| |
| |||||||
Log-Analyse und Auswertung: infizierte .doc Datei geöffnet - Banking Trojaner?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
11.12.2015, 18:58
| #1 |
| |  infizierte .doc Datei geöffnet - Banking Trojaner? Hallo zusammen, heute habe ich dummerweise eine infizierte .doc datei (invoice mit 8 ziffern .doc) an meinem rechner geöffnet. Ich habe die datei mit openoffice geöffnet, wenn das wichtig ist. Das Betriebssystem ist Windows 7. Avast hat daraufhin bei einem gründlichen scan ein paar infizierte dateien gefunden und in die quarantäne verschoben: C:\AdwCleaner\Quarantine\C\ProgramData\WindowsManagerProtect\update.exe.vir "Win32  ropper-gen [Drp]"C:\AdwCleaner\Quarantine\C\ProgramData\WindowsManagerProtect\ProtectWindowsManager.exe "Win32:Adware-DAN [Adw]" C:\Windows\SysWOW64\H@tKeysH@@k.DLL "PUP: Win32:HotKeysHook-l [PUP]" Über eine Einschätzung eurerseits wäre ich sehr dankbar, ich habe keine Lust das ganze System neu aufsetzen zu müssen  Auf der Sparkassenseite wird derzeit vor genau diesem Trojaner gewarnt. Anbei der Bericht von FRST: FRST.txt: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-12-2015
Ran by BUN (administrator) on BUN (11-12-2015 18:31:32)
Running from C:\Users\BUN\Downloads
Loaded Profiles: BUN (Available Profiles: BUN)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Englisch (USA)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Beepa P/L) C:\Program Files\Fraps\fraps.exe
(SparkLabs) C:\Program Files\Viscosity\ViscosityService.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Comfort Software Group) C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
(SparkLabs) C:\Program Files\Viscosity\Viscosity.exe
(Dropbox, Inc.) C:\Users\BUN\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(Beepa P/L) C:\Program Files\Fraps\fraps64.dat
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NUSB3MON] => C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe [97280 2012-04-11] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Creative SB Monitoring Utility] => RunDll32 sbavmon.dll,SBAVMonitor
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6108752 2015-11-10] (AVAST Software)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2977046599-1652667645-1297689053-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-2977046599-1652667645-1297689053-1000\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [6265624 2014-07-23] (Piriform Ltd)
HKU\S-1-5-21-2977046599-1652667645-1297689053-1000\...\Run: [TrueCrypt] => C:\Program Files\TrueCrypt\TrueCrypt.exe [1516496 2014-08-05] (TrueCrypt Foundation)
HKU\S-1-5-21-2977046599-1652667645-1297689053-1000\...\Run: [FreeAC] => C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe [1553688 2014-02-20] (Comfort Software Group)
HKU\S-1-5-21-2977046599-1652667645-1297689053-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2977046599-1652667645-1297689053-1000\...\Run: [Viscosity] => C:\Program Files\Viscosity\Viscosity.exe [1434400 2015-09-07] (SparkLabs)
HKU\S-1-5-21-2977046599-1652667645-1297689053-1000\...\Run: [Dropbox Update] => C:\Users\BUN\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-17] (Dropbox, Inc.)
HKU\S-1-5-21-2977046599-1652667645-1297689053-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [1967616 2014-04-17] (AMD)
HKU\S-1-5-21-2977046599-1652667645-1297689053-1000\...\MountPoints2: {08f5d1d1-1bba-11e4-9cce-d050991df5b3} - D:\Autorun.exe
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-27] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
Startup: C:\Users\BUN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-10-18]
ShortcutTarget: Dropbox.lnk -> C:\Users\BUN\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2
Tcpip\..\Interfaces\{117EA0DF-6107-47CA-8291-AF29CC15F5BD}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{60B6F006-A789-47D5-BC6A-265DF6BA7D9F}: [DhcpNameServer] 192.168.0.1 192.168.0.2
Tcpip\..\Interfaces\{A5E2E802-2E6C-47F5-893C-7A82D6450F94}: [DhcpNameServer] 46.246.46.46 194.132.32.23
Tcpip\..\Interfaces\{C4CB63A8-1223-4CB1-AD9C-E94D3E936B8B}: [DhcpNameServer] 192.168.0.1 192.168.0.2
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000 -> {2277E17C-2BD4-4CD4-81CC-CF6F8CC0A52D} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-18] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-18] (Oracle Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
FireFox:
========
FF ProfilePath: C:\Users\BUN\AppData\Roaming\Mozilla\Firefox\Profiles\zwsomlqj.default-1434228995644
FF Session Restore: -> is enabled.
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-08] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-07-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-08] ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-07-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll [2014-10-10] (pdfforge GmbH)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-2977046599-1652667645-1297689053-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-07-28] (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\GoogleMapsClassic.src [2014-10-09]
FF Extension: Greasemonkey - C:\Users\BUN\AppData\Roaming\Mozilla\Firefox\Profiles\zwsomlqj.default-1434228995644\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-11-21]
FF Extension: Youtube MP3 Podcaster - C:\Users\BUN\AppData\Roaming\Mozilla\Firefox\Profiles\zwsomlqj.default-1434228995644\extensions\youtubemp3podcaster@jeremy.d.gregorio.com [2015-12-03]
FF Extension: YouTube™ Flash-HTML5 - C:\Users\BUN\AppData\Roaming\Mozilla\Firefox\Profiles\zwsomlqj.default-1434228995644\Extensions\jid1-o2qEVrZ4t5FJWu@jetpack.xpi [2015-10-26]
FF Extension: uBlock Origin - C:\Users\BUN\AppData\Roaming\Mozilla\Firefox\Profiles\zwsomlqj.default-1434228995644\Extensions\uBlock0@raymondhill.net.xpi [2015-11-22]
FF Extension: YouTube Unblocker - C:\Users\BUN\AppData\Roaming\Mozilla\Firefox\Profiles\zwsomlqj.default-1434228995644\Extensions\youtubeunblocker__web@unblocker.yt [2015-12-02]
FF Extension: BugMeNot Plugin - C:\Users\BUN\AppData\Roaming\Mozilla\Firefox\Profiles\zwsomlqj.default-1434228995644\Extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}.xpi [2015-09-29]
FF Extension: Easy Youtube Video Downloader Express - C:\Users\BUN\AppData\Roaming\Mozilla\Firefox\Profiles\zwsomlqj.default-1434228995644\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2015-12-04]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-27] (AVAST Software)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-10-09] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-10-09] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [File not signed]
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [38200 2015-03-19] (The OpenVPN Project)
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-10-10] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-10-10] (pdfforge GmbH)
R2 ViscosityService; C:\Program Files\Viscosity\ViscosityService.exe [83232 2015-09-07] (SparkLabs)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]
S3 FirebirdServerMAGIXInstance; J:\Programme\Common\Database\bin\fbserver.exe [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 APXACC; C:\Windows\System32\DRIVERS\appexDrv.sys [225504 2014-03-28] (AppEx Networks Corporation)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49048 2012-07-18] (Asmedia Technology)
R3 AsrVDrive; C:\Windows\System32\DRIVERS\AsrVDrive.sys [23048 2011-01-26] (ASRock Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-27] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-27] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-27] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-27] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-10] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150160 2015-07-27] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-27] (AVAST Software)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-04] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R3 ksaud; C:\Windows\System32\drivers\ksaud.sys [1148288 2011-07-06] (Creative Technology Ltd.)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
S2 SVKP; C:\Windows\SysWOW64\SVKP.sys [2368 2014-08-23] (AntiCracking) [File not signed]
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
S3 visctap0901; C:\Windows\System32\DRIVERS\visctap0901.sys [34440 2015-09-07] (The OpenVPN Project)
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-11 18:31 - 2015-12-11 18:31 - 00022369 _____ C:\Users\BUN\Downloads\FRST.txt
2015-12-11 18:31 - 2015-12-11 18:31 - 00000000 ____D C:\FRST
2015-12-11 18:30 - 2015-12-11 18:30 - 02369024 _____ (Farbar) C:\Users\BUN\Downloads\FRST64.exe
2015-12-11 11:35 - 2015-12-11 11:35 - 00246154 _____ C:\Users\BUN\AppData\Local\recently-used.xbel
2015-12-11 10:44 - 2015-12-11 13:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-09 12:47 - 2015-11-20 19:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-09 12:47 - 2015-11-20 19:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-09 12:47 - 2015-11-20 19:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-09 12:47 - 2015-11-20 19:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-09 12:47 - 2015-11-20 19:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-09 12:47 - 2015-11-20 19:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-09 12:47 - 2015-11-20 19:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-12-09 12:47 - 2015-11-20 19:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-09 12:47 - 2015-11-20 19:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-09 12:47 - 2015-11-20 19:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-12-09 12:47 - 2015-11-20 19:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-12-09 12:47 - 2015-11-20 19:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-12-09 12:47 - 2015-11-20 19:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-12-09 12:47 - 2015-11-20 19:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-12-09 12:47 - 2015-11-20 19:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-12-09 12:47 - 2015-11-20 19:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-12-09 12:47 - 2015-11-11 19:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-09 12:47 - 2015-11-11 19:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-09 12:47 - 2015-11-11 19:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-09 12:47 - 2015-11-11 19:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-09 12:47 - 2015-11-10 19:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-09 12:47 - 2015-11-10 19:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-09 12:47 - 2015-11-10 19:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-09 12:47 - 2015-11-10 19:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-09 12:47 - 2015-11-10 19:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-09 12:47 - 2015-11-10 18:47 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-09 12:47 - 2015-11-05 20:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2015-12-09 12:47 - 2015-11-05 20:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2015-12-09 12:47 - 2015-11-05 10:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-09 12:47 - 2015-11-03 20:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-12-09 12:47 - 2015-11-03 19:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-12-09 12:46 - 2015-11-11 22:12 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-09 12:46 - 2015-11-11 21:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-09 12:46 - 2015-11-11 17:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-09 12:46 - 2015-11-11 17:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-09 12:46 - 2015-11-11 16:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-12-09 12:46 - 2015-11-11 16:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-09 12:46 - 2015-11-11 16:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-09 12:46 - 2015-11-11 16:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-09 12:46 - 2015-11-11 15:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-12-09 12:46 - 2015-11-10 01:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-12-09 12:46 - 2015-11-10 01:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-09 12:46 - 2015-11-10 01:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-12-09 12:46 - 2015-11-10 01:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-12-09 12:46 - 2015-11-10 01:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-12-09 12:46 - 2015-11-10 01:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-12-09 12:46 - 2015-11-10 01:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-09 12:46 - 2015-11-10 01:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-12-09 12:46 - 2015-11-10 01:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-12-09 12:46 - 2015-11-10 01:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-09 12:46 - 2015-11-10 01:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-12-09 12:46 - 2015-11-10 01:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-09 12:46 - 2015-11-10 01:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-12-09 12:46 - 2015-11-10 00:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-12-09 12:46 - 2015-11-10 00:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-12-09 12:46 - 2015-11-10 00:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-09 12:46 - 2015-11-10 00:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-12-09 12:46 - 2015-11-10 00:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-12-09 12:46 - 2015-11-10 00:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-09 12:46 - 2015-11-10 00:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-09 12:46 - 2015-11-10 00:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-12-09 12:46 - 2015-11-10 00:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-09 12:46 - 2015-11-10 00:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-09 12:46 - 2015-11-10 00:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-12-09 12:46 - 2015-11-08 23:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-12-09 12:46 - 2015-11-08 23:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-12-09 12:46 - 2015-11-08 23:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-12-09 12:46 - 2015-11-08 23:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-09 12:46 - 2015-11-08 23:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-09 12:46 - 2015-11-08 23:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-12-09 12:46 - 2015-11-08 23:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-12-09 12:46 - 2015-11-08 23:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-12-09 12:46 - 2015-11-08 23:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-12-09 12:46 - 2015-11-08 23:06 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-12-09 12:46 - 2015-11-08 23:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-09 12:46 - 2015-11-08 23:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-09 12:46 - 2015-11-08 23:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-09 12:46 - 2015-11-08 23:01 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-12-09 12:46 - 2015-11-08 23:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-12-09 12:46 - 2015-11-08 23:01 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-12-09 12:46 - 2015-11-08 22:52 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-12-09 12:46 - 2015-11-08 22:48 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-12-09 12:46 - 2015-11-08 22:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-12-09 12:46 - 2015-11-08 22:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-12-09 12:46 - 2015-11-08 22:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-09 12:46 - 2015-11-08 22:29 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-12-09 12:46 - 2015-11-08 22:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-09 12:46 - 2015-11-08 22:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-09 12:46 - 2015-11-08 22:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-09 12:46 - 2015-11-08 22:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-09 12:46 - 2015-11-08 22:14 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-12-09 12:46 - 2015-11-08 22:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-09 12:46 - 2015-11-08 21:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-09 12:46 - 2015-11-08 21:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-09 12:46 - 2015-11-08 21:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-12-09 12:46 - 2015-11-03 20:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2015-12-09 12:46 - 2015-11-03 19:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2015-12-06 22:25 - 2015-12-06 22:25 - 00000000 _____ C:\Users\BUN\Desktop\19-20 maa kat.txt
2015-12-05 16:00 - 2015-12-05 16:00 - 00001135 _____ C:\Users\Public\Desktop\Cossacks - European Wars.lnk
2015-12-05 16:00 - 2015-12-05 16:00 - 00001121 _____ C:\Users\Public\Desktop\Cossacks - Back To War.lnk
2015-12-05 16:00 - 2015-12-05 16:00 - 00001046 _____ C:\Users\Public\Desktop\Cossacks - Art Of War.lnk
2015-12-04 19:34 - 2015-12-04 19:34 - 25357772 _____ C:\Users\BUN\Downloads\VCStarterV1.65.1.zip
2015-12-04 18:47 - 2015-12-04 18:47 - 04147600 _____ ($Co_Name Inc.) C:\Users\BUN\Downloads\unifying250.exe
2015-12-04 04:18 - 2015-12-04 04:18 - 18483337 _____ (Wrye Bash development team) C:\Users\BUN\Downloads\Wrye Bash 306 - Installer-1840-306.exe
2015-12-04 04:18 - 2015-12-04 04:18 - 00000000 ____D C:\Users\BUN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wrye Bash
2015-12-04 04:15 - 2015-12-04 04:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oblivion Mod Manager
2015-12-04 04:14 - 2015-12-04 04:14 - 01668612 _____ C:\Users\BUN\Downloads\obmm 1_1_12 full installer-2097.zip
2015-12-03 21:58 - 2015-12-03 21:58 - 10226263 _____ C:\Users\BUN\Downloads\Patch.v1.01.rar
2015-12-03 21:58 - 2015-12-03 21:58 - 07987371 _____ C:\Users\BUN\Downloads\vietcong_v141.7z
2015-12-03 19:24 - 2015-12-03 19:24 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2015-12-03 19:24 - 2015-12-03 19:24 - 00000000 ____D C:\Program Files\Common Files\AV
2015-12-03 16:21 - 2015-12-03 19:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2015-11-30 21:35 - 2015-11-30 21:35 - 00000000 _____ C:\Users\BUN\Desktop\12.12 hannah geb
2015-11-30 02:28 - 2015-11-30 02:28 - 00049133 _____ C:\Users\BUN\Desktop\Rücksendung Nähmaschine fuss fehlt.pdf
2015-11-25 23:39 - 2015-11-25 23:39 - 00000000 _____ C:\Users\BUN\Desktop\28.12 sperrmüll mariola.txt
2015-11-20 20:50 - 2015-11-20 20:51 - 56909694 _____ C:\Users\BUN\Downloads\Waving The Guns - Pflaster.mp4
2015-11-20 19:58 - 2015-11-20 19:59 - 17068918 _____ C:\Users\BUN\Downloads\Spax - Neuseeland.mp4
2015-11-18 00:48 - 2015-11-27 19:26 - 00008022 _____ C:\Users\BUN\.heldEinstellungen4_1.xml
2015-11-18 00:48 - 2015-11-27 19:26 - 00000000 ____D C:\Users\BUN\helden
2015-11-18 00:45 - 2015-11-18 15:02 - 00000000 ____D C:\Users\BUN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Helden-Software
2015-11-18 00:45 - 2015-11-18 00:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Helden-Software
2015-11-16 23:13 - 2015-11-16 23:13 - 11228750 _____ C:\Users\BUN\Downloads\media-540ec999.wav
2015-11-16 23:08 - 2015-11-16 23:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MIDI4all
2015-11-16 23:08 - 2015-11-16 23:08 - 00000000 ____D C:\Program Files (x86)\MIDI4all
2015-11-16 23:07 - 2015-11-16 23:07 - 93092356 _____ (Webdesign-Forum.de ) C:\Users\BUN\Downloads\setup_1_.exe
