-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKU\S-1-5-21-3259377877-260377006-1008623290-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH HKU\S-1-5-21-3259377877-260377006-1008623290-1000\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd URLSearchHook: HKU\S-1-5-21-3259377877-260377006-1008623290-1000 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046} URLSearchHook: [S-1-5-21-3259377877-260377006-1008623290-1003] ATTENTION ==> Default URLSearchHook is missing SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3259377877-260377006-1008623290-1000 -> {13DD03BE-B4C7-42C1-AF46-EBA7DC4344DF} URL = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms} SearchScopes: HKU\S-1-5-21-3259377877-260377006-1008623290-1000 -> {1C467582-7A9D-442B-8563-52849E84D538} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2 BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> C:\Program Files (x86)\McAfee\MSK\mskapbho64.dll No File BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-06-29] (Kaspersky Lab ZAO) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-06-29] (Kaspersky Lab ZAO) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-06-29] (Kaspersky Lab ZAO) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-06-29] (Kaspersky Lab ZAO) BHO-x32: TFPUPWDBankBHO Class -> {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} -> C:\Program Files\TOSHIBA\TFPU\x86\TFPUPWDBankBHO.dll [2009-11-06] (TODO: <Company name>) BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> C:\Program Files (x86)\McAfee\MSK\MskAPBho.dll No File BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-06-29] (Kaspersky Lab ZAO) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-06-29] (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-24] (Oracle Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-06-29] (Kaspersky Lab ZAO) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-24] (Oracle Corporation) BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-06-29] (Kaspersky Lab ZAO) DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-09] () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-09] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-24] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-24] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-05-11] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-05-26] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-05-26] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-05-26] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-05-26] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-05-26] (Apple Inc.) FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2013-04-15] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-08-03] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010-10-07] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011-03-27] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-09-20] FF HKLM\...\Firefox\Extensions: [{C1CA7765-44E4-452e-9D00-A04F3D434281}] - FF HKLM-x32\...\Firefox\Extensions: [{C1CA7765-44E4-452e-9D00-A04F3D434281}] - C:\Program Files\TOSHIBA\TFPU\FirefoxAddin FF Extension: Automatic password input in Fx - C:\Program Files\TOSHIBA\TFPU\FirefoxAddin [2010-05-22] FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2014-06-29] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2014-06-29] FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2014-06-29] FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2014-06-29] FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2014-06-29] Chrome: ======= CHR HomePage: Default -> CHR Plugin: (Shockwave Flash) - C:\program files (x86)\google\chrome\application\42.0.2311.90\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\program files (x86)\google\chrome\application\42.0.2311.90\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\program files (x86)\google\chrome\application\42.0.2311.90\pdf.dll No File CHR Plugin: (Babylon Chrome Plugin) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\BabylonChromePI.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File CHR Plugin: (Java(TM) Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File CHR Profile: C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (YouTube) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-10] CHR Extension: (Google Search) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-10] CHR Extension: (Kaspersky URL Advisor) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-11-05] CHR Extension: (Safe Money) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-11-05] CHR Extension: (Content Blocker) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-11-05] CHR Extension: (Virtual Keyboard) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-11-05] CHR Extension: (Kaspersky Protection) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpoimibckejjdjcfbdnajaicnklhfplh [2014-11-05] CHR Extension: (Google Wallet) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-12] CHR Extension: (Gmail) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-10] CHR Extension: (Anti-Banner) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-11-05] CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx [2013-11-11] CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx [2013-11-11] CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx [2013-11-11] CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx [2013-11-11] CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx [2013-11-11] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO) R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888 2013-09-25] (Infowatch) R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation) R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed] S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation) R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) S2 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116104 2009-10-15] (Toshiba Europe GmbH) S2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S4 mcmscsvc; C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe [X] S4 McNASvc; "c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe" [X] S4 McProxy; c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe [X] S4 MpfService; "C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe" [X] S4 MSK80Service; "C:\Program Files (x86)\McAfee\MSK\MskSrver.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [84536 2011-06-02] (Infowatch) R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66616 2011-06-02] (Infowatch) S3 FsUsbExDisk; C:\windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] () [File not signed] R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-06-29] (Kaspersky Lab ZAO) U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2014-06-29] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628288 2014-06-29] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-06-29] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-11-11] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [177864 2015-02-20] (Kaspersky Lab ZAO) S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus64.sys [261120 2005-09-23] (Pinnacle Systems GmbH) [File not signed] S3 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [107736 2015-04-14] (Malwarebytes Corporation) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-12] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation) R1 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [176144 2009-04-09] (McAfee, Inc.) S3 Tosrfcom; No ImagePath S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-12 11:00 - 2015-06-12 11:01 - 00033530 _____ C:\Users\Anja\Desktop\FRST.txt 2015-06-12 10:59 - 2015-06-12 10:59 - 02108928 _____ (Farbar) C:\Users\Anja\Desktop\FRST64.exe 2015-06-12 10:56 - 2015-06-12 10:56 - 02108928 _____ (Farbar) C:\Users\Anja\Downloads\FRST64.exe 2015-06-12 09:42 - 2015-06-12 09:42 - 00000207 _____ C:\windows\tweaking.com-regbackup-TOSHIBANB-Windows-7-Professional-(64-bit).dat 2015-06-12 09:42 - 2015-06-12 09:42 - 00000000 ____D C:\RegBackup 2015-06-12 09:41 - 2015-06-12 09:41 - 02943663 _____ (Thisisu) C:\Users\Anja\Desktop\JRT.exe 2015-06-12 09:17 - 2015-06-12 09:23 - 00000000 ____D C:\AdwCleaner 2015-06-12 09:16 - 2015-06-12 09:16 - 02231296 _____ C:\Users\Anja\Desktop\AdwCleaner_4.206.exe 2015-06-12 08:22 - 2015-06-12 08:22 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-06-12 08:22 - 2015-06-12 08:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-06-12 08:22 - 2015-06-12 08:22 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-06-12 08:22 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2015-06-12 08:22 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2015-06-12 08:19 - 2015-06-12 08:19 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Anja\Desktop\mbam-setup-2.1.6.1022.exe 2015-06-11 09:13 - 2015-06-11 09:13 - 00000000 ____D C:\Users\Anja\AppData\Local\GWX 2015-06-11 08:54 - 2015-06-11 08:54 - 00031339 _____ C:\ComboFix.txt 2015-06-11 08:33 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe 2015-06-11 08:33 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe 2015-06-11 08:33 