2015-11-16 22:55 - 2015-11-16 23:01 - 00001647 _____ C:\Users\BUN\Desktop\test.MID
2015-11-16 22:55 - 2015-11-16 22:55 - 00039832 _____ C:\Users\BUN\Desktop\test.LSO
2015-11-16 22:39 - 2015-11-16 22:39 - 00013668 _____ C:\Windows\Logic Fun.PRF
2015-11-16 22:24 - 2015-11-16 22:24 - 00000000 ____D C:\Users\BUN\Downloads\LogicFunPC
2015-11-16 22:24 - 2015-11-16 22:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\emagic
2015-11-16 22:24 - 2015-11-16 22:24 - 00000000 ____D C:\Program Files (x86)\emagic
2015-11-16 22:24 - 1999-12-17 10:13 - 00086016 _____ (MindVision Software) C:\Windows\unvise32.exe
2015-11-16 22:23 - 2015-11-16 22:23 - 08138153 _____ C:\Users\BUN\Downloads\LogicFunPC.zip
2015-11-16 22:08 - 2015-11-16 22:10 - 00000000 ____D C:\Program Files (x86)\milkytracker-0.90.86-winnt
2015-11-16 22:07 - 2015-11-16 22:07 - 01416674 _____ C:\Users\BUN\Downloads\milkytracker-0.90.86-winnt.zip
2015-11-16 21:59 - 2015-11-16 22:09 - 00003314 _____ C:\Windows\DMUSProd.INI
2015-11-16 21:59 - 2015-11-16 22:01 - 00000000 ____D C:\Users\BUN\Documents\DMUSProducer
2015-11-16 21:59 - 2015-11-16 21:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft DirectMusic
2015-11-16 21:59 - 2015-11-16 21:59 - 00000000 ____D C:\Program Files (x86)\Microsoft DirectMusic Producer
2015-11-16 21:59 - 1999-02-22 00:00 - 00241672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSFLXGRD.OCX
2015-11-16 21:59 - 1997-08-26 12:06 - 00315904 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe
2015-11-16 21:57 - 2015-11-16 21:58 - 10339192 _____ C:\Users\BUN\Downloads\DX81MusicProducer.exe
2015-11-16 17:48 - 2015-11-16 17:48 - 19050975 _____ C:\Users\BUN\Downloads\Sekaiju4.5.zip
2015-11-16 17:48 - 2015-11-16 17:48 - 00000000 ____D C:\Program Files (x86)\Sekaiju4.5
2015-11-16 17:46 - 2015-11-16 17:46 - 00047244 _____ C:\Users\BUN\Downloads\05- Makin´ Whoopee - Gerry Mulligan.mid
2015-11-16 17:41 - 2015-11-16 17:50 - 00000000 ____D C:\Program Files (x86)\AmazingMIDI
2015-11-16 17:41 - 2015-11-16 17:41 - 00000000 ____D C:\Users\BUN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AmazingMIDI
2015-11-16 17:41 - 2015-11-16 17:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AmazingMIDI
2015-11-16 17:40 - 2015-11-16 17:40 - 00761380 _____ C:\Users\BUN\Downloads\azmid170.exe
2015-11-15 22:25 - 2015-11-16 02:05 - 00000236 _____ C:\Users\BUN\Desktop\samples.txt
2015-11-12 19:50 - 2015-11-12 19:50 - 00000000 ____D C:\Users\BUN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-11-11 15:19 - 2015-10-20 02:12 - 05570496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-11 15:19 - 2015-10-20 02:12 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-11 15:19 - 2015-10-20 02:12 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-11 15:19 - 2015-10-20 02:09 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-11 15:19 - 2015-10-20 02:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-11-11 15:19 - 2015-10-20 02:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-11-11 15:19 - 2015-10-20 02:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-11-11 15:19 - 2015-10-20 02:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-11-11 15:19 - 2015-10-20 02:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-11 15:19 - 2015-10-20 02:05 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-11-11 15:19 - 2015-10-20 02:05 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-11-11 15:19 - 2015-10-20 02:05 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-11 15:19 - 2015-10-20 02:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-11-11 15:19 - 2015-10-20 02:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-11-11 15:19 - 2015-10-20 02:05 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-11 15:19 - 2015-10-20 02:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-11-11 15:19 - 2015-10-20 02:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-11 15:19 - 2015-10-20 02:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-11-11 15:19 - 2015-10-20 02:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-11-11 15:19 - 2015-10-20 02:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-11-11 15:19 - 2015-10-20 02:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-11-11 15:19 - 2015-10-20 02:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-11-11 15:19 - 2015-10-20 02:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-11-11 15:19 - 2015-10-20 02:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-11-11 15:19 - 2015-10-20 02:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-11-11 15:19 - 2015-10-20 02:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-11-11 15:19 - 2015-10-20 02:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-11-11 15:19 - 2015-10-20 02:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-11-11 15:19 - 2015-10-20 02:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-11-11 15:19 - 2015-10-20 02:04 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-11-11 15:19 - 2015-10-20 02:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-11-11 15:19 - 2015-10-20 02:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-11-11 15:19 - 2015-10-20 02:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-11-11 15:19 - 2015-10-20 01:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-11-11 15:19 - 2015-10-20 01:53 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-11-11 15:19 - 2015-10-20 01:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-11-11 15:19 - 2015-10-20 01:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:53 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-11-11 15:19 - 2015-10-20 01:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-11-11 15:19 - 2015-10-20 01:48 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-11-11 15:19 - 2015-10-20 01:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-11 15:19 - 2015-10-20 01:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-11-11 15:19 - 2015-10-20 01:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-11 15:19 - 2015-10-20 01:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-11 15:19 - 2015-10-20 01:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-11-11 15:19 - 2015-10-20 01:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-11-11 15:19 - 2015-10-20 01:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-11-11 15:19 - 2015-10-20 01:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-11-11 15:19 - 2015-10-20 01:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-11-11 15:19 - 2015-10-20 01:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-11-11 15:19 - 2015-10-20 01:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-11-11 15:19 - 2015-10-20 01:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-11-11 15:19 - 2015-10-20 01:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-11-11 15:19 - 2015-10-20 01:44 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-11-11 15:19 - 2015-10-20 01:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-11-11 15:19 - 2015-10-20 01:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-11-11 15:19 - 2015-10-20 01:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-11-11 15:19 - 2015-10-20 01:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-11-11 15:19 - 2015-10-20 01:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-11-11 15:19 - 2015-10-20 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-11-11 15:19 - 2015-10-20 01:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-11-11 15:19 - 2015-10-20 01:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-11-11 15:19 - 2015-10-20 01:35 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:35 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 00:41 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-11 15:19 - 2015-10-20 00:40 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-11-11 15:19 - 2015-10-20 00:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-11 15:19 - 2015-10-20 00:29 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-11-11 15:19 - 2015-10-20 00:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-11-11 15:19 - 2015-10-20 00:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 00:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 00:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 00:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-11 15:19 - 2015-09-23 14:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-11 15:19 - 2015-09-23 14:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-11 15:19 - 2015-09-23 14:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2015-11-11 15:18 - 2015-10-13 17:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-11 15:18 - 2015-10-13 17:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-11 15:18 - 2015-10-13 05:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-11-11 15:18 - 2015-10-01 19:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-11-11 15:18 - 2015-10-01 19:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-11-11 15:18 - 2015-10-01 18:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-11 18:31 - 2009-07-14 04:20 - 00000000 ____D C:\Windows
2015-12-11 18:17 - 2014-08-03 23:48 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2015-12-11 18:15 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2015-12-11 18:14 - 2014-08-03 23:39 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-11 17:22 - 2014-08-05 19:45 - 00696932 _____ C:\Windows\system32\perfh007.dat
2015-12-11 17:22 - 2014-08-05 19:45 - 00148900 _____ C:\Windows\system32\perfc007.dat
2015-12-11 17:22 - 2009-07-14 06:13 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-11 17:18 - 2015-02-07 01:24 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-11 17:18 - 2014-10-18 17:54 - 00003152 _____ C:\Windows\System32\Tasks\FRAPS
2015-12-11 17:18 - 2014-10-18 17:53 - 00000000 ____D C:\Program Files\Fraps
2015-12-11 17:18 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-11 16:36 - 2014-08-03 23:31 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2015-12-11 16:36 - 2009-07-14 05:45 - 00022528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-11 16:36 - 2009-07-14 05:45 - 00022528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-11 14:45 - 2014-08-03 23:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-11 13:47 - 2014-09-07 19:02 - 00000000 ____D C:\Users\BUN\.gimp-2.8
2015-12-11 11:35 - 2014-09-07 19:05 - 00000000 ____D C:\Users\BUN\AppData\Local\gtk-2.0
2015-12-11 08:26 - 2014-08-03 23:22 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-12-11 00:21 - 2014-08-05 22:18 - 00000000 ____D C:\Users\BUN\AppData\Roaming\vlc
2015-12-10 20:48 - 2014-09-15 19:55 - 00000000 ____D C:\Users\BUN\Documents\Rezepte
2015-12-10 16:49 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2015-12-10 12:17 - 2009-07-14 05:45 - 04858136 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-09 21:08 - 2014-08-04 10:40 - 00000000 ____D C:\Windows\system32\MRT
2015-12-09 21:01 - 2014-08-04 10:40 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-09 12:16 - 2014-08-04 12:38 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\systemcpl.dll
2015-12-09 12:16 - 2014-08-04 12:37 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\slwga.dll
2015-12-09 12:16 - 2014-08-04 12:37 - 00013824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\slwga.dll
2015-12-08 23:59 - 2014-11-02 23:21 - 00001208 _____ C:\Windows\scummvm.ini
2015-12-08 23:51 - 2014-08-03 23:39 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-08 23:51 - 2014-08-03 23:39 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-08 23:51 - 2014-08-03 23:39 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-06 14:40 - 2014-10-09 15:35 - 00000311 ___RH C:\Windows\ctfile.rfc
2015-12-05 16:01 - 2014-08-06 20:17 - 00000000 ____D C:\Users\BUN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-12-05 16:00 - 2014-11-18 23:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2015-12-05 15:55 - 2015-01-27 21:59 - 00000000 ____D C:\Users\BUN\AppData\Roaming\Dropbox
2015-12-04 18:50 - 2015-01-13 23:27 - 00000000 ____D C:\Users\BUN\AppData\Local\Logitech
2015-12-04 18:49 - 2014-08-03 23:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-12-04 04:21 - 2014-08-16 20:00 - 00000023 _____ C:\Windows\BlendSettings.ini
2015-12-03 21:31 - 2015-02-07 01:24 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-03 21:31 - 2015-02-07 01:24 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-03 21:31 - 2015-02-07 01:24 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-03 17:39 - 2014-11-06 16:56 - 00000000 ____D C:\Users\BUN\AppData\Roaming\Skype
2015-12-02 13:18 - 2014-08-03 23:13 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-11-27 19:27 - 2014-11-18 12:38 - 00000000 ____D C:\Users\BUN\Documents\dsa
2015-11-27 19:16 - 2015-02-11 02:02 - 00000417 _____ C:\Users\BUN\.dsa4.properties
2015-11-27 19:16 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-11-26 11:26 - 2014-08-04 11:08 - 00000000 ____D C:\Users\BUN\AppData\Roaming\DAEMON Tools Lite
2015-11-25 19:29 - 2015-06-16 19:31 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-24 22:02 - 2014-08-28 20:31 - 00000034 _____ C:\Users\BUN\AppData\Roaming\AdobeWLCMCache.dat
2015-11-23 13:30 - 2015-01-15 21:46 - 00000000 ____D C:\Users\BUN\AppData\Roaming\Media Player Classic
2015-11-18 00:48 - 2014-08-03 21:19 - 00000000 ____D C:\Users\BUN
2015-11-18 00:47 - 2015-02-11 03:09 - 00085037 _____ C:\Users\BUN\helden.xml
2015-11-18 00:47 - 2015-02-11 02:02 - 00003708 _____ C:\Users\BUN\.heldEinstellungen.xml
2015-11-16 22:34 - 2014-08-03 23:15 - 00067840 _____ C:\Users\BUN\AppData\Local\GDIPFONTCACHEV1.DAT
2015-11-16 22:24 - 2009-07-14 03:34 - 00000455 _____ C:\Windows\win.ini
2015-11-13 15:01 - 2009-07-14 08:45 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-11-11 17:47 - 2014-08-03 23:18 - 01590136 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-11-11 17:46 - 2009-07-14 08:46 - 00000000 ____D C:\Program Files\Windows Journal
==================== Files in the root of some directories =======
2014-08-28 20:31 - 2015-11-24 22:02 - 0000034 _____ () C:\Users\BUN\AppData\Roaming\AdobeWLCMCache.dat
2014-10-17 12:46 - 2014-12-26 19:47 - 0000803 _____ () C:\Users\BUN\AppData\Roaming\gnuplot_history
2015-02-01 23:44 - 2015-02-01 23:44 - 0000331 ____H () C:\Users\BUN\AppData\Local\CacheConfig.dat
2015-12-11 11:35 - 2015-12-11 11:35 - 0246154 _____ () C:\Users\BUN\AppData\Local\recently-used.xbel
2009-02-24 11:40 - 2009-02-24 11:40 - 0001026 _____ () C:\ProgramData\cfSB0270.ini
2009-02-24 11:40 - 2009-02-24 11:40 - 0001026 _____ () C:\ProgramData\cfSB0271.ini
2009-02-24 11:40 - 2009-02-24 11:40 - 0001302 _____ () C:\ProgramData\cfSB0300.ini
2009-02-24 11:40 - 2009-02-24 11:40 - 0001282 _____ () C:\ProgramData\cfSB0471.ini
2009-02-24 11:40 - 2009-02-24 11:40 - 0001208 _____ () C:\ProgramData\cfSB0490.ini
2009-02-24 11:40 - 2009-02-24 11:40 - 0001027 _____ () C:\ProgramData\cfSB0560.ini
2009-02-24 11:40 - 2009-02-24 11:40 - 0001352 _____ () C:\ProgramData\cfSB0910.ini
2009-02-24 11:40 - 2009-02-24 11:40 - 0000590 _____ () C:\ProgramData\cfSB0950.ini
2009-02-24 11:40 - 2009-02-24 11:40 - 0001352 _____ () C:\ProgramData\cfSB1090.ini
2009-02-24 11:40 - 2009-02-24 11:40 - 0001346 _____ () C:\ProgramData\cfSB1100.ini
Some files in TEMP:
====================
C:\Users\BUN\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpij6bwb.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-13 15:36
==================== End of FRST.txt ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-12-2015
Ran by BUN (2015-12-11 18:32:34)
Running from C:\Users\BUN\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2014-08-03 20:18:57)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2977046599-1652667645-1297689053-500 - Administrator - Disabled)
BUN (S-1-5-21-2977046599-1652667645-1297689053-1000 - Administrator - Enabled) => C:\Users\BUN
Guest (S-1-5-21-2977046599-1652667645-1297689053-501 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - emc, uTorrent.CZ)
ACDSee 17 (HKLM-x32\...\{A47900DC-2011-46C8-8E07-5BDD9D83DE47}) (Version: 17.1.68 - ACD Systems International Inc.)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.22.87 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
Adobe Illustrator CC 2014 (HKLM-x32\...\{2B4B4082-8043-4646-8334-B0A29E641211}) (Version: 18.0 - Adobe Systems Incorporated)
Adobe Illustrator CS5.1 (HKLM-x32\...\{23767F5D-A80C-4264-B8EA-ED4085FC332A}) (Version: 15.1 - Adobe Systems Incorporated)
Age of Empires II - The Conquerors - 1.0e Patch FINAL (HKLM-x32\...\Age of Empires II - The Conquerors - 1.0e Patch FINAL_is1) (Version: 1.0e - tOrMeNtIuM/m0d)
AmazingMIDI (HKLM-x32\...\AmazingMIDI) (Version: - )
AMD Catalyst Install Manager (HKLM\...\{6119B3A6-3603-9695-0398-CDF2AF0A13F8}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.10.0.0 - AppEx Networks)
Anno 1503 GOLD (HKLM-x32\...\Anno 1503 GOLD_is1) (Version: - GamersGate)
Armagetron Advanced 0.2.8.3.2 (HKLM-x32\...\Armagetron Advanced) (Version: 0.2.8.3.2 - Armagetron Advanced Team)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.8.000 - Asmedia Technology)
ASRock 3TB+ Unlocker v1.1 (HKLM\...\ASRock 3TB+ Unlocker_is1) (Version: - ASRock Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2223 - AVAST Software)
Bastion (HKLM-x32\...\Bastion_is1) (Version: - )
Broken Sword - The Shadow of the Templars (HKLM-x32\...\Broken Sword - The Shadow of the Templars_is1) (Version: - GOG.com)
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Cossacks Anthology (HKLM-x32\...\Cossacks Anthology_is1) (Version: - GOG.com)
Creative ALchemy (HKLM-x32\...\ALchemy) (Version: 1.43 - Creative Technology Limited)
Creative Audio-Systemsteuerung (HKLM-x32\...\AudioCS) (Version: 2.00 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dark Messiah Of Might And Magic (HKLM-x32\...\Dark Messiah Of Might And Magic_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91)
Das Schwarze Auge (HKLM-x32\...\{9309441A-73B1-4A26-8A78-57E298DC2D02}) (Version: 1.0.0 - JoWood)
Diablo II (HKLM-x32\...\Diablo II) (Version: - )
Dropbox (HKU\S-1-5-21-2977046599-1652667645-1297689053-1000\...\Dropbox) (Version: 3.10.11 - Dropbox, Inc.)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Fahrenheit (Indigo Prophecy) (HKLM-x32\...\GOGPACKFAHRENHEIT_is1) (Version: 2.0.0.7 - GOG.com)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\Firebird SQL Server D) (Version: 2.0.1.13 - MAGIX AG)
Five Nights at Freddy's (HKU\S-1-5-21-2977046599-1652667645-1297689053-1000\...\Five Nights at Freddy's) (Version: - )
Fraps (HKLM-x32\...\Fraps) (Version: - )
Free Alarm Clock 3.1.0 (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 3.1 - Comfort Software Group)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
gnuplot 4.6.6 (HKLM-x32\...\{AB419AC3-9BC1-4EC5-A75B-4D8870DD651F}_is1) (Version: 4.6.6 - gnuplot development team)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Gothic (HKLM-x32\...\{BBF10B37-4ED3-11D5-A818-00500435FC18}) (Version: - )
Gothic II - Die Nacht des Raben (HKLM-x32\...\Gothic II - Die Nacht des Raben) (Version: - JoWooD Productions Software AG)
Gothic II (HKLM-x32\...\Gothic II) (Version: - JoWooD Productions Software AG)
Gothic Multiplayer (HKLM-x32\...\Gothic Multiplayer) (Version: 0.1.9 - Gothic Multiplayer Team)
Gothic_Patch (HKLM-x32\...\{302AC480-43D2-11D5-A818-00500435FC18}) (Version: - )
GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.15) (Version: 9.15 - Artifex Software Inc.)
Grand Theft Auto Vice City (HKU\S-1-5-21-2977046599-1652667645-1297689053-1000\...\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}) (Version: 1.00.000 - )
GTA San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games)
Half-Life 2 (HKU\S-1-5-21-2977046599-1652667645-1297689053-1000\...\Half-Life 2) (Version: - )
Heroes of Annihilated Empires (HKLM-x32\...\Heroes of Annihilated Empires_is1) (Version: - GSC Game World)
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
Image Resizer for Windows (64 bit) (Version: 3.0.4802.35565 - Brice Lambson) Hidden
Image Resizer for Windows (HKLM-x32\...\{69d72156-6582-4556-8637-06f40aa7f85b}) (Version: 3.0.4802.35565 - Brice Lambson)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Logic Fun 4.8 (HKLM-x32\...\Logic Fun 4.8) (Version: - )
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech)
Logitech Unifying-Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
MAGIX Music Maker for MySpace 15.0.1.8 (D) (HKLM-x32\...\MAGIX Music Maker for MySpace D) (Version: 15.0.1.8 - MAGIX AG)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - )
Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version: - )
Microsoft DirectMusic Producer (HKLM-x32\...\DirectMusic Producer) (Version: - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
MIDI4all (HKLM-x32\...\{668B80AF-D98F-42FC-8EE1-36252B03C5C9}_is1) (Version: MIDI4all 1.5 - Webdesign-Forum.de)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
MiniTool Partition Wizard Home Edition 8.1.1 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
Mozilla Firefox 43.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 43.0 (x86 de)) (Version: 43.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.0.5820 - Mozilla)
Mozilla Thunderbird 38.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 38.4.0 (x86 de)) (Version: 38.4.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Need For Speed Underground (v 1.1001.0) version 1.1001.0 (HKLM-x32\...\Need For Speed Underground (v 1.1001.0)_is1) (Version: 1.1001.0 - Black Plague)
NehrimUninstaller (HKLM-x32\...\Nehrim - Am Rande des Schicksals_is1) (Version: 1.0.0 - SureAI)
Nidhogg (HKLM-x32\...\TmlkaG9nZw==_is1) (Version: 1 - )
Nidhogg incl. Update 1 (HKLM-x32\...\TmlkaG9nZ2luY2xVcGRhdGUx_is1) (Version: 1 - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.7 - Notepad++ Team)
Oblivion - Horse Armor Pack (HKLM-x32\...\{3ABEBD00-299D-4DCA-967F-B912163AB5EA}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion - Knights of the Nine (HKLM-x32\...\{14C87AA7-08E6-419F-A165-998EBE5023D7}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion - Thieves Den (HKLM-x32\...\{FFFFFD17-B460-41EB-93F1-C48ABAD63828}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion - Vile Lair (HKLM-x32\...\{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion - Wizard's Tower (HKLM-x32\...\{2F2E3D62-8B8C-448F-8900-451325E50948}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion (HKLM-x32\...\{35CB6715-41F8-4F99-8881-6FC75BF054B0}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion mod manager 1.1.12 (HKLM-x32\...\Oblivion mod manager_is1) (Version: - Timeslip)
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
OpenVPN 2.3.6-I603 (HKLM\...\OpenVPN) (Version: 2.3.6-I603 - )
Outland ENG 1.00 (HKLM-x32\...\Outland ENG 1.00) (Version: 1.00 - Èãðû íà Cat-A-Cat.NET)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version: - )
PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.24.16092 - pdfforge GmbH)
PDF Architect 2 Edit Module (HKLM-x32\...\{8B0A956F-9BE6-495B-AF80-7B5B42061D79}) (Version: 2.1.6.19758 - pdfforge GmbH)
PDF Architect 2 View Module (HKLM-x32\...\{D691E998-CF53-4F6C-AC20-E4284660E0E7}) (Version: 2.1.6.19758 - pdfforge GmbH)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.309.0 - Tracker Software Products Ltd)
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.9 - )
pidgin-otr 4.0.0-1 (HKLM-x32\...\pidgin-otr) (Version: 4.0.0-1 - Cypherpunks CA)
Project 64 version 2.1.0.1 (HKLM-x32\...\Project 64_is1) (Version: 2.1.0.1 - )
Project Nomads (HKLM-x32\...\Project Nomads) (Version: - )
Python 2.7.9 (HKLM-x32\...\{79F081BF-7454-43DB-BD8F-9EE596813232}) (Version: 2.7.9150 - Python Software Foundation)
RCT3 Soaked (HKLM-x32\...\{EA926717-CE5A-4CB4-AB21-9E6E9565A458}) (Version: 1.00.000 - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.86.508.2014 - Realtek)
Reason 5.0 (HKLM-x32\...\Reason5_is1) (Version: 5.0 - Propellerhead Software AB)
RollerCoaster Tycoon 2 (HKLM-x32\...\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}) (Version: - )
RollerCoaster Tycoon® 3 (HKLM-x32\...\{907B4640-266B-4A21-92FB-CD1A86CD0F63}) (Version: 1.00.000 - )
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Satti's Texturpatch 1.5 (HKLM-x32\...\Sattis_Texturpatch) (Version: - )
Schein version 1.0.7 (HKLM-x32\...\{E17A3A24-0365-40AB-9D0C-9FB11E2035DF}_is1) (Version: 1.0.7 - Zeppelin Studio)
Sins of a Solar Empire Trinity (HKLM-x32\...\Sins of a Solar Empire Trinity_is1) (Version: - Stardock Entertainment)
Skype™ 6.22 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.104 - Skype Technologies S.A.)
Soldat 1.6.8 (HKLM-x32\...\Soldat_is1) (Version: 1.6.8 - Michal Marcinkowski)
Stream What You Hear (SWYH) Version 1.4 (HKLM-x32\...\{5FBEA9D3-668E-4B88-BF6C-E1BCF441ECFD}_is1) (Version: 1.4 - Sebastien.warin.fr)
Stronghold Crusader Extreme (HKLM-x32\...\{8C3727F2-8E37-49E4-820C-03B1677F53B6}) (Version: 1.20.0000 - Firefly Studios)
Stronghold HD (HKLM-x32\...\GOGPACKSTRONGHOLDHD_is1) (Version: 2.0.0.3 - GOG.com)
TAP-Windows 9.21.1 (HKLM\...\TAP-Windows) (Version: 9.21.1 - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeXnicCenter Version 2.02 Stable (HKLM\...\TeXnicCenter_is1) (Version: 2.02 Stable - The TeXnicCenter Team)
The Forest v0.05 (HKLM-x32\...\The Forest v0.050.05) (Version: 0.05 - Friends in War)
ThielHater's Texturepatch v1.0.2 (HKLM-x32\...\ThielHater's Texturepatch_is1) (Version: 1.0 - ThielHater © 2007-2009)
Tropico (HKLM-x32\...\{818FB39B-1A57-4F1B-A54D-391C33D6C586}) (Version: - )
Tropico: Paradise Island (HKLM-x32\...\{2BAE6A53-E241-11D5-873A-0050DABC2539}) (Version: - )
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Viscosity 1.5.10 (1385) (HKLM\...\{CC85567E-DC83-4BB5-AD77-D84514C0D059}_is1) (Version: 1.5.10.1385 - SparkLabs)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.5-3 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
Worms: Armageddon version 3.6.31 + NoCD (HKLM-x32\...\{B62B5438-6DDA-49D6-B9CF-0BDC428116D8}_is1) (Version: 3.6.31 + NoCD - Anonymous)
Wrye Bash (HKLM-x32\...\Wrye Bash) (Version: 0.3.0.6 - Wrye & Wrye Bash Development Team)
XnView 2.31 (HKLM-x32\...\XnView_is1) (Version: 2.31 - Gougelet Pierre-e)
Zip Motion Block Video codec (Remove Only) (HKLM-x32\...\ZMBV) (Version: - DOSBox Team)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\BUN\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
==================== Restore Points =========================
ATTENTION: System Restore is disabled
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2015-03-12 21:08 - 00002046 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {03AB49A5-CC1F-4044-AF72-91F3E69A8FDA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-08] (Adobe Systems Incorporated)
Task: {16C1E1F5-F59B-4E1C-8CA2-FBB7FB12C859} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-07] (Google Inc.)
Task: {18D48FFE-AE2F-4642-BB8F-CF15C47F81D7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-07] (Google Inc.)
Task: {1EC69B59-7666-4A24-AF6C-637CE27473C2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {355CFB12-189B-493A-ADB5-9B96C9D74F01} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2015-12-03] (AVAST Software)
Task: {4CB05B81-66DC-417A-871C-8CECCCCF3CED} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2977046599-1652667645-1297689053-1000UA => C:\Users\BUN\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17] (Dropbox, Inc.)
Task: {6D5B4D38-B347-477E-B301-F51657FB517D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-27] (AVAST Software)
Task: {730E85AC-B028-4795-BB3D-6FE5291F5051} - System32\Tasks\FRAPS => C:\Program Files\Fraps\fraps.exe [2013-02-26] (Beepa P/L)
Task: {7E35BD39-3E00-4443-B3FA-F04EF93AF19C} - System32\Tasks\AdobeAAMUpdater-1.0-BUN-BUN => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {AFBF4D9E-87F2-4624-98B9-A3F9FBC369B9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {ECCA614C-87DE-40E3-88BA-DD2934C9A974} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2977046599-1652667645-1297689053-1000Core => C:\Users\BUN\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17] (Dropbox, Inc.)
Task: {EF1B2409-F863-40D6-99DC-6FDA1720BE68} - System32\Tasks\{533B3A72-C546-4737-9C57-C2BCB10D0B00} => pcalua.exe -a D:\DirectX81\dxsetup.exe -d D:\DirectX81
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2977046599-1652667645-1297689053-1000Core.job => C:\Users\BUN\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2977046599-1652667645-1297689053-1000UA.job => C:\Users\BUN\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2014-10-09 15:36 - 2009-11-30 18:54 - 00089088 _____ () C:\Windows\SYSTEM32\CmdRtr64.DLL
2014-10-09 15:36 - 2009-12-08 15:52 - 00230912 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2011-10-07 10:39 - 2011-10-07 10:39 - 01304856 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2015-02-17 14:39 - 2014-08-19 20:12 - 01356568 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2014-04-17 21:29 - 2014-04-17 21:29 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2015-07-27 19:23 - 2015-07-27 19:23 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-07-27 19:23 - 2015-07-27 19:23 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-12-11 13:50 - 2015-12-11 13:50 - 02803200 _____ () C:\Program Files\AVAST Software\Avast\defs\15121100\algo.dll
2015-04-23 12:34 - 2015-04-23 12:34 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-12-03 16:21 - 2015-12-03 16:21 - 00153768 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2015-12-03 16:21 - 2015-12-03 16:21 - 00023208 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2977046599-1652667645-1297689053-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\BUN\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1 - 192.168.0.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Users^BUN^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenVPN GUI.lnk => C:\Windows\pss\OpenVPN GUI.lnk.Startup
MSCONFIG\startupreg: ACSW17DE => "C:\Program Files (x86)\ACD Systems\ACDSee\17.0\acdIDInTouch2.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5.5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: AppEx Accelerator UI => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe -h
MSCONFIG\startupreg: HydraVisionDesktopManager => "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: Start WingMan Profiler => C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
MSCONFIG\startupreg: Viscosity => C:\Program Files\Viscosity\Viscosity.exe
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{4327D6D5-A0F2-410D-8092-0B32E2349286}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{6E43EBFD-2560-4FEF-A575-C172FEFD0FAC}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{C2E665DF-38FD-41E4-BD98-CEB3F55A99B6}] => (Block) %ProgramFiles% (x86)\Common Files\Adobe\OOBE\PDApp\core\PDapp.exe
FirewallRules: [{25417818-D42D-4AB6-81B1-2078D02AB5FA}] => (Block) J:\Programme\Illustrator\Adobe Illustrator CC 2014\Support Files\Contents\Windows\Illustrator.exe
FirewallRules: [{078CD343-B791-4933-B62D-BF2ABEC304B3}] => (Block) J:\Programme\Illustrator\Adobe Illustrator CC 2014\Support Files\Contents\Windows\Illustrator.exe
FirewallRules: [{619C0ABF-F05E-44B7-AAE2-6B2BFB039F4A}] => (Block) %ProgramFiles% (x86)\Common Files\Adobe\OOBE\PDApp\core\PDapp.exe
FirewallRules: [TCP Query User{52E2E571-C4CC-4A58-9349-BAE17064D706}J:\desktop\games\siedler2multiplayer\s25rttr_20140724\s25client.exe] => (Allow) J:\desktop\games\siedler2multiplayer\s25rttr_20140724\s25client.exe
FirewallRules: [UDP Query User{38E98AB5-A5BD-468E-A07D-48B6A2771D35}J:\desktop\games\siedler2multiplayer\s25rttr_20140724\s25client.exe] => (Allow) J:\desktop\games\siedler2multiplayer\s25rttr_20140724\s25client.exe
FirewallRules: [{22E67D42-71EE-4BDE-9261-281F551E1BD5}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{3E1DBFE8-6B1B-4A79-B719-F1430E5172D4}C:\games\outland eng\outland.exe] => (Block) C:\games\outland eng\outland.exe
FirewallRules: [UDP Query User{3F06E140-9AD6-4DB2-BBD3-4B0188A7972B}C:\games\outland eng\outland.exe] => (Block) C:\games\outland eng\outland.exe
FirewallRules: [TCP Query User{18D630E8-A374-47FD-83F3-383588B5CBB3}J:\games\garrys.mod.13.v163\garry's mod\hl2.exe] => (Block) J:\games\garrys.mod.13.v163\garry's mod\hl2.exe
FirewallRules: [UDP Query User{65202322-CCB5-43B3-B4D0-2A6D1767CC3E}J:\games\garrys.mod.13.v163\garry's mod\hl2.exe] => (Block) J:\games\garrys.mod.13.v163\garry's mod\hl2.exe
FirewallRules: [TCP Query User{537719F0-A846-4346-9A67-C19B7B9FD9F7}J:\games\heroesofae\data\engine.exe] => (Allow) J:\games\heroesofae\data\engine.exe
FirewallRules: [UDP Query User{75AC2AFB-A714-4403-ACBB-447B4CC671CE}J:\games\heroesofae\data\engine.exe] => (Allow) J:\games\heroesofae\data\engine.exe
FirewallRules: [{BA15CB80-96D2-41AB-A811-55B932BF5F48}] => (Allow) C:\Windows\SysWOW64\dplaysvr.exe
FirewallRules: [{4F983578-EF26-4942-8D89-490BF9AEF57F}] => (Allow) C:\Windows\SysWOW64\dplaysvr.exe
FirewallRules: [{9FEC3CA9-AD7F-41EC-9D0F-4C56FFF6ED6D}] => (Allow) J:\games\AOE2\age2_x1\age2_x2.exe
FirewallRules: [{9EBCD385-8CC3-4362-B87B-DAF725E28EBF}] => (Allow) J:\games\AOE2\age2_x1\age2_x2.exe
FirewallRules: [TCP Query User{27784A5F-3E3B-43C0-BE2C-6E05190658FB}J:\games\stronghold crusaders x\stronghold crusader.exe] => (Allow) J:\games\stronghold crusaders x\stronghold crusader.exe
FirewallRules: [UDP Query User{74FADE77-0C55-4603-A78A-5DCC7E6F0732}J:\games\stronghold crusaders x\stronghold crusader.exe] => (Allow) J:\games\stronghold crusaders x\stronghold crusader.exe
FirewallRules: [TCP Query User{DBE7E813-D991-4F5B-A41A-383C60F013F5}J:\games\aoe2\age2_x1\age2_x2.exe] => (Allow) J:\games\aoe2\age2_x1\age2_x2.exe
FirewallRules: [UDP Query User{1F39176F-3A26-409D-A0C5-459FBAB31039}J:\games\aoe2\age2_x1\age2_x2.exe] => (Allow) J:\games\aoe2\age2_x1\age2_x2.exe
FirewallRules: [TCP Query User{39313C56-680C-4C38-B249-0CDF7B5543DE}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{A3436D77-AB29-439D-8A3F-5DB744675782}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{AB501570-EFCB-44EB-B8D2-51A84C29D8DF}J:\games\anno 1503\1503startup.exe] => (Allow) J:\games\anno 1503\1503startup.exe
FirewallRules: [UDP Query User{B665B328-90E8-4F22-8974-468701054A43}J:\games\anno 1503\1503startup.exe] => (Allow) J:\games\anno 1503\1503startup.exe
FirewallRules: [{0C748F88-96D3-4631-A252-5DFAC2CF4265}] => (Block) J:\games\anno 1503\1503startup.exe
FirewallRules: [{3986A006-7B64-4EB9-82D0-2B7CBA1778EE}] => (Block) J:\games\anno 1503\1503startup.exe
FirewallRules: [{6597CB7D-5614-43F9-B8CC-1E989F84F28D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1F55D85C-969E-4A71-9571-2525BE4D0F6E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{39B04C3D-B012-4BA9-B249-BF9C052F07FF}J:\games\stronghold hd\stronghold.exe] => (Allow) J:\games\stronghold hd\stronghold.exe
FirewallRules: [UDP Query User{99DC6BEF-EBC2-4F02-948D-891EA13CB20F}J:\games\stronghold hd\stronghold.exe] => (Allow) J:\games\stronghold hd\stronghold.exe
FirewallRules: [TCP Query User{89D9A7B2-1B2A-4B1B-B25C-124924554789}J:\games\soldat\soldat.exe] => (Allow) J:\games\soldat\soldat.exe
FirewallRules: [UDP Query User{C6DEFDBE-C5FE-4C96-8B2A-803F791791BB}J:\games\soldat\soldat.exe] => (Allow) J:\games\soldat\soldat.exe
FirewallRules: [TCP Query User{3B31FE70-4F11-4EC0-ADBF-6723B7F7CCDA}J:\desktop\games\siedler ii\s25rttr_0.8.1\s25client.exe] => (Block) J:\desktop\games\siedler ii\s25rttr_0.8.1\s25client.exe
FirewallRules: [UDP Query User{B1489B47-8F54-4E87-8D94-11300E95C709}J:\desktop\games\siedler ii\s25rttr_0.8.1\s25client.exe] => (Block) J:\desktop\games\siedler ii\s25rttr_0.8.1\s25client.exe
FirewallRules: [{9FDA6E54-35FC-4E44-B4E9-B7357557D800}] => (Allow) C:\Users\BUN\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{E030201E-52A2-4155-BB93-120C274AE149}] => (Allow) C:\Users\BUN\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{7DF2FD8E-2CD7-44EA-A926-A1DD6B667C94}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{1004B879-BDBA-429F-94EC-36776180B139}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{A32517CE-437D-4C91-A1D2-9B26F8B6897B}] => (Allow) J:\Programme\µtorrent\uTorrent.exe
FirewallRules: [{546D825C-C0DA-4240-96B3-841F31867E16}] => (Allow) J:\Programme\µtorrent\uTorrent.exe
FirewallRules: [TCP Query User{AF8067F2-79B7-4FE7-9D9E-234D2643086F}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [UDP Query User{9370C4F1-2BAE-486D-B6B5-0BD74FAD06E4}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [TCP Query User{13A66C83-22C9-4655-8BBD-C0E55544D488}C:\users\bun\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\bun\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{37F18C06-305C-431C-88A3-0FC3EC339B9D}C:\users\bun\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\bun\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{2C43D41B-DE77-488C-BBFF-F3BC0D77E8DF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4D137316-6008-4188-B6A4-8A19EEFD02F4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{C31164FF-670C-4421-88F6-A1FD2122674A}C:\program files (x86)\stream what you hear\swyh.exe] => (Allow) C:\program files (x86)\stream what you hear\swyh.exe
FirewallRules: [UDP Query User{43EE5955-2A2F-4D90-B876-039C4A95C95A}C:\program files (x86)\stream what you hear\swyh.exe] => (Allow) C:\program files (x86)\stream what you hear\swyh.exe
FirewallRules: [TCP Query User{45F4DFD3-47D9-47D0-B7A2-79DEFB02863F}J:\games\vietcong.1.1+no.cd.crack\vietcong.exe] => (Allow) J:\games\vietcong.1.1+no.cd.crack\vietcong.exe
FirewallRules: [UDP Query User{517E9813-15CA-43E9-8A32-04A8440B0DB5}J:\games\vietcong.1.1+no.cd.crack\vietcong.exe] => (Allow) J:\games\vietcong.1.1+no.cd.crack\vietcong.exe
FirewallRules: [TCP Query User{761F2BF1-A38E-4F2E-AEB8-1FEBE45155D5}C:\windows\syswow64\dpnsvr.exe] => (Allow) C:\windows\syswow64\dpnsvr.exe
FirewallRules: [UDP Query User{5434C314-0EAA-4BD3-B9C0-C5A8D45A464B}C:\windows\syswow64\dpnsvr.exe] => (Allow) C:\windows\syswow64\dpnsvr.exe
FirewallRules: [TCP Query User{73E8416C-A579-4094-A8ED-846C5FD99BEE}J:\games\vietcong.1.1+no.cd.crack\vietcongoriginal.exe] => (Allow) J:\games\vietcong.1.1+no.cd.crack\vietcongoriginal.exe
FirewallRules: [UDP Query User{B8C5167E-714B-4AED-A31B-3B8A62E65061}J:\games\vietcong.1.1+no.cd.crack\vietcongoriginal.exe] => (Allow) J:\games\vietcong.1.1+no.cd.crack\vietcongoriginal.exe
FirewallRules: [TCP Query User{61FC57AA-0E89-413C-A6BA-BD5ABC5CF902}J:\games\vietcong.1.1+no.cd.crack\vietcong+no.cd.crack\vietcong.exe] => (Allow) J:\games\vietcong.1.1+no.cd.crack\vietcong+no.cd.crack\vietcong.exe
FirewallRules: [UDP Query User{751E6ADA-CE04-41D6-A01D-71EB0A960006}J:\games\vietcong.1.1+no.cd.crack\vietcong+no.cd.crack\vietcong.exe] => (Allow) J:\games\vietcong.1.1+no.cd.crack\vietcong+no.cd.crack\vietcong.exe
FirewallRules: [TCP Query User{EBF03F23-7F9D-417C-9CEB-CB529D40D876}J:\games\counter strike 1.6\counter strike 1.6\hl.exe] => (Allow) J:\games\counter strike 1.6\counter strike 1.6\hl.exe
FirewallRules: [UDP Query User{905A5DA8-0E46-4A52-A5E4-F2D46928A3D8}J:\games\counter strike 1.6\counter strike 1.6\hl.exe] => (Allow) J:\games\counter strike 1.6\counter strike 1.6\hl.exe
FirewallRules: [TCP Query User{2B0E7919-0DAA-43A9-A20F-77BC1A0A7BBD}J:\games\downhill pakoon! 2.many unlimited 2009\pakoon2.exe] => (Allow) J:\games\downhill pakoon! 2.many unlimited 2009\pakoon2.exe
FirewallRules: [UDP Query User{B953840D-07ED-44F8-85CD-DF6636A0EB81}J:\games\downhill pakoon! 2.many unlimited 2009\pakoon2.exe] => (Allow) J:\games\downhill pakoon! 2.many unlimited 2009\pakoon2.exe
FirewallRules: [TCP Query User{7BD3957B-7ADF-4616-8403-2D19A8F1C3C9}J:\games\unreal tournament\unrealtournament\system\unrealtournament.exe] => (Allow) J:\games\unreal tournament\unrealtournament\system\unrealtournament.exe
FirewallRules: [UDP Query User{91E617AF-F8CD-437D-8A55-4F0FE007FBC4}J:\games\unreal tournament\unrealtournament\system\unrealtournament.exe] => (Allow) J:\games\unreal tournament\unrealtournament\system\unrealtournament.exe
FirewallRules: [TCP Query User{14350D9D-6781-41CB-9D25-EA45044F0350}J:\games\cossacks anthology\cossacks - european wars\dmcr.exe] => (Allow) J:\games\cossacks anthology\cossacks - european wars\dmcr.exe
FirewallRules: [UDP Query User{02EFACF4-1698-48AD-8BFE-051CEAA7DB5A}J:\games\cossacks anthology\cossacks - european wars\dmcr.exe] => (Allow) J:\games\cossacks anthology\cossacks - european wars\dmcr.exe
FirewallRules: [TCP Query User{BF062D11-48F7-49CA-8F0A-DD34762A7BB0}J:\games\cossacks anthology\cossacks - art of war\dmcr.exe] => (Allow) J:\games\cossacks anthology\cossacks - art of war\dmcr.exe
FirewallRules: [UDP Query User{30FD45FB-77E7-42F9-9DC3-AC05D87F4176}J:\games\cossacks anthology\cossacks - art of war\dmcr.exe] => (Allow) J:\games\cossacks anthology\cossacks - art of war\dmcr.exe
==================== Faulty Device Manager Devices =============
Name: TAP-Windows Adapter V9
Description: TAP-Windows Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: tap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Viscosity Virtual Adapter V9.1
Description: Viscosity Virtual Adapter V9.1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: SparkLabs VPN
Service: visctap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (12/11/2015 06:32:19 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: Fehler beim Lizenzaktivierungsplaner (sppuinotify.dll). Fehlercode:
0x80070005
Error: (12/11/2015 05:18:31 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.