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe 2015-06-11 08:33 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe 2015-06-11 08:33 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe 2015-06-11 08:33 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe 2015-06-11 08:33 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe 2015-06-11 08:33 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe 2015-06-11 08:32 - 2015-06-11 08:54 - 00000000 ____D C:\Qoobox 2015-06-11 08:31 - 2015-06-11 08:50 - 00000000 ____D C:\windows\erdnt 2015-06-11 08:21 - 2015-06-11 08:21 - 05628161 ____R (Swearware) C:\Users\Anja\Desktop\ComboFix.exe 2015-06-10 08:30 - 2015-06-10 08:30 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Anja\Desktop\tdsskiller.exe 2015-06-09 22:26 - 2015-05-22 20:18 - 01021440 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll 2015-06-09 22:26 - 2015-05-22 20:18 - 00757248 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll 2015-06-09 22:26 - 2015-05-22 20:18 - 00700416 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll 2015-06-09 22:26 - 2015-05-22 20:18 - 00423424 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll 2015-06-09 22:26 - 2015-05-22 20:18 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2015-06-09 22:26 - 2015-05-22 20:18 - 00045568 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll 2015-06-09 22:26 - 2015-05-22 20:13 - 01119232 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2015-06-09 22:26 - 2015-05-21 15:19 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll 2015-06-09 22:26 - 2015-04-29 20:22 - 14635008 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll 2015-06-09 22:26 - 2015-04-29 20:21 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll 2015-06-09 22:26 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx 2015-06-09 22:26 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll 2015-06-09 22:26 - 2015-04-29 20:19 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL 2015-06-09 22:26 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll 2015-06-09 22:26 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwmp.dll 2015-06-09 22:26 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdxm.ocx 2015-06-09 22:26 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxmasf.dll 2015-06-09 22:26 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL 2015-06-09 22:25 - 2015-06-01 21:16 - 00389840 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2015-06-09 22:25 - 2015-06-01 20:07 - 00342736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll 2015-06-09 22:25 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2015-06-09 22:25 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2015-06-09 22:25 - 2015-05-23 05:28 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2015-06-09 22:25 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2015-06-09 22:25 - 2015-05-23 05:15 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2015-06-09 22:25 - 2015-05-23 05:15 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll 2015-06-09 22:25 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec 2015-06-09 22:25 - 2015-05-23 05:13 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll 2015-06-09 22:25 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2015-06-09 22:25 - 2015-05-23 05:09 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2015-06-09 22:25 - 2015-05-23 05:08 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2015-06-09 22:25 - 2015-05-23 05:06 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2015-06-09 22:25 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2015-06-09 22:25 - 2015-05-23 05:05 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe 2015-06-09 22:25 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll 2015-06-09 22:25 - 2015-05-23 04:57 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll 2015-06-09 22:25 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-06-09 22:25 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll 2015-06-09 22:25 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2015-06-09 22:25 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2015-06-09 22:25 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll 2015-06-09 22:25 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2015-06-09 22:25 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2015-06-09 22:25 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll 2015-06-09 22:25 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2015-06-09 22:25 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2015-06-09 22:25 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2015-06-09 22:25 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2015-06-09 22:25 - 2015-05-22 21:16 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2015-06-09 22:25 - 2015-05-22 21:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2015-06-09 22:25 - 2015-05-22 21:01 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2015-06-09 22:25 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2015-06-09 22:25 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2015-06-09 22:25 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec 2015-06-09 22:25 - 2015-05-22 21:00 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2015-06-09 22:25 - 2015-05-22 20:59 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll 2015-06-09 22:25 - 2015-05-22 20:53 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2015-06-09 22:25 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2015-06-09 22:25 - 2015-05-22 20:52 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2015-06-09 22:25 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2015-06-09 22:25 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2015-06-09 22:25 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2015-06-09 22:25 - 2015-05-22 20:47 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2015-06-09 22:25 - 2015-05-22 20:47 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2015-06-09 22:25 - 2015-05-22 20:40 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2015-06-09 22:25 - 2015-05-22 20:36 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2015-06-09 22:25 - 2015-05-22 20:29 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll 2015-06-09 22:25 - 2015-05-22 20:25 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2015-06-09 22:25 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2015-06-09 22:25 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2015-06-09 22:25 - 2015-05-22 20:07 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2015-06-09 22:25 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2015-06-09 22:25 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2015-06-09 22:25 - 2015-05-22 20:05 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2015-06-09 22:25 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2015-06-09 22:25 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2015-06-09 22:25 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2015-06-09 22:25 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2015-06-09 22:21 - 2015-06-09 22:21 - 18169520 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe 2015-06-09 22:21 - 2015-05-25 20:19 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll 2015-06-09 22:21 - 2015-05-25 20:19 - 01255424 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll 2015-06-09 22:21 - 2015-05-25 20:19 - 01162752 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll 2015-06-09 22:21 - 2015-05-25 20:19 - 00728576 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll 2015-06-09 22:21 - 2015-05-25 20:19 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll 2015-06-09 22:21 - 2015-05-25 20:18 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll 2015-06-09 22:21 - 2015-05-25 20:07 - 03989440 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe 2015-06-09 22:21 - 2015-05-25 20:01 - 00641536 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll 2015-06-09 22:21 - 2015-05-25 20:01 - 00551424 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll 2015-06-09 22:20 - 2015-05-25 20:24 - 05569984 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2015-06-09 22:20 - 2015-05-25 20:23 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys 2015-06-09 22:20 - 2015-05-25 20:23 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys 2015-06-09 22:20 - 2015-05-25 20:21 - 01728960 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll 2015-06-09 22:20 - 2015-05-25 20:19 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll 2015-06-09 22:20 - 2015-05-25 20:19 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll 2015-06-09 22:20 - 2015-05-25 20:19 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll 2015-06-09 22:20 - 2015-05-25 20:19 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll 2015-06-09 22:20 - 2015-05-25 20:19 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll 2015-06-09 22:20 - 2015-05-25 20:19 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll 2015-06-09 22:20 - 2015-05-25 20:19 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll 2015-06-09 22:20 - 2015-05-25 20:19 