Error: (12/11/2015 03:34:00 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: Fehler beim Lizenzaktivierungsplaner (sppuinotify.dll). Fehlercode:
0x80070005
Error: (12/11/2015 02:46:03 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.
Error: (12/11/2015 02:36:59 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: Fehler beim Lizenzaktivierungsplaner (sppuinotify.dll). Fehlercode:
0x80070005
Error: (12/11/2015 01:49:04 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.
Error: (12/11/2015 01:19:15 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: Fehler beim Lizenzaktivierungsplaner (sppuinotify.dll). Fehlercode:
0x80070005
Error: (12/11/2015 12:19:15 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: Fehler beim Lizenzaktivierungsplaner (sppuinotify.dll). Fehlercode:
0x80070005
Error: (12/11/2015 11:19:15 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: Fehler beim Lizenzaktivierungsplaner (sppuinotify.dll). Fehlercode:
0x80070005
Error: (12/11/2015 10:19:15 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: Fehler beim Lizenzaktivierungsplaner (sppuinotify.dll). Fehlercode:
0x80070005
System errors:
=============
Error: (12/11/2015 06:32:19 PM) (Source: DCOM) (EventID: 10001) (User: )
Description: C:\Windows\System32\slui.exe -Embedding5{F87B28F1-DA9A-4F35-8EC0-800EFCF26B83}
Error: (12/11/2015 05:18:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "VBoxAsw Support Driver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error: (12/11/2015 05:18:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SVKP" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (12/11/2015 05:18:31 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen werden. Zusätzliche Daten: Fehlerwert: 2147549183.
Error: (12/11/2015 03:34:00 PM) (Source: DCOM) (EventID: 10001) (User: )
Description: C:\Windows\System32\slui.exe -Embedding5{F87B28F1-DA9A-4F35-8EC0-800EFCF26B83}
Error: (12/11/2015 02:46:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "VBoxAsw Support Driver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error: (12/11/2015 02:46:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SVKP" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (12/11/2015 02:46:04 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen werden. Zusätzliche Daten: Fehlerwert: 2147549183.
Error: (12/11/2015 02:36:59 PM) (Source: DCOM) (EventID: 10001) (User: )
Description: C:\Windows\System32\slui.exe -Embedding5{F87B28F1-DA9A-4F35-8EC0-800EFCF26B83}
Error: (12/11/2015 01:49:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "VBoxAsw Support Driver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
==================== Memory info ===========================
Processor: AMD Athlon(tm) 5350 APU with Radeon(tm) R3
Percentage of memory in use: 54%
Total physical RAM: 3522.6 MB
Available physical RAM: 1614.09 MB
Total Virtual: 9664.8 MB
Available Virtual: 7535.29 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:58.59 GB) (Free:11.04 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 4F5F4095)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=06)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 58.7 GB) (Disk ID: 55D5A24D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=58.6 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
|
|
11.12.2015, 20:45
| #2 | |
| /// TB-Ausbilder   | infizierte .doc Datei geöffnet - Banking Trojaner? Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! Zukünftig bitte beachten: Zitat:
Bitte alle Tools direkt auf den Desktop downloaden bzw. dorthin verschieben und vom Desktop starten, da unsere Anleitungen daraufhin ausgelegt sind. Zudem lassen sich dann am Ende der Bereinigung alle verwendeten Tools sehr einfach entfernen. Alle Tools bis zum Ende der Bereinigung auf dem Desktop lassen, evtl. benötigen wir manche öfter. Schritt 1
Schritt 2 Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
|
|
11.12.2015, 21:25
| #3 |
| | infizierte .doc Datei geöffnet - Banking Trojaner? Hallo,
__________________vielen Dank für die Antwort. Anbei die Dateien, diesmal habe ich alle Programme direkt vom Desktop ausgeführt. Vielen Dank für die Hilfe  TDSSKiller hat nichts gefunden. Hier die 2 FRST Dateien und der TDSS Report: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-12-2015
Ran by BUN (administrator) on BUN (11-12-2015 21:04:54)
Running from C:\Users\BUN\Desktop
Loaded Profiles: BUN (Available Profiles: BUN)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Englisch (USA)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Beepa P/L) C:\Program Files\Fraps\fraps.exe
(SparkLabs) C:\Program Files\Viscosity\ViscosityService.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Comfort Software Group) C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
(SparkLabs) C:\Program Files\Viscosity\Viscosity.exe
(Dropbox, Inc.) C:\Users\BUN\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(Beepa P/L) C:\Program Files\Fraps\fraps64.dat
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mister Group) C:\Program Files (x86)\System Explorer\SystemExplorer.exe
(Mister Group) C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NUSB3MON] => C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe [97280 2012-04-11] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Creative SB Monitoring Utility] => RunDll32 sbavmon.dll,SBAVMonitor
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6108752 2015-11-10] (AVAST Software)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2977046599-1652667645-1297689053-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-2977046599-1652667645-1297689053-1000\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [6265624 2014-07-23] (Piriform Ltd)
HKU\S-1-5-21-2977046599-1652667645-1297689053-1000\...\Run: [TrueCrypt] => C:\Program Files\TrueCrypt\TrueCrypt.exe [1516496 2014-08-05] (TrueCrypt Foundation)
HKU\S-1-5-21-2977046599-1652667645-1297689053-1000\...\Run: [FreeAC] => C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe [1553688 2014-02-20] (Comfort Software Group)
HKU\S-1-5-21-2977046599-1652667645-1297689053-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2977046599-1652667645-1297689053-1000\...\Run: [Viscosity] => C:\Program Files\Viscosity\Viscosity.exe [1434400 2015-09-07] (SparkLabs)
HKU\S-1-5-21-2977046599-1652667645-1297689053-1000\...\Run: [Dropbox Update] => C:\Users\BUN\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-17] (Dropbox, Inc.)
HKU\S-1-5-21-2977046599-1652667645-1297689053-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [1967616 2014-04-17] (AMD)
HKU\S-1-5-21-2977046599-1652667645-1297689053-1000\...\MountPoints2: {08f5d1d1-1bba-11e4-9cce-d050991df5b3} - D:\Autorun.exe
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-27] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
Startup: C:\Users\BUN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-10-18]
ShortcutTarget: Dropbox.lnk -> C:\Users\BUN\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2
Tcpip\..\Interfaces\{117EA0DF-6107-47CA-8291-AF29CC15F5BD}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{60B6F006-A789-47D5-BC6A-265DF6BA7D9F}: [DhcpNameServer] 192.168.0.1 192.168.0.2
Tcpip\..\Interfaces\{A5E2E802-2E6C-47F5-893C-7A82D6450F94}: [DhcpNameServer] 46.246.46.46 194.132.32.23
Tcpip\..\Interfaces\{C4CB63A8-1223-4CB1-AD9C-E94D3E936B8B}: [DhcpNameServer] 192.168.0.1 192.168.0.2
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000 -> {2277E17C-2BD4-4CD4-81CC-CF6F8CC0A52D} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-18] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-18] (Oracle Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
FireFox:
========
FF ProfilePath: C:\Users\BUN\AppData\Roaming\Mozilla\Firefox\Profiles\zwsomlqj.default-1434228995644
FF Session Restore: -> is enabled.
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-08] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-07-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-08] ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-07-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll [2014-10-10] (pdfforge GmbH)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-2977046599-1652667645-1297689053-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-07-28] (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\GoogleMapsClassic.src [2014-10-09]
FF Extension: Greasemonkey - C:\Users\BUN\AppData\Roaming\Mozilla\Firefox\Profiles\zwsomlqj.default-1434228995644\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-11-21]
FF Extension: Youtube MP3 Podcaster - C:\Users\BUN\AppData\Roaming\Mozilla\Firefox\Profiles\zwsomlqj.default-1434228995644\extensions\youtubemp3podcaster@jeremy.d.gregorio.com [2015-12-03]
FF Extension: Lightbeam - C:\Users\BUN\AppData\Roaming\Mozilla\Firefox\Profiles\zwsomlqj.default-1434228995644\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2015-12-11]
FF Extension: YouTube™ Flash-HTML5 - C:\Users\BUN\AppData\Roaming\Mozilla\Firefox\Profiles\zwsomlqj.default-1434228995644\Extensions\jid1-o2qEVrZ4t5FJWu@jetpack.xpi [2015-10-26]
FF Extension: uBlock Origin - C:\Users\BUN\AppData\Roaming\Mozilla\Firefox\Profiles\zwsomlqj.default-1434228995644\Extensions\uBlock0@raymondhill.net.xpi [2015-11-22]
FF Extension: YouTube Unblocker - C:\Users\BUN\AppData\Roaming\Mozilla\Firefox\Profiles\zwsomlqj.default-1434228995644\Extensions\youtubeunblocker__web@unblocker.yt [2015-12-02]
FF Extension: BugMeNot Plugin - C:\Users\BUN\AppData\Roaming\Mozilla\Firefox\Profiles\zwsomlqj.default-1434228995644\Extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}.xpi [2015-09-29]
FF Extension: Easy Youtube Video Downloader Express - C:\Users\BUN\AppData\Roaming\Mozilla\Firefox\Profiles\zwsomlqj.default-1434228995644\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2015-12-04]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-27] (AVAST Software)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-10-09] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-10-09] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [File not signed]
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [38200 2015-03-19] (The OpenVPN Project)
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-10-10] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-10-10] (pdfforge GmbH)
R3 SystemExplorerHelpService; C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe [820960 2014-12-20] (Mister Group)
R2 ViscosityService; C:\Program Files\Viscosity\ViscosityService.exe [83232 2015-09-07] (SparkLabs)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]
S3 FirebirdServerMAGIXInstance; J:\Programme\Common\Database\bin\fbserver.exe [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 APXACC; C:\Windows\System32\DRIVERS\appexDrv.sys [225504 2014-03-28] (AppEx Networks Corporation)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49048 2012-07-18] (Asmedia Technology)
R3 AsrVDrive; C:\Windows\System32\DRIVERS\AsrVDrive.sys [23048 2011-01-26] (ASRock Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-27] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-27] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-27] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-27] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-10] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150160 2015-07-27] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-27] (AVAST Software)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-04] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R3 ksaud; C:\Windows\System32\drivers\ksaud.sys [1148288 2011-07-06] (Creative Technology Ltd.)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
S2 SVKP; C:\Windows\SysWOW64\SVKP.sys [2368 2014-08-23] (AntiCracking) [File not signed]
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
S3 visctap0901; C:\Windows\System32\DRIVERS\visctap0901.sys [34440 2015-09-07] (The OpenVPN Project)
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-11 21:02 - 2015-12-11 21:03 - 04676456 _____ (Kaspersky Lab ZAO) C:\Users\BUN\Downloads\tdsskiller.exe
2015-12-11 20:29 - 2015-12-11 20:36 - 00000000 ____D C:\ProgramData\SystemExplorer
2015-12-11 20:29 - 2015-12-11 20:29 - 01917528 _____ (Mister Group ) C:\Users\BUN\Downloads\SystemExplorerSetup_700.exe
2015-12-11 20:29 - 2015-12-11 20:29 - 00001090 _____ C:\Users\Public\Desktop\System Explorer.lnk
2015-12-11 20:29 - 2015-12-11 20:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Explorer
2015-12-11 20:29 - 2015-12-11 20:29 - 00000000 ____D C:\Program Files (x86)\System Explorer
2015-12-11 18:32 - 2015-12-11 18:33 - 00045832 _____ C:\Users\BUN\Desktop\Addition.txt
2015-12-11 18:31 - 2015-12-11 21:05 - 00022759 _____ C:\Users\BUN\Desktop\FRST.txt
2015-12-11 18:31 - 2015-12-11 21:04 - 00000000 ____D C:\FRST
2015-12-11 18:30 - 2015-12-11 18:30 - 02369024 _____ (Farbar) C:\Users\BUN\Desktop\FRST64.exe
2015-12-11 11:35 - 2015-12-11 11:35 - 00246154 _____ C:\Users\BUN\AppData\Local\recently-used.xbel
2015-12-11 10:44 - 2015-12-11 13:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-09 12:47 - 2015-11-20 19:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-09 12:47 - 2015-11-20 19:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-09 12:47 - 2015-11-20 19:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-09 12:47 - 2015-11-20 19:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-09 12:47 - 2015-11-20 19:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-09 12:47 - 2015-11-20 19:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-09 12:47 - 2015-11-20 19:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-12-09 12:47 - 2015-11-20 19:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-09 12:47 - 2015-11-20 19:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-09 12:47 - 2015-11-20 19:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-12-09 12:47 - 2015-11-20 19:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-12-09 12:47 - 2015-11-20 19:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-12-09 12:47 - 2015-11-20 19:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-12-09 12:47 - 2015-11-20 19:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-12-09 12:47 - 2015-11-20 19:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-12-09 12:47 - 2015-11-20 19:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-12-09 12:47 - 2015-11-11 19:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-09 12:47 - 2015-11-11 19:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-09 12:47 - 2015-11-11 19:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-09 12:47 - 2015-11-11 19:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-09 12:47 - 2015-11-10 19:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-09 12:47 - 2015-11-10 19:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-09 12:47 - 2015-11-10 19:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-09 12:47 - 2015-11-10 19:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-09 12:47 - 2015-11-10 19:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-09 12:47 - 2015-11-10 18:47 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-09 12:47 - 2015-11-05 20:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2015-12-09 12:47 - 2015-11-05 20:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2015-12-09 12:47 - 2015-11-05 10:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-09 12:47 - 2015-11-03 20:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-12-09 12:47 - 2015-11-03 19:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-12-09 12:46 - 2015-11-11 22:12 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-09 12:46 - 2015-11-11 21:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-09 12:46 - 2015-11-11 17:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-09 12:46 - 2015-11-11 17:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-09 12:46 - 2015-11-11 16:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-12-09 12:46 - 2015-11-11 16:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-09 12:46 - 2015-11-11 16:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-09 12:46 - 2015-11-11 16:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-09 12:46 - 2015-11-11 15:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-12-09 12:46 - 2015-11-10 01:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-12-09 12:46 - 2015-11-10 01:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-09 12:46 - 2015-11-10 01:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-12-09 12:46 - 2015-11-10 01:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-12-09 12:46 - 2015-11-10 01:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-12-09 12:46 - 2015-11-10 01:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-12-09 12:46 - 2015-11-10 01:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-09 12:46 - 2015-11-10 01:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-12-09 12:46 - 2015-11-10 01:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-12-09 12:46 - 2015-11-10 01:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-09 12:46 - 2015-11-10 01:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-12-09 12:46 - 2015-11-10 01:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-09 12:46 - 2015-11-10 01:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-12-09 12:46 - 2015-11-10 00:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-12-09 12:46 - 2015-11-10 00:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-12-09 12:46 - 2015-11-10 00:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-09 12:46 - 2015-11-10 00:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-12-09 12:46 - 2015-11-10 00:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-12-09 12:46 - 2015-11-10 00:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-09 12:46 - 2015-11-10 00:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-09 12:46 - 2015-11-10 00:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-12-09 12:46 - 2015-11-10 00:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-09 12:46 - 2015-11-10 00:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-09 12:46 - 2015-11-10 00:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-12-09 12:46 - 2015-11-08 23:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-12-09 12:46 - 2015-11-08 23:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-12-09 12:46 - 2015-11-08 23:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-12-09 12:46 - 2015-11-08 23:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-09 12:46 - 2015-11-08 23:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-09 12:46 - 2015-11-08 23:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-12-09 12:46 - 2015-11-08 23:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-12-09 12:46 - 2015-11-08 23:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-12-09 12:46 - 2015-11-08 23:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-12-09 12:46 - 2015-11-08 23:06 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-12-09 12:46 - 2015-11-08 23:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-09 12:46 - 2015-11-08 23:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-09 12:46 - 2015-11-08 23:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-09 12:46 - 2015-11-08 23:01 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-12-09 12:46 - 2015-11-08 23:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-12-09 12:46 - 2015-11-08 23:01 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-12-09 12:46 - 2015-11-08 22:52 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-12-09 12:46 - 2015-11-08 22:48 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-12-09 12:46 - 2015-11-08 22:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-12-09 12:46 - 2015-11-08 22:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-12-09 12:46 - 2015-11-08 22:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-09 12:46 - 2015-11-08 22:29 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-12-09 12:46 - 2015-11-08 22:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-09 12:46 - 2015-11-08 22:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-09 12:46 - 2015-11-08 22:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-09 12:46 - 2015-11-08 22:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-09 12:46 - 2015-11-08 22:14 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-12-09 12:46 - 2015-11-08 22:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-09 12:46 - 2015-11-08 21:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-09 12:46 - 2015-11-08 21:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-09 12:46 - 2015-11-08 21:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-12-09 12:46 - 2015-11-03 20:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2015-12-09 12:46 - 2015-11-03 19:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2015-12-06 22:25 - 2015-12-06 22:25 - 00000000 _____ C:\Users\BUN\Desktop\19-20 maa kat.txt
2015-12-05 16:00 - 2015-12-05 16:00 - 00001135 _____ C:\Users\Public\Desktop\Cossacks - European Wars.lnk
2015-12-05 16:00 - 2015-12-05 16:00 - 00001121 _____ C:\Users\Public\Desktop\Cossacks - Back To War.lnk
2015-12-05 16:00 - 2015-12-05 16:00 - 00001046 _____ C:\Users\Public\Desktop\Cossacks - Art Of War.lnk
2015-12-04 19:34 - 2015-12-04 19:34 - 25357772 _____ C:\Users\BUN\Downloads\VCStarterV1.65.1.zip
2015-12-04 18:47 - 2015-12-04 18:47 - 04147600 _____ ($Co_Name Inc.) C:\Users\BUN\Downloads\unifying250.exe
2015-12-04 04:18 - 2015-12-04 04:18 - 18483337 _____ (Wrye Bash development team) C:\Users\BUN\Downloads\Wrye Bash 306 - Installer-1840-306.exe
2015-12-04 04:18 - 2015-12-04 04:18 - 00000000 ____D C:\Users\BUN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wrye Bash
2015-12-04 04:15 - 2015-12-04 04:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oblivion Mod Manager
2015-12-04 04:14 - 2015-12-04 04:14 - 01668612 _____ C:\Users\BUN\Downloads\obmm 1_1_12 full installer-2097.zip
2015-12-03 21:58 - 2015-12-03 21:58 - 10226263 _____ C:\Users\BUN\Downloads\Patch.v1.01.rar
2015-12-03 21:58 - 2015-12-03 21:58 - 07987371 _____ C:\Users\BUN\Downloads\vietcong_v141.7z
2015-12-03 19:24 - 2015-12-03 19:24 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2015-12-03 19:24 - 2015-12-03 19:24 - 00000000 ____D C:\Program Files\Common Files\AV
2015-12-03 16:21 - 2015-12-03 19:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2015-11-30 21:35 - 2015-11-30 21:35 - 00000000 _____ C:\Users\BUN\Desktop\12.12 hannah geb
2015-11-30 02:28 - 2015-11-30 02:28 - 00049133 _____ C:\Users\BUN\Desktop\Rücksendung Nähmaschine fuss fehlt.pdf
2015-11-25 23:39 - 2015-11-25 23:39 - 00000000 _____ C:\Users\BUN\Desktop\28.12 sperrmüll mariola.txt
2015-11-20 20:50 - 2015-11-20 20:51 - 56909694 _____ C:\Users\BUN\Downloads\Waving The Guns - Pflaster.mp4
2015-11-20 19:58 - 2015-11-20 19:59 - 17068918 _____ C:\Users\BUN\Downloads\Spax - Neuseeland.mp4
2015-11-18 00:48 - 2015-11-27 19:26 - 00008022 _____ C:\Users\BUN\.heldEinstellungen4_1.xml
2015-11-18 00:48 - 2015-11-27 19:26 - 00000000 ____D C:\Users\BUN\helden
2015-11-18 00:45 - 2015-11-18 15:02 - 00000000 ____D C:\Users\BUN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Helden-Software
2015-11-18 00:45 - 2015-11-18 00:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Helden-Software
2015-11-16 23:13 - 2015-11-16 23:13 - 11228750 _____ C:\Users\BUN\Downloads\media-540ec999.wav
2015-11-16 23:08 - 2015-11-16 23:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MIDI4all
2015-11-16 23:08 - 2015-11-16 23:08 - 00000000 ____D C:\Program Files (x86)\MIDI4all
2015-11-16 23:07 - 2015-11-16 23:07 - 93092356 _____ (Webdesign-Forum.de ) C:\Users\BUN\Downloads\setup_1_.exe
2015-11-16 22:55 - 2015-11-16 23:01 - 00001647 _____ C:\Users\BUN\Desktop\test.MID
2015-11-16 22:55 - 2015-11-16 22:55 - 00039832 _____ C:\Users\BUN\Desktop\test.LSO
2015-11-16 22:39 - 2015-11-16 22:39 - 00013668 _____ C:\Windows\Logic Fun.PRF
2015-11-16 22:24 - 2015-11-16 22:24 - 00000000 ____D C:\Users\BUN\Downloads\LogicFunPC
2015-11-16 22:24 - 2015-11-16 22:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\emagic
2015-11-16 22:24 - 2015-11-16 22:24 - 00000000 ____D C:\Program Files (x86)\emagic
2015-11-16 22:24 - 1999-12-17 10:13 - 00086016 _____ (MindVision Software) C:\Windows\unvise32.exe
2015-11-16 22:23 - 2015-11-16 22:23 - 08138153 _____ C:\Users\BUN\Downloads\LogicFunPC.zip
2015-11-16 22:08 - 2015-11-16 22:10 - 00000000 ____D C:\Program Files (x86)\milkytracker-0.90.86-winnt
2015-11-16 22:07 - 2015-11-16 22:07 - 01416674 _____ C:\Users\BUN\Downloads\milkytracker-0.90.86-winnt.zip
2015-11-16 21:59 - 2015-11-16 22:09 - 00003314 _____ C:\Windows\DMUSProd.INI
2015-11-16 21:59 - 2015-11-16 22:01 - 00000000 ____D C:\Users\BUN\Documents\DMUSProducer
2015-11-16 21:59 - 2015-11-16 21:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft DirectMusic
2015-11-16 21:59 - 2015-11-16 21:59 - 00000000 ____D C:\Program Files (x86)\Microsoft DirectMusic Producer
2015-11-16 21:59 - 1999-02-22 00:00 - 00241672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSFLXGRD.OCX
2015-11-16 21:59 - 1997-08-26 12:06 - 00315904 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe
2015-11-16 21:57 - 2015-11-16 21:58 - 10339192 _____ C:\Users\BUN\Downloads\DX81MusicProducer.exe
2015-11-16 17:48 - 2015-11-16 17:48 - 19050975 _____ C:\Users\BUN\Downloads\Sekaiju4.5.zip
2015-11-16 17:48 - 2015-11-16 17:48 - 00000000 ____D C:\Program Files (x86)\Sekaiju4.5
2015-11-16 17:46 - 2015-11-16 17:46 - 00047244 _____ C:\Users\BUN\Downloads\05- Makin´ Whoopee - Gerry Mulligan.mid
2015-11-16 17:41 - 2015-11-16 17:50 - 00000000 ____D C:\Program Files (x86)\AmazingMIDI
2015-11-16 17:41 - 2015-11-16 17:41 - 00000000 ____D C:\Users\BUN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AmazingMIDI
2015-11-16 17:41 - 2015-11-16 17:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AmazingMIDI
2015-11-16 17:40 - 2015-11-16 17:40 - 00761380 _____ C:\Users\BUN\Downloads\azmid170.exe
2015-11-15 22:25 - 2015-11-16 02:05 - 00000236 _____ C:\Users\BUN\Desktop\samples.txt
2015-11-12 19:50 - 2015-11-12 19:50 - 00000000 ____D C:\Users\BUN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-11-11 15:19 - 2015-10-20 02:12 - 05570496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-11 15:19 - 2015-10-20 02:12 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-11 15:19 - 2015-10-20 02:12 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-11 15:19 - 2015-10-20 02:09 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-11 15:19 - 2015-10-20 02:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-11-11 15:19 - 2015-10-20 02:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-11-11 15:19 - 2015-10-20 02:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-11-11 15:19 - 2015-10-20 02:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-11-11 15:19 - 2015-10-20 02:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-11 15:19 - 2015-10-20 02:05 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-11-11 15:19 - 2015-10-20 02:05 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-11-11 15:19 - 2015-10-20 02:05 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-11 15:19 - 2015-10-20 02:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-11-11 15:19 - 2015-10-20 02:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-11-11 15:19 - 2015-10-20 02:05 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-11 15:19 - 2015-10-20 02:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-11-11 15:19 - 2015-10-20 02:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-11 15:19 - 2015-10-20 02:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-11-11 15:19 - 2015-10-20 02:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-11-11 15:19 - 2015-10-20 02:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-11-11 15:19 - 2015-10-20 02:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-11-11 15:19 - 2015-10-20 02:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-11-11 15:19 - 2015-10-20 02:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-11-11 15:19 - 2015-10-20 02:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-11-11 15:19 - 2015-10-20 02:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-11-11 15:19 - 2015-10-20 02:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-11-11 15:19 - 2015-10-20 02:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-11-11 15:19 - 2015-10-20 02:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-11-11 15:19 - 2015-10-20 02:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-11-11 15:19 - 2015-10-20 02:04 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-11-11 15:19 - 2015-10-20 02:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-11-11 15:19 - 2015-10-20 02:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-11-11 15:19 - 2015-10-20 02:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-11-11 15:19 - 2015-10-20 01:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-11-11 15:19 - 2015-10-20 01:53 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-11-11 15:19 - 2015-10-20 01:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-11-11 15:19 - 2015-10-20 01:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:53 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-11-11 15:19 - 2015-10-20 01:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-11-11 15:19 - 2015-10-20 01:48 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-11-11 15:19 - 2015-10-20 01:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-11 15:19 - 2015-10-20 01:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-11-11 15:19 - 2015-10-20 01:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-11 15:19 - 2015-10-20 01:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-11 15:19 - 2015-10-20 01:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-11-11 15:19 - 2015-10-20 01:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-11-11 15:19 - 2015-10-20 01:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-11-11 15:19 - 2015-10-20 01:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-11-11 15:19 - 2015-10-20 01:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-11-11 15:19 - 2015-10-20 01:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-11-11 15:19 - 2015-10-20 01:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-11-11 15:19 - 2015-10-20 01:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-11-11 15:19 - 2015-10-20 01:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-11-11 15:19 - 2015-10-20 01:44 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-11-11 15:19 - 2015-10-20 01:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-11-11 15:19 - 2015-10-20 01:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-11-11 15:19 - 2015-10-20 01:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-11-11 15:19 - 2015-10-20 01:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-11-11 15:19 - 2015-10-20 01:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-11-11 15:19 - 2015-10-20 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-11-11 15:19 - 2015-10-20 01:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-11-11 15:19 - 2015-10-20 01:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-11-11 15:19 - 2015-10-20 01:35 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:35 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 00:41 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-11 15:19 - 2015-10-20 00:40 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-11-11 15:19 - 2015-10-20 00:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-11 15:19 - 2015-10-20 00:29 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-11-11 15:19 - 2015-10-20 00:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-11-11 15:19 - 2015-10-20 00:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 00:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 00:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-11 15:19 - 2015-10-20 00:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-11 15:19 - 2015-09-23 14:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-11 15:19 - 2015-09-23 14:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-11 15:19 - 2015-09-23 14:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2015-11-11 15:18 - 2015-10-13 17:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-11 15:18 - 2015-10-13 17:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-11 15:18 - 2015-10-13 05:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-11-11 15:18 - 2015-10-01 19:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-11-11 15:18 - 2015-10-01 19:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-11-11 15:18 - 2015-10-01 18:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-11 20:51 - 2014-08-03 23:39 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-11 20:34 - 2009-07-14 05:45 - 00022528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-11 20:34 - 2009-07-14 05:45 - 00022528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-11 18:32 - 2009-07-14 04:20 - 00000000 ____D C:\Windows
2015-12-11 18:17 - 2014-08-03 23:48 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2015-12-11 18:15 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2015-12-11 17:22 - 2014-08-05 19:45 - 00696932 _____ C:\Windows\system32\perfh007.dat
2015-12-11 17:22 - 2014-08-05 19:45 - 00148900 _____ C:\Windows\system32\perfc007.dat
2015-12-11 17:22 - 2009-07-14 06:13 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-11 17:18 - 2015-02-07 01:24 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-11 17:18 - 2014-10-18 17:54 - 00003152 _____ C:\Windows\System32\Tasks\FRAPS
2015-12-11 17:18 - 2014-10-18 17:53 - 00000000 ____D C:\Program Files\Fraps
2015-12-11 17:18 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-11 16:36 - 2014-08-03 23:31 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2015-12-11 14:45 - 2014-08-03 23:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-11 13:47 - 2014-09-07 19:02 - 00000000 ____D C:\Users\BUN\.gimp-2.8
2015-12-11 11:35 - 2014-09-07 19:05 - 00000000 ____D C:\Users\BUN\AppData\Local\gtk-2.0