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll 2015-06-09 22:20 - 2015-05-25 20:19 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll 2015-06-09 22:20 - 2015-05-25 20:19 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll 2015-06-09 22:20 - 2015-05-25 20:19 - 00113664 _____ (Microsoft Corporation) C:\windows\system32\sechost.dll 2015-06-09 22:20 - 2015-05-25 20:19 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll 2015-06-09 22:20 - 2015-05-25 20:19 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll 2015-06-09 22:20 - 2015-05-25 20:19 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll 2015-06-09 22:20 - 2015-05-25 20:19 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll 2015-06-09 22:20 - 2015-05-25 20:19 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll 2015-06-09 22:20 - 2015-05-25 20:19 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll 2015-06-09 22:20 - 2015-05-25 20:18 - 00404992 _____ (Microsoft Corporation) C:\windows\system32\tracerpt.exe 2015-06-09 22:20 - 2015-05-25 20:18 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe 2015-06-09 22:20 - 2015-05-25 20:18 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe 2015-06-09 22:20 - 2015-05-25 20:18 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe 2015-06-09 22:20 - 2015-05-25 20:18 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\logman.exe 2015-06-09 22:20 - 2015-05-25 20:18 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe 2015-06-09 22:20 - 2015-05-25 20:18 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\typeperf.exe 2015-06-09 22:20 - 2015-05-25 20:18 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll 2015-06-09 22:20 - 2015-05-25 20:18 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\relog.exe 2015-06-09 22:20 - 2015-05-25 20:18 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe 2015-06-09 22:20 - 2015-05-25 20:18 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll 2015-06-09 22:20 - 2015-05-25 20:18 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\diskperf.exe 2015-06-09 22:20 - 2015-05-25 20:14 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll 2015-06-09 22:20 - 2015-05-25 20:14 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll 2015-06-09 22:20 - 2015-05-25 20:11 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll 2015-06-09 22:20 - 2015-05-25 20:11 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll 2015-06-09 22:20 - 2015-05-25 20:11 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 20:11 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 20:07 - 03934144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe 2015-06-09 22:20 - 2015-05-25 20:04 - 01310744 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll 2015-06-09 22:20 - 2015-05-25 20:01 - 00635392 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll 2015-06-09 22:20 - 2015-05-25 20:01 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll 2015-06-09 22:20 - 2015-05-25 20:01 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll 2015-06-09 22:20 - 2015-05-25 20:01 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll 2015-06-09 22:20 - 2015-05-25 20:01 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll 2015-06-09 22:20 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\windows\SysWOW64\sechost.dll 2015-06-09 22:20 - 2015-05-25 20:01 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll 2015-06-09 22:20 - 2015-05-25 20:01 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll 2015-06-09 22:20 - 2015-05-25 20:01 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll 2015-06-09 22:20 - 2015-05-25 20:01 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll 2015-06-09 22:20 - 2015-05-25 20:01 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll 2015-06-09 22:20 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\windows\SysWOW64\tracerpt.exe 2015-06-09 22:20 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\logman.exe 2015-06-09 22:20 - 2015-05-25 20:00 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe 2015-06-09 22:20 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\windows\SysWOW64\typeperf.exe 2015-06-09 22:20 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\windows\SysWOW64\relog.exe 2015-06-09 22:20 - 2015-05-25 20:00 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe 2015-06-09 22:20 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\diskperf.exe 2015-06-09 22:20 - 2015-05-25 19:59 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll 2015-06-09 22:20 - 2015-05-25 19:59 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll 2015-06-09 22:20 - 2015-05-25 19:59 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll 2015-06-09 22:20 - 2015-05-25 19:59 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll 2015-06-09 22:20 - 2015-05-25 19:57 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll 2015-06-09 22:20 - 2015-05-25 19:57 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll 2015-06-09 22:20 - 2015-05-25 19:55 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll 2015-06-09 22:20 - 2015-05-25 19:55 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll 2015-06-09 22:20 - 2015-05-25 19:55 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 19:55 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 19:00 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll 2015-06-09 22:20 - 2015-05-25 18:50 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe 2015-06-09 22:20 - 2015-05-25 18:50 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe 2015-06-09 22:20 - 2015-05-25 18:48 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 18:48 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 18:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-06-09 22:17 - 2015-05-25 19:08 - 03206144 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2015-06-09 22:17 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll 2015-06-09 22:17 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll 2015-06-09 22:17 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\stream.sys 2015-06-09 21:44 - 2015-06-12 08:22 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-06-09 21:43 - 2015-06-12 08:23 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2015-06-09 21:43 - 2015-06-10 08:25 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-06-09 21:42 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2015-06-09 21:34 - 2015-06-09 21:36 - 00000000 ____D C:\Users\Anja\Desktop\mbar 2015-06-08 18:59 - 2015-06-10 06:47 - 00000000 ____D C:\Users\Admin 2015-06-07 20:30 - 2015-06-12 11:00 - 00000000 ____D C:\FRST 2015-06-07 20:18 - 2015-06-07 20:18 - 00000000 _____ C:\Users\Anja\defogger_reenable 2015-06-07 19:54 - 2015-06-07 19:54 - 00000000 ____D C:\Users\Anja\Documents\Johann Willi 2015-06-07 13:48 - 2015-06-12 09:10 - 00000000 ____D C:\Users\Anja\Downloads\Viren und Malware 2015-06-06 07:30 - 2015-06-06 07:30 - 00001402 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2015-06-06 07:30 - 2015-06-06 07:30 - 00001390 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2015-06-06 07:30 - 2015-06-06 07:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2015-06-06 07:29 - 2015-06-06 08:29 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2015-06-06 07:29 - 2015-06-06 07:31 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2015-06-06 07:29 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe 2015-05-24 09:37 - 2015-05-24 10:25 - 00101184 _____ (Amazon.com, Inc.) C:\windows\system32\stkMonitor.dll 2015-05-24 09:37 - 2015-05-24 10:25 - 00000000 ____D C:\Program Files (x86)\Amazon 2015-05-24 09:37 - 2015-05-24 09:37 - 00000000 ____D C:\Users\Anja\AppData\Local\Amazon 2015-05-17 18:31 - 2015-03-14 05:21 - 01632768 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll 2015-05-17 18:31 - 2015-03-14 05:21 - 00082944 _____ (Microsoft Corporation) C:\windows\system32\dwmapi.dll 2015-05-17 18:31 - 2015-03-14 05:04 - 01372160 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmcore.dll 2015-05-17 18:31 - 2015-03-14 05:04 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmapi.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-12 10:57 - 2011-01-30 16:26 - 00001110 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-06-12 10:55 - 2009-07-14 19:58 - 00699682 _____ C:\windows\system32\perfh007.dat 2015-06-12 10:55 - 2009-07-14 19:58 - 00149790 _____ C:\windows\system32\perfc007.dat 2015-06-12 10:55 - 2009-07-14 07:13 - 01620684 _____ C:\windows\system32\PerfStringBackup.INI 2015-06-12 10:21 - 2011-07-24 14:01 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2015-06-12 10:20 - 2012-05-02 19:06 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job 2015-06-12 09:40 - 2010-05-21 23:55 - 01130460 _____ C:\windows\WindowsUpdate.log 2015-06-12 09:35 - 2009-07-14 06:45 - 00022208 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-06-12 09:35 - 2009-07-14 06:45 - 00022208 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-06-12 09:30 - 2011-01-30 16:26 - 00001106 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-06-12 09:25 - 2015-03-28 22:48 - 00065536 _____ C:\windows\system32\Ikeext.etl 2015-06-12 09:25 - 2011-01-26 17:29 - 00000000 ____D C:\ProgramData\Kodak 2015-06-12 09:25 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT 2015-06-12 09:25 - 2009-07-14 06:51 - 00154132 _____ C:\windows\setupact.log 2015-06-12 08:58 - 2009-07-14 05:20 - 00000000 ____D C:\windows\tracing 2015-06-12 08:57 - 2009-12-08 02:54 - 00832228 _____ C:\windows\PFRO.log 2015-06-12 08:55 - 2011-06-13 10:45 - 00000000 ____D C:\ProgramData\ICQ 2015-06-12 08:55 - 2009-07-14 05:20 - 00000000 ____D C:\windows\Web 2015-06-12 08:11 - 2011-02-27 16:43 - 00000000 ____D C:\Users\Anja\Documents\Outlook-Dateien 2015-06-11 08:54 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default 2015-06-11 08:48 - 2009-07-14 04:34 - 00000215 _____ C:\windows\system.ini 2015-06-10 09:08 - 2014-11-13 21:53 - 00000000 __SHD C:\Users\Anja\AppData\Local\EmieBrowserModeList 2015-06-10 09:08 - 2014-05-08 04:13 - 00000000 __SHD C:\Users\Anja\AppData\Local\EmieUserList 2015-06-10 09:08 - 2014-05-08 04:13 - 00000000 __SHD C:\Users\Anja\AppData\Local\EmieSiteList 2015-06-10 04:51 - 2009-07-14 05:20 - 00000000 ____D C:\windows\rescache 2015-06-10 03:49 - 2009-07-14 06:45 - 00506248 _____ C:\windows\system32\FNTCACHE.DAT 2015-06-10 03:43 - 2014-12-12 08:59 - 00000000 ____D C:\windows\system32\appraiser 2015-06-10 03:43 - 2014-05-07 15:53 - 00000000 ___SD C:\windows\system32\CompatTel 2015-06-10 03:42 - 2009-07-14 05:20 - 00000000 ____D C:\windows\PolicyDefinitions 2015-06-10 03:20 - 2009-12-08 03:03 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-06-10 03:14 - 2013-08-14 21:05 - 00000000 ____D C:\windows\system32\MRT 2015-06-10 03:06 - 2010-09-14 21:23 - 140135120 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2015-06-10 03:03 - 2009-07-14 04:34 - 00000510 _____ C:\windows\win.ini 2015-06-09 22:24 - 2012-05-02 19:06 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2015-06-09 22:24 - 2011-05-15 08:53 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-06-08 21:25 - 2015-01-06 21:59 - 00000000 ____D C:\Users\Anja\Desktop\Fotos 2015 2015-06-07 22:50 - 2013-11-03 15:45 - 00000000 ____D C:\windows\Minidump 2015-06-07 20:18 - 2010-08-01 19:20 - 00000000 ____D C:\Users\Anja 2015-06-07 19:52 - 2010-11-07 11:52 - 00000000 ____D C:\Users\Anja\Documents\Anja 2015-06-07 16:42 - 2014-07-29 20:56 - 00000000 ____D C:\Users\Anja\AppData\Local\Unity 2015-05-31 15:58 - 2010-11-12 20:42 - 00000000 ____D C:\Users\Anja\AppData\Local\FreePDF_XP 2015-05-26 19:31 - 2010-11-06 11:42 - 00000000 ____D C:\Users\Anja\Documents\Didi 2015-05-24 09:34 - 2013-11-13 23:31 - 00000000 ____D C:\ProgramData\Oracle 2015-05-24 09:31 - 2010-08-03 22:01 - 00000000 ____D C:\Program Files (x86)\Java 2015-05-24 09:27 - 2014-10-19 19:44 - 00097888 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll 2015-05-20 22:17 - 2015-04-06 12:47 - 00000000 ___SD C:\windows\SysWOW64\GWX 2015-05-20 22:17 - 2015-04-06 12:47 - 00000000 ___SD C:\windows\system32\GWX 2015-05-13 20:06 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal 2015-05-13 20:06 - 2009-07-14 05:20 - 00000000 ____D C:\windows\system32\AdvancedInstallers ==================== Files in the root of some directories ======= 2013-06-14 20:28 - 2013-06-18 08:28 - 0004608 _____ () C:\Users\Anja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-10-26 21:18 - 2012-10-31 18:03 - 0015494 _____ () C:\Users\Anja\AppData\Local\installer.log 2011-01-26 18:00 - 2011-01-26 18:00 - 0000236 _____ () C:\Users\Anja\AppData\Local\LaunchHomeCenter.log 2011-07-04 19:20 - 2011-07-04 19:20 - 0000000 _____ () C:\Users\Anja\AppData\Local\{FE52DF1B-FD79-46B7-9E55-C08B93007A9F} 2012-01-07 13:59 - 2012-01-07 15:12 - 0020531 ____H () C:\ProgramData\M33KI 2011-05-17 17:30 - 2011-05-22 10:11 - 0001492 _____ () C:\ProgramData\ss.ini ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed ==================== End of log ============================ Weiter vielen Dank für die Unterstützung und Grüße von speedy didi |
|
13.06.2015, 08:16
| #11 |
| /// the machine /// TB-Ausbilder | Flipmailer / Trojaner - ähnlich dem Problem von schima30 - Infoexenet flipmailer? Unsere Tools brauchen immer Adminrechte. FRST lief ohne Adminrechte. ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.06.2015, 11:07
| #12 |
| | Flipmailer / Trojaner - ähnlich dem Problem von schima30 - Infoexenet flipmailer? Hallo schrauber, hier die neuen logfiles. Das neue FRST folgt mit gesonderter Nachricht. a) ESET ===== Code:
ATTFilter ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internet# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=449bc15bd9ac684cadd67ee705ed649f
# end=init
# utc_time=2015-06-14 07:05:19
# local_time=2015-06-14 09:05:19 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24317
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=449bc15bd9ac684cadd67ee705ed649f
# end=updated
# utc_time=2015-06-14 07:08:33
# local_time=2015-06-14 09:08:33 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=449bc15bd9ac684cadd67ee705ed649f
# engine=24317
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-06-14 09:00:52
# local_time=2015-06-14 11:00:52 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Kaspersky PURE 3.0'
# compatibility_mode=1289 16777213 100 99 8570 126522120 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 176965 185902302 0 0
# scanned=318257
# found=0
# cleaned=0
# scan_time=6738
=========== Code:
ATTFilter Results of screen317's Security Check version 1.002 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Kaspersky PURE 3.0 Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Java 8 Update 45 Adobe Flash Player 17.0.0.188 Adobe Reader XI Google Chrome (43.0.2357.124) Google Chrome (43.0.2357.81) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Spybot Teatimer.exe is disabled! Malwarebytes Anti-Malware mbamscheduler.exe TOSHIBA Toshiba Online Product Information TOPI.exe Kaspersky Lab Kaspersky PURE 3.0 avp.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` speedy didi ... und hier das neue FRST-file =================== FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015 Ran by Admin (administrator) on TOSHIBANB on 14-06-2015 11:58:45 Running from C:\Users\Admin\Desktop Loaded Profiles: Admin (Available Profiles: Anja & Admin) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\ATService.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe (Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe (Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe (TOSHIBA) C:\Program Files\Toshiba\TFPU\TFPUPWDBank.exe (TOSHIBA) C:\Program Files\Toshiba\TFPU\TFPUTaskMonitor.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe (TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (TOSHIBA) C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TNROTATE\TNROTATE.exe (TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-05] (TOSHIBA Corporation) HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation) HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation) HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [910136 2009-11-10] (TOSHIBA Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8305664 2009-10-30] (Realtek Semiconductor) HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [313344 2009-09-11] (Alps Electric Co., Ltd.) HKLM\...\Run: [TFPUPWDBankService] => C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe [925104 2009-11-06] (TOSHIBA) HKLM\...\Run: [TFPUService] => C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe [793008 2009-11-06] (TOSHIBA) HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation) HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1482592 2009-09-28] (TOSHIBA Corporation) HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-11-05] (TOSHIBA Corporation) HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [707416 2009-11-10] (TOSHIBA Corporation) HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [34648 2009-12-01] (TOSHIBA Corporation) HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2009-11-30] (TOSHIBA Corporation) HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation) HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1050000 2009-10-15] (Toshiba Europe GmbH) HKLM\...\Run: [Toshiba Registration] => C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [134032 2009-08-25] (Toshiba Europe GmbH) HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Eastman Kodak Company) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation) HKLM-x32\...\Run: [TOSDCR] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe [169296 2007-08-28] () HKLM-x32\...\Run: [TNRotate] => C:\Program Files (x86)\TOSHIBA\TNRotate\TNRotate.exe [607616 2008-06-12] (TOSHIBA Corporation) HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2009-11-24] (TOSHIBA CORPORATION.) HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION) HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [370176 2010-06-17] (shbox.de) HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-14] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [EKStatusMonitor] => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2844608 2012-10-15] (Eastman Kodak Company) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-10-13] (Geek Software GmbH) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO) HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-3259377877-260377006-1008623290-1003\...