2015-12-11 08:26 - 2014-08-03 23:22 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-12-11 00:21 - 2014-08-05 22:18 - 00000000 ____D C:\Users\BUN\AppData\Roaming\vlc
2015-12-10 20:48 - 2014-09-15 19:55 - 00000000 ____D C:\Users\BUN\Documents\Rezepte
2015-12-10 16:49 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2015-12-10 12:17 - 2009-07-14 05:45 - 04858136 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-09 21:08 - 2014-08-04 10:40 - 00000000 ____D C:\Windows\system32\MRT
2015-12-09 21:01 - 2014-08-04 10:40 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-09 12:16 - 2014-08-04 12:38 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\systemcpl.dll
2015-12-09 12:16 - 2014-08-04 12:37 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\slwga.dll
2015-12-09 12:16 - 2014-08-04 12:37 - 00013824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\slwga.dll
2015-12-08 23:59 - 2014-11-02 23:21 - 00001208 _____ C:\Windows\scummvm.ini
2015-12-08 23:51 - 2014-08-03 23:39 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-08 23:51 - 2014-08-03 23:39 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-08 23:51 - 2014-08-03 23:39 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-06 14:40 - 2014-10-09 15:35 - 00000311 ___RH C:\Windows\ctfile.rfc
2015-12-05 16:01 - 2014-08-06 20:17 - 00000000 ____D C:\Users\BUN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-12-05 16:00 - 2014-11-18 23:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2015-12-05 15:55 - 2015-01-27 21:59 - 00000000 ____D C:\Users\BUN\AppData\Roaming\Dropbox
2015-12-04 18:50 - 2015-01-13 23:27 - 00000000 ____D C:\Users\BUN\AppData\Local\Logitech
2015-12-04 18:49 - 2014-08-03 23:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-12-04 04:21 - 2014-08-16 20:00 - 00000023 _____ C:\Windows\BlendSettings.ini
2015-12-03 21:31 - 2015-02-07 01:24 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-03 21:31 - 2015-02-07 01:24 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-03 21:31 - 2015-02-07 01:24 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-03 17:39 - 2014-11-06 16:56 - 00000000 ____D C:\Users\BUN\AppData\Roaming\Skype
2015-12-02 13:18 - 2014-08-03 23:13 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-11-27 19:27 - 2014-11-18 12:38 - 00000000 ____D C:\Users\BUN\Documents\dsa
2015-11-27 19:16 - 2015-02-11 02:02 - 00000417 _____ C:\Users\BUN\.dsa4.properties
2015-11-27 19:16 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-11-26 11:26 - 2014-08-04 11:08 - 00000000 ____D C:\Users\BUN\AppData\Roaming\DAEMON Tools Lite
2015-11-25 19:29 - 2015-06-16 19:31 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-24 22:02 - 2014-08-28 20:31 - 00000034 _____ C:\Users\BUN\AppData\Roaming\AdobeWLCMCache.dat
2015-11-23 13:30 - 2015-01-15 21:46 - 00000000 ____D C:\Users\BUN\AppData\Roaming\Media Player Classic
2015-11-18 00:48 - 2014-08-03 21:19 - 00000000 ____D C:\Users\BUN
2015-11-18 00:47 - 2015-02-11 03:09 - 00085037 _____ C:\Users\BUN\helden.xml
2015-11-18 00:47 - 2015-02-11 02:02 - 00003708 _____ C:\Users\BUN\.heldEinstellungen.xml
2015-11-16 22:34 - 2014-08-03 23:15 - 00067840 _____ C:\Users\BUN\AppData\Local\GDIPFONTCACHEV1.DAT
2015-11-16 22:24 - 2009-07-14 03:34 - 00000455 _____ C:\Windows\win.ini
2015-11-13 15:01 - 2009-07-14 08:45 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-11-11 17:47 - 2014-08-03 23:18 - 01590136 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-11-11 17:46 - 2009-07-14 08:46 - 00000000 ____D C:\Program Files\Windows Journal
==================== Files in the root of some directories =======
2014-08-28 20:31 - 2015-11-24 22:02 - 0000034 _____ () C:\Users\BUN\AppData\Roaming\AdobeWLCMCache.dat
2014-10-17 12:46 - 2014-12-26 19:47 - 0000803 _____ () C:\Users\BUN\AppData\Roaming\gnuplot_history
2015-02-01 23:44 - 2015-02-01 23:44 - 0000331 ____H () C:\Users\BUN\AppData\Local\CacheConfig.dat
2015-12-11 11:35 - 2015-12-11 11:35 - 0246154 _____ () C:\Users\BUN\AppData\Local\recently-used.xbel
2009-02-24 11:40 - 2009-02-24 11:40 - 0001026 _____ () C:\ProgramData\cfSB0270.ini
2009-02-24 11:40 - 2009-02-24 11:40 - 0001026 _____ () C:\ProgramData\cfSB0271.ini
2009-02-24 11:40 - 2009-02-24 11:40 - 0001302 _____ () C:\ProgramData\cfSB0300.ini
2009-02-24 11:40 - 2009-02-24 11:40 - 0001282 _____ () C:\ProgramData\cfSB0471.ini
2009-02-24 11:40 - 2009-02-24 11:40 - 0001208 _____ () C:\ProgramData\cfSB0490.ini
2009-02-24 11:40 - 2009-02-24 11:40 - 0001027 _____ () C:\ProgramData\cfSB0560.ini
2009-02-24 11:40 - 2009-02-24 11:40 - 0001352 _____ () C:\ProgramData\cfSB0910.ini
2009-02-24 11:40 - 2009-02-24 11:40 - 0000590 _____ () C:\ProgramData\cfSB0950.ini
2009-02-24 11:40 - 2009-02-24 11:40 - 0001352 _____ () C:\ProgramData\cfSB1090.ini
2009-02-24 11:40 - 2009-02-24 11:40 - 0001346 _____ () C:\ProgramData\cfSB1100.ini
Some files in TEMP:
====================
C:\Users\BUN\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpij6bwb.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-13 15:36
==================== End of FRST.txt ============================
--- --- --- [CODE]Additional FRST Logfile: FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version:09-12-2015
Ran by BUN (2015-12-11 21:05:47)
Running from C:\Users\BUN\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2014-08-03 20:18:57)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2977046599-1652667645-1297689053-500 - Administrator - Disabled)
BUN (S-1-5-21-2977046599-1652667645-1297689053-1000 - Administrator - Enabled) => C:\Users\BUN
Guest (S-1-5-21-2977046599-1652667645-1297689053-501 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - emc, uTorrent.CZ)
ACDSee 17 (HKLM-x32\...\{A47900DC-2011-46C8-8E07-5BDD9D83DE47}) (Version: 17.1.68 - ACD Systems International Inc.)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.22.87 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
Age of Empires II - The Conquerors - 1.0e Patch FINAL (HKLM-x32\...\Age of Empires II - The Conquerors - 1.0e Patch FINAL_is1) (Version: 1.0e - tOrMeNtIuM/m0d)
AmazingMIDI (HKLM-x32\...\AmazingMIDI) (Version: - )
AMD Catalyst Install Manager (HKLM\...\{6119B3A6-3603-9695-0398-CDF2AF0A13F8}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.10.0.0 - AppEx Networks)
Anno 1503 GOLD (HKLM-x32\...\Anno 1503 GOLD_is1) (Version: - GamersGate)
Armagetron Advanced 0.2.8.3.2 (HKLM-x32\...\Armagetron Advanced) (Version: 0.2.8.3.2 - Armagetron Advanced Team)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.8.000 - Asmedia Technology)
ASRock 3TB+ Unlocker v1.1 (HKLM\...\ASRock 3TB+ Unlocker_is1) (Version: - ASRock Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2223 - AVAST Software)
Bastion (HKLM-x32\...\Bastion_is1) (Version: - )
Broken Sword - The Shadow of the Templars (HKLM-x32\...\Broken Sword - The Shadow of the Templars_is1) (Version: - GOG.com)
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Cossacks Anthology (HKLM-x32\...\Cossacks Anthology_is1) (Version: - GOG.com)
Creative ALchemy (HKLM-x32\...\ALchemy) (Version: 1.43 - Creative Technology Limited)
Creative Audio-Systemsteuerung (HKLM-x32\...\AudioCS) (Version: 2.00 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Das Schwarze Auge (HKLM-x32\...\{9309441A-73B1-4A26-8A78-57E298DC2D02}) (Version: 1.0.0 - JoWood)
Diablo II (HKLM-x32\...\Diablo II) (Version: - )
Dropbox (HKU\S-1-5-21-2977046599-1652667645-1297689053-1000\...\Dropbox) (Version: 3.10.11 - Dropbox, Inc.)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Fahrenheit (Indigo Prophecy) (HKLM-x32\...\GOGPACKFAHRENHEIT_is1) (Version: 2.0.0.7 - GOG.com)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\Firebird SQL Server D) (Version: 2.0.1.13 - MAGIX AG)
Five Nights at Freddy's (HKU\S-1-5-21-2977046599-1652667645-1297689053-1000\...\Five Nights at Freddy's) (Version: - )
Fraps (HKLM-x32\...\Fraps) (Version: - )
Free Alarm Clock 3.1.0 (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 3.1 - Comfort Software Group)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
gnuplot 4.6.6 (HKLM-x32\...\{AB419AC3-9BC1-4EC5-A75B-4D8870DD651F}_is1) (Version: 4.6.6 - gnuplot development team)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Gothic (HKLM-x32\...\{BBF10B37-4ED3-11D5-A818-00500435FC18}) (Version: - )
Gothic II - Die Nacht des Raben (HKLM-x32\...\Gothic II - Die Nacht des Raben) (Version: - JoWooD Productions Software AG)
Gothic II (HKLM-x32\...\Gothic II) (Version: - JoWooD Productions Software AG)
Gothic Multiplayer (HKLM-x32\...\Gothic Multiplayer) (Version: 0.1.9 - Gothic Multiplayer Team)
Gothic_Patch (HKLM-x32\...\{302AC480-43D2-11D5-A818-00500435FC18}) (Version: - )
GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.15) (Version: 9.15 - Artifex Software Inc.)
Grand Theft Auto Vice City (HKU\S-1-5-21-2977046599-1652667645-1297689053-1000\...\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}) (Version: 1.00.000 - )
GTA San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games)
Half-Life 2 (HKU\S-1-5-21-2977046599-1652667645-1297689053-1000\...\Half-Life 2) (Version: - )
Heroes of Annihilated Empires (HKLM-x32\...\Heroes of Annihilated Empires_is1) (Version: - GSC Game World)
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
Image Resizer for Windows (64 bit) (Version: 3.0.4802.35565 - Brice Lambson) Hidden
Image Resizer for Windows (HKLM-x32\...\{69d72156-6582-4556-8637-06f40aa7f85b}) (Version: 3.0.4802.35565 - Brice Lambson)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Logic Fun 4.8 (HKLM-x32\...\Logic Fun 4.8) (Version: - )
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech)
Logitech Unifying-Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
MAGIX Music Maker for MySpace 15.0.1.8 (D) (HKLM-x32\...\MAGIX Music Maker for MySpace D) (Version: 15.0.1.8 - MAGIX AG)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - )
Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version: - )
Microsoft DirectMusic Producer (HKLM-x32\...\DirectMusic Producer) (Version: - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
MIDI4all (HKLM-x32\...\{668B80AF-D98F-42FC-8EE1-36252B03C5C9}_is1) (Version: MIDI4all 1.5 - Webdesign-Forum.de)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
MiniTool Partition Wizard Home Edition 8.1.1 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
Mozilla Firefox 43.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 43.0 (x86 de)) (Version: 43.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.0.5820 - Mozilla)
Mozilla Thunderbird 38.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 38.4.0 (x86 de)) (Version: 38.4.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NehrimUninstaller (HKLM-x32\...\Nehrim - Am Rande des Schicksals_is1) (Version: 1.0.0 - SureAI)
Nidhogg (HKLM-x32\...\TmlkaG9nZw==_is1) (Version: 1 - )
Nidhogg incl. Update 1 (HKLM-x32\...\TmlkaG9nZ2luY2xVcGRhdGUx_is1) (Version: 1 - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.7 - Notepad++ Team)
Oblivion - Horse Armor Pack (HKLM-x32\...\{3ABEBD00-299D-4DCA-967F-B912163AB5EA}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion - Knights of the Nine (HKLM-x32\...\{14C87AA7-08E6-419F-A165-998EBE5023D7}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion - Thieves Den (HKLM-x32\...\{FFFFFD17-B460-41EB-93F1-C48ABAD63828}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion - Vile Lair (HKLM-x32\...\{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion - Wizard's Tower (HKLM-x32\...\{2F2E3D62-8B8C-448F-8900-451325E50948}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion (HKLM-x32\...\{35CB6715-41F8-4F99-8881-6FC75BF054B0}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion mod manager 1.1.12 (HKLM-x32\...\Oblivion mod manager_is1) (Version: - Timeslip)
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
OpenVPN 2.3.6-I603 (HKLM\...\OpenVPN) (Version: 2.3.6-I603 - )
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version: - )
PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.24.16092 - pdfforge GmbH)
PDF Architect 2 Edit Module (HKLM-x32\...\{8B0A956F-9BE6-495B-AF80-7B5B42061D79}) (Version: 2.1.6.19758 - pdfforge GmbH)
PDF Architect 2 View Module (HKLM-x32\...\{D691E998-CF53-4F6C-AC20-E4284660E0E7}) (Version: 2.1.6.19758 - pdfforge GmbH)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.309.0 - Tracker Software Products Ltd)
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.9 - )
pidgin-otr 4.0.0-1 (HKLM-x32\...\pidgin-otr) (Version: 4.0.0-1 - Cypherpunks CA)
Project 64 version 2.1.0.1 (HKLM-x32\...\Project 64_is1) (Version: 2.1.0.1 - )
Project Nomads (HKLM-x32\...\Project Nomads) (Version: - )
Python 2.7.9 (HKLM-x32\...\{79F081BF-7454-43DB-BD8F-9EE596813232}) (Version: 2.7.9150 - Python Software Foundation)
RCT3 Soaked (HKLM-x32\...\{EA926717-CE5A-4CB4-AB21-9E6E9565A458}) (Version: 1.00.000 - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.86.508.2014 - Realtek)
Reason 5.0 (HKLM-x32\...\Reason5_is1) (Version: 5.0 - Propellerhead Software AB)
RollerCoaster Tycoon 2 (HKLM-x32\...\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}) (Version: - )
RollerCoaster Tycoon® 3 (HKLM-x32\...\{907B4640-266B-4A21-92FB-CD1A86CD0F63}) (Version: 1.00.000 - )
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Satti's Texturpatch 1.5 (HKLM-x32\...\Sattis_Texturpatch) (Version: - )
Schein version 1.0.7 (HKLM-x32\...\{E17A3A24-0365-40AB-9D0C-9FB11E2035DF}_is1) (Version: 1.0.7 - Zeppelin Studio)
Sins of a Solar Empire Trinity (HKLM-x32\...\Sins of a Solar Empire Trinity_is1) (Version: - Stardock Entertainment)
Skype™ 6.22 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.104 - Skype Technologies S.A.)
Soldat 1.6.8 (HKLM-x32\...\Soldat_is1) (Version: 1.6.8 - Michal Marcinkowski)
Stream What You Hear (SWYH) Version 1.4 (HKLM-x32\...\{5FBEA9D3-668E-4B88-BF6C-E1BCF441ECFD}_is1) (Version: 1.4 - Sebastien.warin.fr)
Stronghold Crusader Extreme (HKLM-x32\...\{8C3727F2-8E37-49E4-820C-03B1677F53B6}) (Version: 1.20.0000 - Firefly Studios)
Stronghold HD (HKLM-x32\...\GOGPACKSTRONGHOLDHD_is1) (Version: 2.0.0.3 - GOG.com)
System Explorer 7.0.0 (HKLM-x32\...\{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1) (Version: - Mister Group)
TAP-Windows 9.21.1 (HKLM\...\TAP-Windows) (Version: 9.21.1 - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeXnicCenter Version 2.02 Stable (HKLM\...\TeXnicCenter_is1) (Version: 2.02 Stable - The TeXnicCenter Team)
The Forest v0.05 (HKLM-x32\...\The Forest v0.050.05) (Version: 0.05 - Friends in War)
ThielHater's Texturepatch v1.0.2 (HKLM-x32\...\ThielHater's Texturepatch_is1) (Version: 1.0 - ThielHater © 2007-2009)
Tropico (HKLM-x32\...\{818FB39B-1A57-4F1B-A54D-391C33D6C586}) (Version: - )
Tropico: Paradise Island (HKLM-x32\...\{2BAE6A53-E241-11D5-873A-0050DABC2539}) (Version: - )
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Viscosity 1.5.10 (1385) (HKLM\...\{CC85567E-DC83-4BB5-AD77-D84514C0D059}_is1) (Version: 1.5.10.1385 - SparkLabs)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.5-3 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
Wrye Bash (HKLM-x32\...\Wrye Bash) (Version: 0.3.0.6 - Wrye & Wrye Bash Development Team)
XnView 2.31 (HKLM-x32\...\XnView_is1) (Version: 2.31 - Gougelet Pierre-e)
Zip Motion Block Video codec (Remove Only) (HKLM-x32\...\ZMBV) (Version: - DOSBox Team)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\BUN\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
==================== Restore Points =========================
ATTENTION: System Restore is disabled
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2015-03-12 21:08 - 00002046 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {03AB49A5-CC1F-4044-AF72-91F3E69A8FDA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-08] (Adobe Systems Incorporated)
Task: {16C1E1F5-F59B-4E1C-8CA2-FBB7FB12C859} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-07] (Google Inc.)
Task: {18D48FFE-AE2F-4642-BB8F-CF15C47F81D7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-07] (Google Inc.)
Task: {1EC69B59-7666-4A24-AF6C-637CE27473C2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {355CFB12-189B-493A-ADB5-9B96C9D74F01} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2015-12-03] (AVAST Software)
Task: {4CB05B81-66DC-417A-871C-8CECCCCF3CED} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2977046599-1652667645-1297689053-1000UA => C:\Users\BUN\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17] (Dropbox, Inc.)
Task: {6D5B4D38-B347-477E-B301-F51657FB517D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-27] (AVAST Software)
Task: {730E85AC-B028-4795-BB3D-6FE5291F5051} - System32\Tasks\FRAPS => C:\Program Files\Fraps\fraps.exe [2013-02-26] (Beepa P/L)
Task: {7E35BD39-3E00-4443-B3FA-F04EF93AF19C} - System32\Tasks\AdobeAAMUpdater-1.0-BUN-BUN => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {AFBF4D9E-87F2-4624-98B9-A3F9FBC369B9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {ECCA614C-87DE-40E3-88BA-DD2934C9A974} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2977046599-1652667645-1297689053-1000Core => C:\Users\BUN\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17] (Dropbox, Inc.)
Task: {EF1B2409-F863-40D6-99DC-6FDA1720BE68} - System32\Tasks\{533B3A72-C546-4737-9C57-C2BCB10D0B00} => pcalua.exe -a D:\DirectX81\dxsetup.exe -d D:\DirectX81
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2977046599-1652667645-1297689053-1000Core.job => C:\Users\BUN\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2977046599-1652667645-1297689053-1000UA.job => C:\Users\BUN\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2014-10-09 15:36 - 2009-11-30 18:54 - 00089088 _____ () C:\Windows\SYSTEM32\CmdRtr64.DLL
2014-10-09 15:36 - 2009-12-08 15:52 - 00230912 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2011-10-07 10:39 - 2011-10-07 10:39 - 01304856 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2015-02-17 14:39 - 2014-08-19 20:12 - 01356568 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2014-04-17 21:29 - 2014-04-17 21:29 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2015-07-27 19:23 - 2015-07-27 19:23 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-07-27 19:23 - 2015-07-27 19:23 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-12-11 13:50 - 2015-12-11 13:50 - 02803200 _____ () C:\Program Files\AVAST Software\Avast\defs\15121100\algo.dll
2015-04-23 12:34 - 2015-04-23 12:34 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2977046599-1652667645-1297689053-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\BUN\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1 - 192.168.0.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Users^BUN^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenVPN GUI.lnk => C:\Windows\pss\OpenVPN GUI.lnk.Startup
MSCONFIG\startupreg: ACSW17DE => "C:\Program Files (x86)\ACD Systems\ACDSee\17.0\acdIDInTouch2.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5.5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: AppEx Accelerator UI => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe -h
MSCONFIG\startupreg: HydraVisionDesktopManager => "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: Start WingMan Profiler => C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
MSCONFIG\startupreg: Viscosity => C:\Program Files\Viscosity\Viscosity.exe
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{4327D6D5-A0F2-410D-8092-0B32E2349286}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{6E43EBFD-2560-4FEF-A575-C172FEFD0FAC}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{C2E665DF-38FD-41E4-BD98-CEB3F55A99B6}] => (Block) %ProgramFiles% (x86)\Common Files\Adobe\OOBE\PDApp\core\PDapp.exe
FirewallRules: [{619C0ABF-F05E-44B7-AAE2-6B2BFB039F4A}] => (Block) %ProgramFiles% (x86)\Common Files\Adobe\OOBE\PDApp\core\PDapp.exe
FirewallRules: [TCP Query User{52E2E571-C4CC-4A58-9349-BAE17064D706}J:\desktop\games\siedler2multiplayer\s25rttr_20140724\s25client.exe] => (Allow) J:\desktop\games\siedler2multiplayer\s25rttr_20140724\s25client.exe
FirewallRules: [UDP Query User{38E98AB5-A5BD-468E-A07D-48B6A2771D35}J:\desktop\games\siedler2multiplayer\s25rttr_20140724\s25client.exe] => (Allow) J:\desktop\games\siedler2multiplayer\s25rttr_20140724\s25client.exe
FirewallRules: [{22E67D42-71EE-4BDE-9261-281F551E1BD5}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{3E1DBFE8-6B1B-4A79-B719-F1430E5172D4}C:\games\outland eng\outland.exe] => (Block) C:\games\outland eng\outland.exe
FirewallRules: [UDP Query User{3F06E140-9AD6-4DB2-BBD3-4B0188A7972B}C:\games\outland eng\outland.exe] => (Block) C:\games\outland eng\outland.exe
FirewallRules: [TCP Query User{18D630E8-A374-47FD-83F3-383588B5CBB3}J:\games\garrys.mod.13.v163\garry's mod\hl2.exe] => (Block) J:\games\garrys.mod.13.v163\garry's mod\hl2.exe
FirewallRules: [UDP Query User{65202322-CCB5-43B3-B4D0-2A6D1767CC3E}J:\games\garrys.mod.13.v163\garry's mod\hl2.exe] => (Block) J:\games\garrys.mod.13.v163\garry's mod\hl2.exe
FirewallRules: [TCP Query User{537719F0-A846-4346-9A67-C19B7B9FD9F7}J:\games\heroesofae\data\engine.exe] => (Allow) J:\games\heroesofae\data\engine.exe
FirewallRules: [UDP Query User{75AC2AFB-A714-4403-ACBB-447B4CC671CE}J:\games\heroesofae\data\engine.exe] => (Allow) J:\games\heroesofae\data\engine.exe
FirewallRules: [{BA15CB80-96D2-41AB-A811-55B932BF5F48}] => (Allow) C:\Windows\SysWOW64\dplaysvr.exe
FirewallRules: [{4F983578-EF26-4942-8D89-490BF9AEF57F}] => (Allow) C:\Windows\SysWOW64\dplaysvr.exe
FirewallRules: [{9FEC3CA9-AD7F-41EC-9D0F-4C56FFF6ED6D}] => (Allow) J:\games\AOE2\age2_x1\age2_x2.exe
FirewallRules: [{9EBCD385-8CC3-4362-B87B-DAF725E28EBF}] => (Allow) J:\games\AOE2\age2_x1\age2_x2.exe
FirewallRules: [TCP Query User{27784A5F-3E3B-43C0-BE2C-6E05190658FB}J:\games\stronghold crusaders x\stronghold crusader.exe] => (Allow) J:\games\stronghold crusaders x\stronghold crusader.exe
FirewallRules: [UDP Query User{74FADE77-0C55-4603-A78A-5DCC7E6F0732}J:\games\stronghold crusaders x\stronghold crusader.exe] => (Allow) J:\games\stronghold crusaders x\stronghold crusader.exe
FirewallRules: [TCP Query User{DBE7E813-D991-4F5B-A41A-383C60F013F5}J:\games\aoe2\age2_x1\age2_x2.exe] => (Allow) J:\games\aoe2\age2_x1\age2_x2.exe
FirewallRules: [UDP Query User{1F39176F-3A26-409D-A0C5-459FBAB31039}J:\games\aoe2\age2_x1\age2_x2.exe] => (Allow) J:\games\aoe2\age2_x1\age2_x2.exe
FirewallRules: [TCP Query User{39313C56-680C-4C38-B249-0CDF7B5543DE}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{A3436D77-AB29-439D-8A3F-5DB744675782}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{AB501570-EFCB-44EB-B8D2-51A84C29D8DF}J:\games\anno 1503\1503startup.exe] => (Allow) J:\games\anno 1503\1503startup.exe
FirewallRules: [UDP Query User{B665B328-90E8-4F22-8974-468701054A43}J:\games\anno 1503\1503startup.exe] => (Allow) J:\games\anno 1503\1503startup.exe
FirewallRules: [{0C748F88-96D3-4631-A252-5DFAC2CF4265}] => (Block) J:\games\anno 1503\1503startup.exe
FirewallRules: [{3986A006-7B64-4EB9-82D0-2B7CBA1778EE}] => (Block) J:\games\anno 1503\1503startup.exe
FirewallRules: [{6597CB7D-5614-43F9-B8CC-1E989F84F28D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1F55D85C-969E-4A71-9571-2525BE4D0F6E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{39B04C3D-B012-4BA9-B249-BF9C052F07FF}J:\games\stronghold hd\stronghold.exe] => (Allow) J:\games\stronghold hd\stronghold.exe
FirewallRules: [UDP Query User{99DC6BEF-EBC2-4F02-948D-891EA13CB20F}J:\games\stronghold hd\stronghold.exe] => (Allow) J:\games\stronghold hd\stronghold.exe
FirewallRules: [TCP Query User{89D9A7B2-1B2A-4B1B-B25C-124924554789}J:\games\soldat\soldat.exe] => (Allow) J:\games\soldat\soldat.exe
FirewallRules: [UDP Query User{C6DEFDBE-C5FE-4C96-8B2A-803F791791BB}J:\games\soldat\soldat.exe] => (Allow) J:\games\soldat\soldat.exe
FirewallRules: [TCP Query User{3B31FE70-4F11-4EC0-ADBF-6723B7F7CCDA}J:\desktop\games\siedler ii\s25rttr_0.8.1\s25client.exe] => (Block) J:\desktop\games\siedler ii\s25rttr_0.8.1\s25client.exe
FirewallRules: [UDP Query User{B1489B47-8F54-4E87-8D94-11300E95C709}J:\desktop\games\siedler ii\s25rttr_0.8.1\s25client.exe] => (Block) J:\desktop\games\siedler ii\s25rttr_0.8.1\s25client.exe
FirewallRules: [{9FDA6E54-35FC-4E44-B4E9-B7357557D800}] => (Allow) C:\Users\BUN\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{E030201E-52A2-4155-BB93-120C274AE149}] => (Allow) C:\Users\BUN\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{7DF2FD8E-2CD7-44EA-A926-A1DD6B667C94}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{1004B879-BDBA-429F-94EC-36776180B139}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{A32517CE-437D-4C91-A1D2-9B26F8B6897B}] => (Allow) J:\Programme\µtorrent\uTorrent.exe
FirewallRules: [{546D825C-C0DA-4240-96B3-841F31867E16}] => (Allow) J:\Programme\µtorrent\uTorrent.exe
FirewallRules: [TCP Query User{AF8067F2-79B7-4FE7-9D9E-234D2643086F}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [UDP Query User{9370C4F1-2BAE-486D-B6B5-0BD74FAD06E4}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [TCP Query User{13A66C83-22C9-4655-8BBD-C0E55544D488}C:\users\bun\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\bun\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{37F18C06-305C-431C-88A3-0FC3EC339B9D}C:\users\bun\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\bun\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{2C43D41B-DE77-488C-BBFF-F3BC0D77E8DF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4D137316-6008-4188-B6A4-8A19EEFD02F4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{C31164FF-670C-4421-88F6-A1FD2122674A}C:\program files (x86)\stream what you hear\swyh.exe] => (Allow) C:\program files (x86)\stream what you hear\swyh.exe
FirewallRules: [UDP Query User{43EE5955-2A2F-4D90-B876-039C4A95C95A}C:\program files (x86)\stream what you hear\swyh.exe] => (Allow) C:\program files (x86)\stream what you hear\swyh.exe
FirewallRules: [TCP Query User{761F2BF1-A38E-4F2E-AEB8-1FEBE45155D5}C:\windows\syswow64\dpnsvr.exe] => (Allow) C:\windows\syswow64\dpnsvr.exe
FirewallRules: [UDP Query User{5434C314-0EAA-4BD3-B9C0-C5A8D45A464B}C:\windows\syswow64\dpnsvr.exe] => (Allow) C:\windows\syswow64\dpnsvr.exe
FirewallRules: [TCP Query User{EBF03F23-7F9D-417C-9CEB-CB529D40D876}J:\games\counter strike 1.6\counter strike 1.6\hl.exe] => (Allow) J:\games\counter strike 1.6\counter strike 1.6\hl.exe
FirewallRules: [UDP Query User{905A5DA8-0E46-4A52-A5E4-F2D46928A3D8}J:\games\counter strike 1.6\counter strike 1.6\hl.exe] => (Allow) J:\games\counter strike 1.6\counter strike 1.6\hl.exe
FirewallRules: [TCP Query User{2B0E7919-0DAA-43A9-A20F-77BC1A0A7BBD}J:\games\downhill pakoon! 2.many unlimited 2009\pakoon2.exe] => (Allow) J:\games\downhill pakoon! 2.many unlimited 2009\pakoon2.exe
FirewallRules: [UDP Query User{B953840D-07ED-44F8-85CD-DF6636A0EB81}J:\games\downhill pakoon! 2.many unlimited 2009\pakoon2.exe] => (Allow) J:\games\downhill pakoon! 2.many unlimited 2009\pakoon2.exe
FirewallRules: [TCP Query User{7BD3957B-7ADF-4616-8403-2D19A8F1C3C9}J:\games\unreal tournament\unrealtournament\system\unrealtournament.exe] => (Allow) J:\games\unreal tournament\unrealtournament\system\unrealtournament.exe
FirewallRules: [UDP Query User{91E617AF-F8CD-437D-8A55-4F0FE007FBC4}J:\games\unreal tournament\unrealtournament\system\unrealtournament.exe] => (Allow) J:\games\unreal tournament\unrealtournament\system\unrealtournament.exe
FirewallRules: [TCP Query User{14350D9D-6781-41CB-9D25-EA45044F0350}J:\games\cossacks anthology\cossacks - european wars\dmcr.exe] => (Allow) J:\games\cossacks anthology\cossacks - european wars\dmcr.exe
FirewallRules: [UDP Query User{02EFACF4-1698-48AD-8BFE-051CEAA7DB5A}J:\games\cossacks anthology\cossacks - european wars\dmcr.exe] => (Allow) J:\games\cossacks anthology\cossacks - european wars\dmcr.exe
FirewallRules: [TCP Query User{BF062D11-48F7-49CA-8F0A-DD34762A7BB0}J:\games\cossacks anthology\cossacks - art of war\dmcr.exe] => (Allow) J:\games\cossacks anthology\cossacks - art of war\dmcr.exe
FirewallRules: [UDP Query User{30FD45FB-77E7-42F9-9DC3-AC05D87F4176}J:\games\cossacks anthology\cossacks - art of war\dmcr.exe] => (Allow) J:\games\cossacks anthology\cossacks - art of war\dmcr.exe
==================== Faulty Device Manager Devices =============
Name: TAP-Windows Adapter V9
Description: TAP-Windows Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: tap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Viscosity Virtual Adapter V9.1
Description: Viscosity Virtual Adapter V9.1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: SparkLabs VPN
Service: visctap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (12/11/2015 08:34:13 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: Fehler beim Lizenzaktivierungsplaner (sppuinotify.dll). Fehlercode:
0x80070005
Error: (12/11/2015 07:32:19 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: Fehler beim Lizenzaktivierungsplaner (sppuinotify.dll). Fehlercode:
0x80070005
Error: (12/11/2015 06:32:19 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: Fehler beim Lizenzaktivierungsplaner (sppuinotify.dll). Fehlercode:
0x80070005
Error: (12/11/2015 05:18:31 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.
Error: (12/11/2015 03:34:00 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: Fehler beim Lizenzaktivierungsplaner (sppuinotify.dll). Fehlercode:
0x80070005
Error: (12/11/2015 02:46:03 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.
Error: (12/11/2015 02:36:59 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: Fehler beim Lizenzaktivierungsplaner (sppuinotify.dll). Fehlercode:
0x80070005
Error: (12/11/2015 01:49:04 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.
Error: (12/11/2015 01:19:15 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: Fehler beim Lizenzaktivierungsplaner (sppuinotify.dll). Fehlercode:
0x80070005
Error: (12/11/2015 12:19:15 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: Fehler beim Lizenzaktivierungsplaner (sppuinotify.dll). Fehlercode:
0x80070005
System errors:
=============
Error: (12/11/2015 06:32:19 PM) (Source: DCOM) (EventID: 10001) (User: )
Description: C:\Windows\System32\slui.exe -Embedding5{F87B28F1-DA9A-4F35-8EC0-800EFCF26B83}
Error: (12/11/2015 05:18:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "VBoxAsw Support Driver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error: (12/11/2015 05:18:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SVKP" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (12/11/2015 05:18:31 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen werden. Zusätzliche Daten: Fehlerwert: 2147549183.
Error: (12/11/2015 03:34:00 PM) (Source: DCOM) (EventID: 10001) (User: )
Description: C:\Windows\System32\slui.exe -Embedding5{F87B28F1-DA9A-4F35-8EC0-800EFCF26B83}
Error: (12/11/2015 02:46:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "VBoxAsw Support Driver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error: (12/11/2015 02:46:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SVKP" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (12/11/2015 02:46:04 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen werden. Zusätzliche Daten: Fehlerwert: 2147549183.
Error: (12/11/2015 02:36:59 PM) (Source: DCOM) (EventID: 10001) (User: )
Description: C:\Windows\System32\slui.exe -Embedding5{F87B28F1-DA9A-4F35-8EC0-800EFCF26B83}
Error: (12/11/2015 01:49:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "VBoxAsw Support Driver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
==================== Memory info ===========================
Processor: AMD Athlon(tm) 5350 APU with Radeon(tm) R3
Percentage of memory in use: 61%
Total physical RAM: 3522.6 MB
Available physical RAM: 1358.05 MB
Total Virtual: 9664.8 MB
Available Virtual: 7176.17 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:58.59 GB) (Free:10.87 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 4F5F4095)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=06)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 58.7 GB) (Disk ID: 55D5A24D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=58.6 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
--- --- --- |
|
11.12.2015, 21:26
| #4 |
| | infizierte .doc Datei geöffnet - Banking Trojaner? Hier der TDSS Bericht, hat nichtmehr in die eine Nachricht gepasst: Code:
ATTFilter 21:17:12.0318 0x119c TDSS rootkit removing tool 3.1.0.8 Dec 5 2015 01:19:03
21:17:19.0024 0x119c ============================================================
21:17:19.0024 0x119c Current date / time: 2015/12/11 21:17:19.0024
21:17:19.0024 0x119c SystemInfo:
21:17:19.0024 0x119c
21:17:19.0024 0x119c OS Version: 6.1.7601 ServicePack: 1.0
21:17:19.0024 0x119c Product type: Workstation
21:17:19.0025 0x119c ComputerName: BUN
21:17:19.0025 0x119c UserName: BUN
21:17:19.0025 0x119c Windows directory: C:\Windows
21:17:19.0025 0x119c System windows directory: C:\Windows
21:17:19.0025 0x119c Running under WOW64
21:17:19.0025 0x119c Processor architecture: Intel x64
21:17:19.0025 0x119c Number of processors: 4
21:17:19.0025 0x119c Page size: 0x1000
21:17:19.0025 0x119c Boot type: Normal boot
21:17:19.0025 0x119c ============================================================
21:17:19.0401 0x119c KLMD registered as C:\Windows\system32\drivers\01810098.sys
21:17:19.0621 0x119c System UUID: {033AF5C6-282C-1AC8-064D-45F6C425BAB7}
21:17:20.0721 0x119c Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:17:20.0722 0x119c Drive \Device\Harddisk1\DR1 - Size: 0xEAC77A000 ( 58.69 Gb ), SectorSize: 0x200, Cylinders: 0x1DEE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:17:20.0741 0x119c ============================================================
21:17:20.0741 0x119c \Device\Harddisk0\DR0:
21:17:20.0741 0x119c MBR partitions:
21:17:20.0741 0x119c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x6, StartLBA 0x800, BlocksNum 0x74705800
21:17:20.0741 0x119c \Device\Harddisk1\DR1:
21:17:20.0742 0x119c MBR partitions:
21:17:20.0742 0x119c \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:17:20.0742 0x119c \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x7530800
21:17:20.0742 0x119c ============================================================
21:17:20.0744 0x119c C: <-> \Device\Harddisk1\DR1\Partition2
21:17:20.0745 0x119c ============================================================
21:17:20.0745 0x119c Initialize success
21:17:20.0745 0x119c ============================================================
21:18:15.0776 0x08d4 ============================================================
21:18:15.0776 0x08d4 Scan started
21:18:15.0776 0x08d4 Mode: Manual; SigCheck; TDLFS;
21:18:15.0776 0x08d4 ============================================================
21:18:15.0776 0x08d4 KSN ping started
21:18:29.0422 0x08d4 KSN ping finished: true
21:18:29.0752 0x08d4 ================ Scan system memory ========================
21:18:29.0752 0x08d4 System memory - ok
21:18:29.0755 0x08d4 ================ Scan services =============================
21:18:29.0855 0x08d4 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:18:29.0983 0x08d4 1394ohci - ok
21:18:30.0012 0x08d4 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:18:30.0046 0x08d4 ACPI - ok
21:18:30.0055 0x08d4 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:18:30.0087 0x08d4 AcpiPmi - ok