\Run: [TOSHIBA Online Product Information] => C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA) HKU\S-1-5-18\...\Run: [TOSHIBA Online Product Information] => C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA) HKU\S-1-5-18\...\Run: [Duden Korrektor SysTray] => C:\Program Files (x86)\Duden\Duden Korrektor\DKTray.exe [336528 2011-03-15] (Expert System S.p.A.) HKU\S-1-5-18\...\RunOnce: [KodakHomeCenter] => C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe [2235840 2012-10-19] (Eastman Kodak Company) Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2015-06-08] ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2012-10-22] ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk [2010-08-03] ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2010-05-22] ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2010-05-22] ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers: [ATFPUOverlayIcon] -> {3239DBC1-B76D-4dc7-8B29-D99CBA3C7336} => C:\Program Files\TOSHIBA\TFPU\TFPUOverlayIcon.dll [2009-11-06] (TOSHIBA) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll [2014-06-29] (Kaspersky Lab ZAO) ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll [2014-06-29] (Kaspersky Lab ZAO) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3259377877-260377006-1008623290-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-3259377877-260377006-1008623290-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-3259377877-260377006-1008623290-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> C:\Program Files (x86)\McAfee\MSK\mskapbho64.dll No File BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-06-29] (Kaspersky Lab ZAO) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-06-29] (Kaspersky Lab ZAO) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-06-29] (Kaspersky Lab ZAO) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-06-29] (Kaspersky Lab ZAO) BHO-x32: TFPUPWDBankBHO Class -> {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} -> C:\Program Files\TOSHIBA\TFPU\x86\TFPUPWDBankBHO.dll [2009-11-06] (TODO: <Company name>) BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> C:\Program Files (x86)\McAfee\MSK\MskAPBho.dll No File BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-06-29] (Kaspersky Lab ZAO) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-06-29] (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-24] (Oracle Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-06-29] (Kaspersky Lab ZAO) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-24] (Oracle Corporation) BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-06-29] (Kaspersky Lab ZAO) DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-09] () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-09] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-24] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-24] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-05-11] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-05-26] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-05-26] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-05-26] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-05-26] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-05-26] (Apple Inc.) FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2013-04-15] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-08-03] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010-10-07] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011-03-27] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-09-20] FF HKLM\...\Firefox\Extensions: [{C1CA7765-44E4-452e-9D00-A04F3D434281}] - FF HKLM-x32\...\Firefox\Extensions: [{C1CA7765-44E4-452e-9D00-A04F3D434281}] - C:\Program Files\TOSHIBA\TFPU\FirefoxAddin FF Extension: Automatic password input in Fx - C:\Program Files\TOSHIBA\TFPU\FirefoxAddin [2010-05-22] FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2014-06-29] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2014-06-29] FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2014-06-29] FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2014-06-29] FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2014-06-29] Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx [2013-11-11] CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx [2013-11-11] CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx [2013-11-11] CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx [2013-11-11] CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx [2013-11-11] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO) R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888 2013-09-25] (Infowatch) R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) R2 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116104 2009-10-15] (Toshiba Europe GmbH) R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S4 mcmscsvc; C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe [X] S4 McNASvc; "c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe" [X] S4 McProxy; c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe [X] S4 MpfService; "C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe" [X] S4 MSK80Service; "C:\Program Files (x86)\McAfee\MSK\MskSrver.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [84536 2011-06-02] (Infowatch) R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66616 2011-06-02] (Infowatch) S3 FsUsbExDisk; C:\windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] () [File not signed] R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-06-29] (Kaspersky Lab ZAO) U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2014-06-29] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628288 2014-06-29] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-06-29] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-11-11] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [177864 2015-02-20] (Kaspersky Lab ZAO) S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus64.sys [261120 2005-09-23] (Pinnacle Systems GmbH) [File not signed] S3 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [107736 2015-04-14] (Malwarebytes Corporation) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-14] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation) R1 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [176144 2009-04-09] (McAfee, Inc.) S3 Tosrfcom; No ImagePath S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-14 11:58 - 2015-06-14 12:00 - 00029429 _____ C:\Users\Admin\Desktop\FRST.txt 2015-06-14 11:57 - 2015-06-14 11:57 - 02109952 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe 2015-06-14 11:53 - 2015-06-14 11:53 - 00001070 _____ C:\Users\Admin\Desktop\checkup.txt 2015-06-14 09:04 - 2015-06-14 09:04 - 00000000 ____D C:\Program Files (x86)\ESET 2015-06-14 09:02 - 2015-06-14 09:02 - 00852639 _____ C:\Users\Admin\Desktop\SecurityCheck.exe 2015-06-14 09:01 - 2015-06-14 09:01 - 02870984 _____ (ESET) C:\Users\Admin\Desktop\esetsmartinstaller_deu.exe 2015-06-14 08:47 - 2015-06-14 08:47 - 00000000 ____D C:\Users\Admin\AppData\Local\Toshiba 2015-06-12 11:02 - 2015-06-12 11:02 - 00041852 _____ C:\Users\Anja\Desktop\Addition.txt 2015-06-12 11:00 - 2015-06-12 11:02 - 00070524 _____ C:\Users\Anja\Desktop\FRST.txt 2015-06-12 10:59 - 2015-06-12 10:59 - 02108928 _____ (Farbar) C:\Users\Anja\Desktop\FRST64.exe 2015-06-12 10:56 - 2015-06-12 10:56 - 02108928 _____ (Farbar) C:\Users\Anja\Downloads\FRST64.exe 2015-06-12 09:46 - 2015-06-12 09:58 - 00001179 _____ C:\Users\Admin\Desktop\JRT.txt 2015-06-12 09:42 - 2015-06-12 09:42 - 00000207 _____ C:\windows\tweaking.com-regbackup-TOSHIBANB-Windows-7-Professional-(64-bit).dat 2015-06-12 09:42 - 2015-06-12 09:42 - 00000000 ____D C:\RegBackup 2015-06-12 09:41 - 2015-06-12 09:41 - 02943663 _____ (Thisisu) C:\Users\Anja\Desktop\JRT.exe 2015-06-12 09:17 - 2015-06-12 13:53 - 00000000 ____D C:\AdwCleaner 2015-06-12 09:16 - 2015-06-12 09:16 - 02231296 _____ C:\Users\Anja\Desktop\AdwCleaner_4.206.exe 2015-06-12 08:22 - 2015-06-12 08:22 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-06-12 08:22 - 2015-06-12 08:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-06-12 08:22 - 2015-06-12 08:22 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-06-12 08:22 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2015-06-12 08:22 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2015-06-12 08:19 - 2015-06-12 08:19 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Anja\Desktop\mbam-setup-2.1.6.1022.exe 2015-06-11 09:13 - 2015-06-11 09:13 - 00000000 ____D C:\Users\Anja\AppData\Local\GWX 2015-06-11 08:54 - 2015-06-11 08:54 - 00031339 _____ C:\ComboFix.txt 2015-06-11 08:33 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe 2015-06-11 08:33 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe 2015-06-11 08:33 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe 2015-06-11 08:33 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe 2015-06-11 08:33 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe 2015-06-11 08:33 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe 2015-06-11 08:33 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe 2015-06-11 08:33 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe 2015-06-11 08:32 - 2015-06-11 08:54 - 00000000 ____D C:\Qoobox 2015-06-11 08:31 - 2015-06-11 08:50 - 00000000 ____D C:\windows\erdnt 2015-06-11 08:21 - 2015-06-11 08:21 - 05628161 ____R (Swearware) C:\Users\Anja\Desktop\ComboFix.exe 2015-06-10 08:30 - 2015-06-10 08:30 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Anja\Desktop\tdsskiller.exe 2015-06-10 07:03 - 2015-06-10 07:03 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Toshiba 2015-06-10 06:48 - 2015-06-10 06:48 - 00145176 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT 2015-06-10 06:48 - 2015-06-10 06:48 - 00002227 _____ C:\Users\Admin\Desktop\Sicherer Zahlungsverkehr.lnk 2015-06-10 06:48 - 2015-06-10 06:48 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Intel Corporation 2015-06-10 06:47 - 2015-06-10 06:47 - 00002258 _____ C:\Users\Admin\Desktop\Google Chrome.lnk 2015-06-10 06:47 - 2015-06-10 06:47 - 00001432 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-06-10 06:47 - 2015-06-10 06:47 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Adobe 2015-06-10 06:47 - 2015-06-10 06:47 - 00000000 ____D C:\Users\Admin\AppData\Local\VirtualStore 2015-06-10 06:47 - 2015-06-10 06:47 - 00000000 ____D C:\Users\Admin\AppData\Local\Google 2015-06-09 22:26 - 2015-05-22 20:18 - 01021440 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll 2015-06-09 22:26 - 2015-05-22 20:18 - 00757248 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll 2015-06-09 22:26 - 2015-05-22 20:18 - 00700416 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll 2015-06-09 22:26 - 2015-05-22 20:18 - 00423424 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll 2015-06-09 22:26 - 2015-05-22 20:18 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2015-06-09 22:26 - 2015-05-22 20:18 - 00045568 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll 2015-06-09 22:26 - 2015-05-22 20:13 - 01119232 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2015-06-09 22:26 - 2015-05-21 15:19 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll 2015-06-09 22:26 - 2015-04-29 20:22 - 14635008 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll 2015-06-09 22:26 - 2015-04-29 20:21 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll 2015-06-09 22:26 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx 2015-06-09 22:26 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll 2015-06-09 22:26 - 2015-04-29 20:19 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL 2015-06-09 22:26 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll 2015-06-09 22:26 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwmp.dll 2015-06-09 22:26 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdxm.ocx 2015-06-09 22:26 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxmasf.dll 2015-06-09 22:26 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL 2015-06-09 22:25 - 2015-06-01 21:16 - 00389840 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2015-06-09 22:25 - 2015-06-01 20:07 - 00342736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll 2015-06-09 22:25 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2015-06-09 22:25 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2015-06-09 22:25 - 2015-05-23 05:28 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2015-06-09 22:25 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2015-06-09 22:25 - 2015-05-23 05:15 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2015-06-09 22:25 - 2015-05-23 05:15 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll 2015-06-09 22:25 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec 2015-06-09 22:25 - 2015-05-23 05:13 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll 2015-06-09 22:25 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2015-06-09 22:25 - 2015-05-23 05:09 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2015-06-09 22:25 - 2015-05-23 05:08 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2015-06-09 22:25 - 2015-05-23 05:06 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2015-06-09 22:25 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2015-06-09 22:25 - 2015-05-23 05:05 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe 2015-06-09 22:25 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll 2015-06-09 22:25 - 2015-05-23 04:57 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll 2015-06-09 22:25 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-06-09 22:25 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll 2015-06-09 22:25 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2015-06-09 22:25 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2015-06-09 22:25 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll 2015-06-09 22:25 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2015-06-09 22:25 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2015-06-09 22:25 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll 2015-06-09 22:25 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2015-06-09 22:25 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2015-06-09 22:25 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2015-06-09 22:25 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2015-06-09 22:25 - 2015-05-22 21:16 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2015-06-09 22:25 - 2015-05-22 21:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2015-06-09 22:25 - 2015-05-22 21:01 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2015-06-09 22:25 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2015-06-09 22:25 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2015-06-09 22:25 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec 2015-06-09 22:25 - 2015-05-22 21:00 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2015-06-09 22:25 - 2015-05-22 20:59 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll 2015-06-09 22:25 - 2015-05-22 20:53 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2015-06-09 22:25 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2015-06-09 22:25 - 2015-05-22 20:52 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2015-06-09 22:25 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2015-06-09 22:25 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2015-06-09 22:25 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2015-06-09 22:25 - 2015-05-22 20:47 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2015-06-09 22:25 - 2015-05-22 20:47 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2015-06-09 22:25 - 2015-05-22 20:40 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2015-06-09 22:25 - 2015-05-22 20:36 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2015-06-09 22:25 - 2015-05-22 20:29 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll 2015-06-09 22:25 - 2015-05-22 20:25 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2015-06-09 22:25 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2015-06-09 22:25 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2015-06-09 22:25 - 2015-05-22 20:07 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2015-06-09 22:25 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2015-06-09 22:25 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2015-06-09 22:25 - 2015-05-22 20:05 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2015-06-09 22:25 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2015-06-09 22:25 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2015-06-09 22:25 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2015-06-09 22:25 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2015-06-09 22:21 - 2015-06-09 22:21 - 18169520 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe 2015-06-09 22:21 - 2015-05-25 20:19 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll 2015-06-09 22:21 - 2015-05-25 20:19 - 01255424 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll 2015-06-09 22:21 - 2015-05-25 20:19 - 01162752 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll 2015-06-09 22:21 - 2015-05-25 20:19 - 00728576 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll 2015-06-09 22:21 - 2015-05-25 20:19 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll 2015-06-09 22:21 - 2015-05-25 20:18 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll 2015-06-09 22:21 - 2015-05-25 20:07 - 03989440 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe 2015-06-09 22:21 - 2015-05-25 20:01 - 00641536 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll 2015-06-09 22:21 - 2015-05-25 20:01 - 00551424 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll 2015-06-09 22:20 - 2015-05-25 20:24 - 05569984 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2015-06-09 22:20 - 2015-05-25 20:23 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys 2015-06-09 22:20 - 2015-05-25 20:23 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys 2015-06-09 22:20 - 2015-05-25 20:21 - 01728960 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll 2015-06-09 22:20 - 2015-05-25 20:19 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll 2015-06-09 22:20 - 2015-05-25 20:19 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll 2015-06-09 22:20 - 2015-05-25 20:19 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll 2015-06-09 22:20 - 2015-05-25 20:19 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll 2015-06-09 22:20 - 2015-05-25 20:19 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll 2015-06-09 22:20 - 2015-05-25 20:19 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll 2015-06-09 22:20 - 2015-05-25 20:19 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll 2015-06-09 22:20 - 2015-05-25 20:19 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll 2015-06-09 22:20 - 2015-05-25 20:19 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll 2015-06-09 22:20 - 2015-05-25 20:19 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll 2015-06-09 22:20 - 2015-05-25 20:19 - 00113664 _____ (Microsoft Corporation) C:\windows\system32\sechost.dll 2015-06-09 22:20 - 2015-05-25 20:19 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll 2015-06-09 22:20 - 2015-05-25 20:19 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll 2015-06-09 22:20 - 2015-05-25 20:19 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll 2015-06-09 22:20 - 2015-05-25 20:19 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll 2015-06-09 22:20 - 2015-05-25 20:19 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll 2015-06-09 22:20 - 2015-05-25 20:19 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll 2015-06-09 22:20 - 2015-05-25 20:18 - 00404992 _____ (Microsoft Corporation) C:\windows\system32\tracerpt.exe 2015-06-09 22:20 - 2015-05-25 20:18 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe 2015-06-09 22:20 - 2015-05-25 20:18 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe 2015-06-09 22:20 - 2015-05-25 20:18 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe 2015-06-09 22:20 - 2015-05-25 20:18 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\logman.exe 2015-06-09 22:20 - 2015-05-25 20:18 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe 2015-06-09 22:20 - 2015-05-25 20:18 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\typeperf.exe 2015-06-09 22:20 - 2015-05-25 20:18 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll 2015-06-09 22:20 - 2015-05-25 20:18 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\relog.exe 2015-06-09 22:20 - 2015-05-25 20:18 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe 2015-06-09 22:20 - 2015-05-25 20:18 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll 2015-06-09 22:20 - 2015-05-25 20:18 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\diskperf.exe 2015-06-09 22:20 - 2015-05-25 20:14 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll 2015-06-09 22:20 - 2015-05-25 20:14 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll 2015-06-09 22:20 - 2015-05-25 20:11 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll 2015-06-09 22:20 - 2015-05-25 20:11 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll 2015-06-09 22:20 - 2015-05-25 20:11 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 20:11 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 20:07 - 03934144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe 2015-06-09 22:20 - 2015-05-25 20:04 - 01310744 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll 2015-06-09 22:20 - 2015-05-25 20:01 - 00635392 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll 2015-06-09 22:20 - 2015-05-25 20:01 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll 2015-06-09 22:20 - 2015-05-25 20:01 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll 2015-06-09 22:20 - 2015-05-25 20:01 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll 2015-06-09 22:20 - 2015-05-25 20:01 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll 2015-06-09 22:20 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\windows\SysWOW64\sechost.dll 2015-06-09 22:20 - 2015-05-25 20:01 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll 2015-06-09 22:20 - 2015-05-25 20:01 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll 2015-06-09 22:20 - 2015-05-25 20:01 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll 2015-06-09 22:20 - 2015-05-25 20:01 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll 2015-06-09 22:20 - 2015-05-25 20:01 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll 2015-06-09 22:20 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\windows\SysWOW64\tracerpt.exe 2015-06-09 22:20 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\logman.exe 2015-06-09 22:20 - 2015-05-25 20:00 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe 2015-06-09 22:20 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\windows\SysWOW64\typeperf.exe 2015-06-09 22:20 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\windows\SysWOW64\relog.exe 2015-06-09 22:20 - 2015-05-25 20:00 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe 2015-06-09 22:20 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\diskperf.exe 2015-06-09 22:20 - 2015-05-25 19:59 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll 2015-06-09 22:20 - 2015-05-25 19:59 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll 2015-06-09 22:20 - 2015-05-25 19:59 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll 2015-06-09 22:20 - 2015-05-25 19:59 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll 2015-06-09 22:20 - 2015-05-25 19:57 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll 2015-06-09 22:20 - 2015-05-25 19:57 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll 2015-06-09 22:20 - 2015-05-25 19:55 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll 2015-06-09 22:20 - 2015-05-25 19:55 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll 2015-06-09 22:20 - 2015-05-25 19:55 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 19:55 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 19:00 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll 2015-06-09 22:20 - 2015-05-25 18:50 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe 2015-06-09 22:20 - 2015-05-25 18:50 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe 2015-06-09 22:20 - 2015-05-25 18:48 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 18:48 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 18:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-06-09 22:20 - 2015-05-25 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-06-09 22:17 - 2015-05-25 19:08 - 03206144 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2015-06-09 22:17 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll 2015-06-09 22:17 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll 2015-06-09 22:17 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\stream.sys 2015-06-09 21:44 - 2015-06-12 08:22 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-06-09 21:43 - 2015-06-14 09:10 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2015-06-09 21:43 - 2015-06-10 08:25 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-06-09 21:42 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2015-06-09 21:40 - 2015-06-10 08:25 - 00000000 ____D C:\Users\Admin\Desktop\mbar 2015-06-09 21:34 - 2015-06-09 21:36 - 00000000 ____D C:\Users\Anja\Desktop\mbar 2015-06-09 21:14 - 2015-06-09 21:14 - 00000000 ____D C:\Users\Admin\AppData\Roaming\TFPU 2015-06-08 19:00 - 2015-06-08 19:00 - 00000020 ___SH C:\Users\Admin\ntuser.ini 2015-06-08 19:00 - 2015-06-08 19:00 - 00000000 _SHDL C:\Users\Admin\AppData\Local\Verlauf 2015-06-08 19:00 - 2015-06-08 19:00 - 00000000 _SHDL C:\Users\Admin\AppData\Local\Anwendungsdaten 2015-06-08 18:59 - 2015-06-13 12:01 - 00000000 ____D C:\Users\Admin 2015-06-08 18:59 - 2015-06-08 18:59 - 00000000 _SHDL C:\Users\Admin\Vorlagen 2015-06-08 18:59 - 2015-06-08 18:59 - 00000000 _SHDL C:\Users\Admin\Startmenü 2015-06-08 18:59 - 2015-06-08 18:59 - 00000000 _SHDL C:\Users\Admin\Netzwerkumgebung 2015-06-08 18:59 - 2015-06-08 18:59 - 00000000 _SHDL C:\Users\Admin\Lokale Einstellungen 2015-06-08 18:59 - 2015-06-08 18:59 - 00000000 _SHDL C:\Users\Admin\Eigene Dateien 2015-06-08 18:59 - 2015-06-08 18:59 - 00000000 _SHDL C:\Users\Admin\Druckumgebung 2015-06-08 18:59 - 2015-06-08 18:59 - 00000000 _SHDL C:\Users\Admin\Documents\Eigene Musik 2015-06-08 18:59 - 2015-06-08 18:59 - 00000000 _SHDL C:\Users\Admin\Documents\Eigene Bilder 2015-06-08 18:59 - 2015-06-08 18:59 - 00000000 _SHDL C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-06-08 18:59 - 2015-06-08 18:59 - 00000000 _SHDL C:\Users\Admin\Anwendungsdaten 2015-06-08 18:59 - 2013-07-30 11:03 - 00002131 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk 2015-06-08 18:59 - 2012-10-26 21:18 - 00002896 _____ C:\Users\Admin\AppData\Local\installer.log 2015-06-08 18:59 - 2012-10-26 21:09 - 00800824 _____ (Microsoft Corporation) C:\Users\Admin\AppData\Roaming\DPInst.exe 2015-06-08 18:59 - 2012-10-26 21:09 - 00106496 _____ (Microsoft Corporation) C:\Users\Admin\AppData\Roaming\gacutil.exe 2015-06-08 18:59 - 2012-10-26 21:09 - 00036352 _____ (Microsoft Corporation) C:\Users\Admin\AppData\Roaming\PnPutil.exe 2015-06-08 18:59 - 2012-10-26 21:09 - 00000000 ____D C:\Users\Admin\AppData\Roaming\KODAK AiO Home Center1853668128 2015-06-08 18:59 - 2012-07-22 11:13 - 00000000 ____D C:\Users\Admin\AppData\Roaming\KODAK AiO Home Center1490705029 2015-06-08 18:59 - 2012-04-13 18:23 - 00000000 ____D C:\Users\Admin\AppData\Local\Microsoft Help 2015-06-08 18:59 - 2011-09-08 14:49 - 00000000 ____D C:\Users\Admin\AppData\Local\Eastman_Kodak_Company 2015-06-08 18:59 - 2011-09-08 14:40 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Temp 2015-06-08 18:59 - 2009-12-08 03:01 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Macromedia 2015-06-08 18:59 - 2009-07-14 06:54 - 00000000 ___RD C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-06-08 18:59 - 2009-07-14 06:49 - 00000000 ___RD C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-06-07 22:50 - 2015-06-07 22:50 - 00476416 _____ C:\windows\Minidump\060715-31621-01.dmp 2015-06-07 20:30 - 2015-06-14 11:58 - 00000000 ____D C:\FRST 2015-06-07 20:18 - 2015-06-07 20:18 - 00000000 _____ C:\Users\Anja\defogger_reenable 2015-06-07 19:54 - 2015-06-07 19:54 - 00000000 ____D C:\Users\Anja\Documents\Johann Willi 2015-06-07 13:48 - 2015-06-12 13:51 - 00000000 ____D C:\Users\Anja\Downloads\Viren und Malware 2015-06-06 07:30 - 2015-06-06 07:30 - 00001402 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2015-06-06 07:30 - 2015-06-06 07:30 - 00001390 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2015-06-06 07:30 - 2015-06-06 07:30 - 00000000 ____D C:\windows\System32\Tasks\Safer-Networking 2015-06-06 07:30 - 2015-06-06 07:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2015-06-06 07:29 - 2015-06-06 08:29 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2015-06-06 07:29 - 2015-06-06 07:31 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2015-06-06 07:29 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe 2015-05-24 09:37 - 2015-05-24 10:25 - 00101184 _____ (Amazon.com, Inc.) C:\windows\system32\stkMonitor.dll 2015-05-24 09:37 - 2015-05-24 10:25 - 00000000 ____D C:\Program Files (x86)\Amazon 2015-05-24 09:37 - 2015-05-24 09:37 - 00000000 ____D C:\Users\Anja\AppData\Local\Amazon 2015-05-17 18:31 - 2015-03-14 05:21 - 01632768 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll 2015-05-17 18:31 - 2015-03-14 05:21 - 00082944 _____ (Microsoft Corporation) C:\windows\system32\dwmapi.dll 2015-05-17 18:31 - 2015-03-14 05:04 - 01372160 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmcore.dll 2015-05-17 18:31 - 2015-03-14 05:04 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmapi.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-14 11:57 - 2011-01-30 16:26 - 00001110 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-06-14 11:45 - 2011-07-24 14:01 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2015-06-14 11:35 - 2010-05-21 23:55 - 01209124 _____ C:\windows\WindowsUpdate.log 2015-06-14 11:33 - 2011-01-26 17:29 - 00000000 ____D C:\ProgramData\Kodak 2015-06-14 11:20 - 2012-05-02 19:06 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job 2015-06-14 08:52 - 2009-07-14 06:45 - 00022208 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-06-14 08:52 - 2009-07-14 06:45 - 00022208 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-06-14 08:47 - 2011-01-30 16:26 - 00001106 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-06-14 08:37 - 2015-03-28 22:48 - 00065536 _____ C:\windows\system32\Ikeext.etl 2015-06-14 08:37 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT 2015-06-14 08:37 - 2009-07-14 06:51 - 00154244 _____ C:\windows\setupact.log 2015-06-12 20:51 - 2011-02-27 16:43 - 00000000 ____D C:\Users\Anja\Documents\Outlook-Dateien 2015-06-12 10:55 - 2009-07-14 19:58 - 00699682 _____ C:\windows\system32\perfh007.dat 2015-06-12 10:55 - 2009-07-14 19:58 - 00149790 _____ C:\windows\system32\perfc007.dat 2015-06-12 10:55 - 2009-07-14 07:13 - 01620684 _____ C:\windows\system32\PerfStringBackup.INI 2015-06-12 08:58 - 2009-07-14 05:20 - 00000000 ____D C:\windows\tracing 2015-06-12 08:57 - 2009-12-08 02:54 - 00832228 _____ C:\windows\PFRO.log 2015-06-12 08:55 - 2011-06-13 10:45 - 00000000 ____D C:\ProgramData\ICQ 2015-06-12 08:55 - 2009-07-14 05:20 - 00000000 ____D C:\windows\Web 2015-06-12 08:01 - 2009-07-14 07:09 - 00000000 ____D C:\windows\System32\Tasks\WPD 2015-06-11 08:54 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default 2015-06-11 08:48 - 2009-07-14 04:34 - 00000215 _____ C:\windows\system.ini 2015-06-10 09:08 - 2014-11-13 21:53 - 00000000 __SHD C:\Users\Anja\AppData\Local\EmieBrowserModeList 2015-06-10 09:08 - 2014-05-08 04:13 - 00000000 __SHD C:\Users\Anja\AppData\Local\EmieUserList 2015-06-10 09:08 - 2014-05-08 04:13 - 00000000 __SHD C:\Users\Anja\AppData\Local\EmieSiteList 2015-06-10 04:51 - 2009-07-14 05:20 - 00000000 ____D C:\windows\rescache 2015-06-10 03:49 - 2009-07-14 06:45 - 00506248 _____ C:\windows\system32\FNTCACHE.DAT 2015-06-10 03:43 - 2014-12-12 08:59 - 00000000 ____D C:\windows\system32\appraiser 2015-06-10 03:43 - 2014-05-07 15:53 - 00000000 ___SD C:\windows\system32\CompatTel 2015-06-10 03:42 - 2009-07-14 05:20 - 00000000 ____D C:\windows\PolicyDefinitions 2015-06-10 03:20 - 2009-12-08 03:03 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-06-10 03:14 - 2013-08-14 21:05 - 00000000 ____D C:\windows\system32\MRT 2015-06-10 03:06 - 2010-09-14 21:23 - 140135120 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2015-06-10 03:03 - 2009-07-14 04:34 - 00000510 _____ C:\windows\win.ini 2015-06-09 22:25 - 2012-05-02 19:06 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater 2015-06-09 22:24 - 2012-05-02 19:06 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2015-06-09 22:24 - 2011-05-15 08:53 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-06-08 21:25 - 2015-01-06 21:59 - 00000000 ____D C:\Users\Anja\Desktop\Fotos 2015 2015-06-07 22:50 - 2013-11-03 15:45 - 00000000 ____D C:\windows\Minidump 2015-06-07 20:18 - 2010-08-01 19:20 - 00000000 ____D C:\Users\Anja 2015-06-07 19:52 - 2010-11-07 11:52 - 00000000 ____D C:\Users\Anja\Documents\Anja 2015-06-07 16:42 - 2014-07-29 20:56 - 00000000 ____D C:\Users\Anja\AppData\Local\Unity 2015-05-31 15:58 - 2010-11-12 20:42 - 00000000 ____D C:\Users\Anja\AppData\Local\FreePDF_XP 2015-05-26 19:31 - 2010-11-06 11:42 - 00000000 ____D C:\Users\Anja\Documents\Didi 2015-05-24 09:34 - 2013-11-13 23:31 - 00000000 ____D C:\ProgramData\Oracle 2015-05-24 09:31 - 2010-08-03 22:01 - 00000000 ____D C:\Program Files (x86)\Java 2015-05-24 09:27 - 2014-10-19 19:44 - 00097888 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll 2015-05-20 22:17 - 2015-04-06 12:47 - 00000000 ___SD C:\windows\SysWOW64\GWX 2015-05-20 22:17 - 2015-04-06 12:47 - 00000000 ___SD C:\windows\system32\GWX 2015-05-16 07:52 - 2011-01-30 16:26 - 00004106 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-05-16 07:52 - 2011-01-30 16:26 - 00003854 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore ==================== Files in the root of some directories ======= 2015-06-08 18:59 - 2012-10-26 21:09 - 0800824 _____ (Microsoft Corporation) C:\Users\Admin\AppData\Roaming\DPInst.exe 2015-06-08 18:59 - 2012-10-26 21:09 - 0106496 _____ (Microsoft Corporation) C:\Users\Admin\AppData\Roaming\gacutil.exe 2015-06-08 18:59 - 2012-10-26 21:09 - 0000181 _____ () C:\Users\Admin\AppData\Roaming\gacutil.exe.config 2015-06-08 18:59 - 2012-10-26 21:09 - 0036352 _____ (Microsoft Corporation) C:\Users\Admin\AppData\Roaming\PnPutil.exe 2015-06-08 18:59 - 2012-10-26 21:18 - 0002896 _____ () C:\Users\Admin\AppData\Local\installer.log 2012-01-07 13:59 - 2012-01-07 15:12 - 0020531 ____H () C:\ProgramData\M33KI 2011-05-17 17:30 - 2011-05-22 10:11 - 0001492 _____ () C:\ProgramData\ss.ini Some files in TEMP: ==================== C:\Users\Admin\AppData\Local\temp\Quarantine.exe C:\Users\Admin\AppData\Local\temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-03 21:35 ==================== End of log ============================ Vielen Dank weiterhin und viele Grüße speedy didi |
|
15.06.2015, 06:11
| #13 |
| /// the machine /// TB-Ausbilder | Flipmailer / Trojaner - ähnlich dem Problem von schima30 - Infoexenet flipmailer? Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde:  Combofix deinstallieren
Alle Logs gepostet? Dann lade Dir bitte  DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...  und/oder das Forum mit einer kleinen Spende  unterstützen.   Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. Meine Empfehlung:  Emsisoft Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional:  NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.Lade Software von einem sauberen Portal wie  .Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Flipmailer / Trojaner - ähnlich dem Problem von schima30 - Infoexenet flipmailer? |
| adobe, alert, browser, defender, desktop, ebanking, explorer, flash player, flipmailer; freund hinzufügen email, google, helper, homepage, kaspersky, mozilla, phishing, problem, realtek, registry, safer networking, scan, secur, software, svchost.exe, system, trojaner, usb, windows, winlogon.exe |
WARNUNG an die MITLESER: 
+ R Taste und schreibe Combofix /Uninstall in das 
Linear-Darstellung