21:18:30.0100 0x08d4 [ 5DB2C6B908C50767E2EDAA294A7566B5, 13AE4879D679BB0C6B2A5A5B13910359815A9D2E569BC1DE740B5A387A78CF33 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:18:30.0124 0x08d4 AdobeARMservice - ok
21:18:30.0181 0x08d4 [ F54564025D2284AE498E51D7C139F971, AAA48F38B81DB894854E8C84DB2E1F5C8447AA982D27C0BB78FF2786D9F80F83 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:18:30.0210 0x08d4 AdobeFlashPlayerUpdateSvc - ok
21:18:30.0234 0x08d4 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:18:30.0273 0x08d4 adp94xx - ok
21:18:30.0292 0x08d4 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:18:30.0325 0x08d4 adpahci - ok
21:18:30.0340 0x08d4 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:18:30.0366 0x08d4 adpu320 - ok
21:18:30.0381 0x08d4 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:18:30.0445 0x08d4 AeLookupSvc - ok
21:18:30.0469 0x08d4 [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD C:\Windows\system32\drivers\afd.sys
21:18:30.0514 0x08d4 AFD - ok
21:18:30.0528 0x08d4 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
21:18:30.0551 0x08d4 agp440 - ok
21:18:30.0563 0x08d4 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
21:18:30.0596 0x08d4 ALG - ok
21:18:30.0605 0x08d4 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
21:18:30.0629 0x08d4 aliide - ok
21:18:30.0645 0x08d4 [ E7BDC2E7D885A65031C6B93D5A80B019, B37B05CA81A200A0C303946A21901ED382468761AB8BB8F7F310700A060E813F ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
21:18:30.0691 0x08d4 AMD External Events Utility - ok
21:18:30.0701 0x08d4 AMD FUEL Service - ok
21:18:30.0716 0x08d4 [ 05120427227F6F088ECA75942ED7ACA9, BD25436EB43C6718F5E6A4C3C24831189D3A893DC87AA0ADED993B7C3126F2E9 ] amdhub30 C:\Windows\system32\DRIVERS\amdhub30.sys
21:18:30.0740 0x08d4 amdhub30 - ok
21:18:30.0751 0x08d4 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
21:18:30.0774 0x08d4 amdide - ok
21:18:30.0787 0x08d4 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:18:30.0814 0x08d4 AmdK8 - ok
21:18:31.0281 0x08d4 [ 342156AF1FED5ED3A5D3FBB3D87F48E8, 119C85492EDCA82731E23A261DE39A72783713B01B89D8FA2F47400EB03C7C57 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
21:18:31.0864 0x08d4 amdkmdag - ok
21:18:31.0930 0x08d4 [ 9DCA2AFEABF1D109FB2C229491C9F293, F020F4FDD29897C656287A2D01D51B4AE45AA604E4291BCE05FB7D994242EC04 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
21:18:31.0982 0x08d4 amdkmdap - ok
21:18:31.0993 0x08d4 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:18:32.0023 0x08d4 AmdPPM - ok
21:18:32.0035 0x08d4 [ 6EC6D772EAE38DC17C14AED9B178D24B, B4FB936B31B1265B8CC6B426C64965C34D0CCF1638E645ACD65E88F4AFFC57A6 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:18:32.0060 0x08d4 amdsata - ok
21:18:32.0075 0x08d4 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
21:18:32.0102 0x08d4 amdsbs - ok
21:18:32.0112 0x08d4 [ 1142A21DB581A84EA5597B03A26EBAA0, F94EB140D0CD068760D7EB081FF75154C75DAC75E5E24B6DE4E4F9CE65A70343 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:18:32.0133 0x08d4 amdxata - ok
21:18:32.0148 0x08d4 [ 7DCA2C59491D420947A0B529DB37C7CF, 4673DD141F02801A61FF057BE9DA7FD214C1F9ED31BCB035A8C4E44C579799E4 ] amdxhc C:\Windows\system32\DRIVERS\amdxhc.sys
21:18:32.0174 0x08d4 amdxhc - ok
21:18:32.0185 0x08d4 [ 033D09CD953C40B4AFBA9DCB1D1DFB8E, 629BE54E64C8B3FFE9F52820F6BF2802D50F719F63A621C998865FFD61C9F84E ] amd_sata C:\Windows\system32\DRIVERS\amd_sata.sys
21:18:32.0212 0x08d4 amd_sata - ok
21:18:32.0221 0x08d4 [ F32F762E54137925E185E5FDA5F73826, A9CC747C0886628F8A5145FBE09FFCA6B5E4EFC0F4457E4824E004A329DFC765 ] amd_xata C:\Windows\system32\DRIVERS\amd_xata.sys
21:18:32.0241 0x08d4 amd_xata - ok
21:18:32.0251 0x08d4 [ 27DABFB4A6B0140C34DBEC713469592B, A355170D353AFBF0DE4EF53282F8404788FBBD0E2A1B7282B1B2925923E83141 ] AppID C:\Windows\system32\drivers\appid.sys
21:18:32.0275 0x08d4 AppID - ok
21:18:32.0284 0x08d4 [ ABC373B9C6275D45F17DB559408FFD1B, 12B355393BEBE2D1D24D7A9DA5E69E03E334899407503BC1CADCF7BE39828223 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:18:32.0310 0x08d4 AppIDSvc - ok
21:18:32.0320 0x08d4 [ 978DC0A1FBE9CC91B21B40AF66CB396A, 90BAFF81D98F5AFD743D8BD65F716666A7A7BD2DA612492E03C79B29E9A0F8C2 ] Appinfo C:\Windows\System32\appinfo.dll
21:18:32.0348 0x08d4 Appinfo - ok
21:18:32.0362 0x08d4 [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
21:18:32.0394 0x08d4 AppMgmt - ok
21:18:32.0410 0x08d4 [ A3C7FC7D3FD8B9FA5FD4B8AF903363D3, 2CCB9380839C4E4AD305F61F13CD5A6B2699C85C8338446AE1F88A0B9048FA04 ] APXACC C:\Windows\system32\DRIVERS\appexDrv.sys
21:18:32.0437 0x08d4 APXACC - ok
21:18:32.0448 0x08d4 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
21:18:32.0471 0x08d4 arc - ok
21:18:32.0482 0x08d4 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
21:18:32.0506 0x08d4 arcsas - ok
21:18:32.0515 0x08d4 [ 72B060669EB8A3D1EF1D1B6BE6BE4C28, 7BE40C9B971A671DE1D9D90F0ADB0E32877E068818B64B93530C6279D1AFDDE8 ] asahci64 C:\Windows\system32\DRIVERS\asahci64.sys
21:18:32.0543 0x08d4 asahci64 - ok
21:18:32.0557 0x08d4 [ 10920CCB66203D7EF48F024B1B35AE6F, 3C97FE6C91076C059E54234F54021F5D74FB42638BE14E2C1E4CF2EFC342C274 ] asmthub3 C:\Windows\system32\DRIVERS\asmthub3.sys
21:18:32.0582 0x08d4 asmthub3 - ok
21:18:32.0604 0x08d4 [ C479BFAF73CF726E01AA0A487B268A5E, D49F7779CD25E098EC9DAF1886C3B3DB8EB22CEC0FEA6FDF4522A2B2D282AE37 ] asmtxhci C:\Windows\system32\DRIVERS\asmtxhci.sys
21:18:32.0638 0x08d4 asmtxhci - ok
21:18:32.0668 0x08d4 [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:18:32.0695 0x08d4 aspnet_state - ok
21:18:32.0704 0x08d4 [ 30F92A4B666E1E53C418B2D3024FDF6E, 164639CD210201FFEE76E7F63A9484419BF396EA416AAACDECFC501349A790AB ] AsrVDrive C:\Windows\system32\DRIVERS\AsrVDrive.sys
21:18:32.0723 0x08d4 AsrVDrive - ok
21:18:32.0731 0x08d4 [ 25863B5A3AC02DD35063D77C1F1415FF, F3F61F83CCF78F2FB3CD3DC66C28C1BE4D6D6F3C7440B6E5F7EEAC3739DB80DD ] aswHwid C:\Windows\system32\drivers\aswHwid.sys
21:18:32.0754 0x08d4 aswHwid - ok
21:18:32.0764 0x08d4 [ 2894AC8C6159201940C8CD5B33CC5203, 4717301395100BD71B49451109AA29A58F702AF1E24C816CE5CC4320B6F3CA67 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
21:18:32.0788 0x08d4 aswMonFlt - ok
21:18:32.0799 0x08d4 [ C384DC3DDF65F3E011DFBDFDB500F89A, 0B15E09AE0DA51000B2AAF5DE6C5BBD7EBE4EB1DACB680A159AD9369CDA6D7D1 ] aswRdr C:\Windows\system32\drivers\aswRdr2.sys
21:18:32.0823 0x08d4 aswRdr - ok
21:18:32.0837 0x08d4 [ 7F5ADFD9CA8EF06D020273B81BFFD731, 04A47F26DA3E507D9C984D7C737EC29B04AA88F68222FB4538BEA80D4D07D7FB ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
21:18:32.0860 0x08d4 aswRvrt - ok
21:18:32.0906 0x08d4 [ D8AED327929029227447ADA450AA3AE8, B4164430915B3FF58C479CDAC28A87436F8C203D492266C2D96C2872ECD6EE94 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
21:18:32.0965 0x08d4 aswSnx - ok
21:18:32.0989 0x08d4 [ D96A7EE9F5E25A7941F2A2A2BED46339, 7619A7052C33CA47A847ABAE22CD2C6E9EB102B64D212597B926D21C8A038264 ] aswSP C:\Windows\system32\drivers\aswSP.sys
21:18:33.0025 0x08d4 aswSP - ok
21:18:33.0039 0x08d4 [ 82F2525A22A380AA977428490AA849E3, 457F3D58B23BB61ED1BFA84B4CB2E12EE54C4BA7F9286F952E6632477EE9B548 ] aswStm C:\Windows\system32\drivers\aswStm.sys
21:18:33.0063 0x08d4 aswStm - ok
21:18:33.0081 0x08d4 [ 2F3F0B08EBF741FE22745BECC794CE34, 969C12129C9C9981BF20656057C05290E050B410E4ECF8405C020F9A23728099 ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
21:18:33.0112 0x08d4 aswVmm - ok
21:18:33.0121 0x08d4 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:18:33.0179 0x08d4 AsyncMac - ok
21:18:33.0190 0x08d4 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
21:18:33.0210 0x08d4 atapi - ok
21:18:33.0225 0x08d4 [ C22D4905DDDF73EB0349D3B0604234A2, F86220290663FA95F3D8181D41F9D105634A62D50856BCEB174B9675F8DD7669 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
21:18:33.0251 0x08d4 AtiHDAudioService - ok
21:18:33.0281 0x08d4 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:18:33.0332 0x08d4 AudioEndpointBuilder - ok
21:18:33.0362 0x08d4 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:18:33.0413 0x08d4 AudioSrv - ok
21:18:33.0430 0x08d4 [ A97E144E84A665B22AE6E6A93E4DD465, 888D702B9B9E6C446AD7499571DAEAB072BEF141FF3300E74C6E538FA312BDCD ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
21:18:33.0455 0x08d4 avast! Antivirus - ok
21:18:33.0461 0x08d4 AvastVBoxSvc - ok
21:18:33.0476 0x08d4 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:18:33.0513 0x08d4 AxInstSV - ok
21:18:33.0538 0x08d4 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
21:18:33.0578 0x08d4 b06bdrv - ok
21:18:33.0598 0x08d4 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:18:33.0630 0x08d4 b57nd60a - ok
21:18:33.0646 0x08d4 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
21:18:33.0675 0x08d4 BDESVC - ok
21:18:33.0684 0x08d4 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
21:18:33.0743 0x08d4 Beep - ok
21:18:33.0774 0x08d4 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
21:18:33.0824 0x08d4 BFE - ok
21:18:33.0864 0x08d4 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
21:18:33.0959 0x08d4 BITS - ok
21:18:33.0970 0x08d4 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:18:33.0995 0x08d4 blbdrive - ok
21:18:34.0007 0x08d4 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:18:34.0032 0x08d4 bowser - ok
21:18:34.0040 0x08d4 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:18:34.0070 0x08d4 BrFiltLo - ok
21:18:34.0078 0x08d4 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:18:34.0108 0x08d4 BrFiltUp - ok
21:18:34.0120 0x08d4 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
21:18:34.0150 0x08d4 Browser - ok
21:18:34.0168 0x08d4 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:18:34.0203 0x08d4 Brserid - ok
21:18:34.0213 0x08d4 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:18:34.0245 0x08d4 BrSerWdm - ok
21:18:34.0252 0x08d4 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:18:34.0280 0x08d4 BrUsbMdm - ok
21:18:34.0288 0x08d4 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:18:34.0313 0x08d4 BrUsbSer - ok
21:18:34.0323 0x08d4 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:18:34.0355 0x08d4 BTHMODEM - ok
21:18:34.0368 0x08d4 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
21:18:34.0428 0x08d4 bthserv - ok
21:18:34.0439 0x08d4 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:18:34.0499 0x08d4 cdfs - ok
21:18:34.0511 0x08d4 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:18:34.0541 0x08d4 cdrom - ok
21:18:34.0552 0x08d4 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
21:18:34.0611 0x08d4 CertPropSvc - ok
21:18:34.0620 0x08d4 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:18:34.0650 0x08d4 circlass - ok
21:18:34.0669 0x08d4 [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS C:\Windows\system32\CLFS.sys
21:18:34.0705 0x08d4 CLFS - ok
21:18:34.0718 0x08d4 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:18:34.0744 0x08d4 clr_optimization_v2.0.50727_32 - ok
21:18:34.0757 0x08d4 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:18:34.0780 0x08d4 clr_optimization_v2.0.50727_64 - ok
21:18:34.0803 0x08d4 [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:18:34.0832 0x08d4 clr_optimization_v4.0.30319_32 - ok
21:18:34.0843 0x08d4 [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:18:34.0872 0x08d4 clr_optimization_v4.0.30319_64 - ok
21:18:34.0880 0x08d4 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:18:34.0905 0x08d4 CmBatt - ok
21:18:34.0913 0x08d4 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:18:34.0936 0x08d4 cmdide - ok
21:18:34.0959 0x08d4 [ EC0511BB85BAA42A9734011685A6732C, 10B52F0860CCB3AA0FC34DDA5C5538BFCF7B6D40738B7756297237FD2D9E01C1 ] CNG C:\Windows\system32\Drivers\cng.sys
21:18:35.0010 0x08d4 CNG - ok
21:18:35.0020 0x08d4 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:18:35.0040 0x08d4 Compbatt - ok
21:18:35.0049 0x08d4 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
21:18:35.0078 0x08d4 CompositeBus - ok
21:18:35.0087 0x08d4 COMSysApp - ok
21:18:35.0098 0x08d4 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
21:18:35.0119 0x08d4 crcdisk - ok
21:18:35.0130 0x08d4 [ C8BD651E13895B93ED9EC5B4F1DF42BC, D86D6BF0BA3C09B49B3A52C86A7F3B3856A27F79EDD86A8FFA469D9A5F196E8D ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
21:18:35.0142 0x08d4 Creative ALchemy AL6 Licensing Service - detected UnsignedFile.Multi.Generic ( 1 )
21:18:37.0971 0x08d4 Detect skipped due to KSN trusted
21:18:37.0971 0x08d4 Creative ALchemy AL6 Licensing Service - ok
21:18:37.0990 0x08d4 [ C0EAD9F8AB83D41FF07303C75589C2B8, C89CAC39BCD2FA2DCC56D7EE84FF66127BCECCAE400E119FE41BF4C4D769504B ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
21:18:38.0014 0x08d4 Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic ( 1 )
21:18:40.0674 0x08d4 Detect skipped due to KSN trusted
21:18:40.0676 0x08d4 Creative Audio Engine Licensing Service - ok
21:18:40.0704 0x08d4 [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:18:40.0740 0x08d4 CryptSvc - ok
21:18:40.0765 0x08d4 [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys
21:18:40.0807 0x08d4 CSC - ok
21:18:40.0839 0x08d4 [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll
21:18:40.0888 0x08d4 CscService - ok
21:18:40.0906 0x08d4 [ 07BA6D17E66879018B30B6C3F976EBED, 1759CE25519358A47E1B1FA02A415DB5D3F6B511AD3820D0AE8A1533B5DC83CD ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
21:18:40.0927 0x08d4 CTAudSvcService - detected UnsignedFile.Multi.Generic ( 1 )
21:18:43.0840 0x08d4 Detect skipped due to KSN trusted
21:18:43.0840 0x08d4 CTAudSvcService - ok
21:18:43.0886 0x08d4 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:18:43.0977 0x08d4 DcomLaunch - ok
21:18:43.0995 0x08d4 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
21:18:44.0065 0x08d4 defragsvc - ok
21:18:44.0078 0x08d4 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:18:44.0136 0x08d4 DfsC - ok
21:18:44.0143 0x08d4 dgderdrv - ok
21:18:44.0157 0x08d4 [ 30710AEFCE721CEEE0F35EB6A01C263C, FB062EC86474D38BBC38E11E2618A9505001C287430B495C482977BBE58017C8 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
21:18:44.0180 0x08d4 dg_ssudbus - ok
21:18:44.0198 0x08d4 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
21:18:44.0266 0x08d4 Dhcp - ok
21:18:44.0276 0x08d4 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
21:18:44.0334 0x08d4 discache - ok
21:18:44.0344 0x08d4 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys
21:18:44.0366 0x08d4 Disk - ok
21:18:44.0380 0x08d4 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:18:44.0413 0x08d4 Dnscache - ok
21:18:44.0429 0x08d4 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
21:18:44.0495 0x08d4 dot3svc - ok
21:18:44.0508 0x08d4 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
21:18:44.0573 0x08d4 DPS - ok
21:18:44.0581 0x08d4 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:18:44.0604 0x08d4 drmkaud - ok
21:18:44.0620 0x08d4 [ 33F90B202E9DD9B7D489EB59310FDC34, 6ECF6669433E090E9CF6B1875AF18D2C06F8CDB3901D58BF89C3E2202574ABBD ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
21:18:44.0649 0x08d4 dtsoftbus01 - ok
21:18:44.0689 0x08d4 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:18:44.0744 0x08d4 DXGKrnl - ok
21:18:44.0757 0x08d4 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
21:18:44.0819 0x08d4 EapHost - ok
21:18:44.0929 0x08d4 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
21:18:45.0069 0x08d4 ebdrv - ok
21:18:45.0085 0x08d4 [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] EFS C:\Windows\System32\lsass.exe
21:18:45.0113 0x08d4 EFS - ok
21:18:45.0144 0x08d4 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:18:45.0193 0x08d4 ehRecvr - ok
21:18:45.0205 0x08d4 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
21:18:45.0234 0x08d4 ehSched - ok
21:18:45.0258 0x08d4 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
21:18:45.0298 0x08d4 elxstor - ok
21:18:45.0307 0x08d4 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:18:45.0330 0x08d4 ErrDev - ok
21:18:45.0359 0x08d4 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
21:18:45.0434 0x08d4 EventSystem - ok
21:18:45.0449 0x08d4 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
21:18:45.0511 0x08d4 exfat - ok
21:18:45.0525 0x08d4 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:18:45.0588 0x08d4 fastfat - ok
21:18:45.0618 0x08d4 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
21:18:45.0669 0x08d4 Fax - ok
21:18:45.0679 0x08d4 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:18:45.0703 0x08d4 fdc - ok
21:18:45.0711 0x08d4 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
21:18:45.0773 0x08d4 fdPHost - ok
21:18:45.0781 0x08d4 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
21:18:45.0842 0x08d4 FDResPub - ok
21:18:45.0851 0x08d4 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:18:45.0873 0x08d4 FileInfo - ok
21:18:45.0884 0x08d4 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:18:45.0942 0x08d4 Filetrace - ok
21:18:45.0949 0x08d4 FirebirdServerMAGIXInstance - ok
21:18:45.0961 0x08d4 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:18:45.0987 0x08d4 flpydisk - ok
21:18:46.0005 0x08d4 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:18:46.0035 0x08d4 FltMgr - ok
21:18:46.0081 0x08d4 [ BCB16AE33AA58E0042F3EF34CFB6396A, E8ADA10DE60A94E4BABE9FCA6D0AA83B11520C092D49057E17F6C6059D35A323 ] FontCache C:\Windows\system32\FntCache.dll
21:18:46.0150 0x08d4 FontCache - ok
21:18:46.0164 0x08d4 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:18:46.0186 0x08d4 FontCache3.0.0.0 - ok
21:18:46.0194 0x08d4 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:18:46.0216 0x08d4 FsDepends - ok
21:18:46.0224 0x08d4 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:18:46.0247 0x08d4 Fs_Rec - ok
21:18:46.0263 0x08d4 [ 1F7B25B858FA27015169FE95E54108ED, 72DD12E924AA7273B3E4BDD2A2C581DECE304C8EF3D44EA79ABB032F3F95DCE5 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:18:46.0296 0x08d4 fvevol - ok
21:18:46.0306 0x08d4 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
21:18:46.0328 0x08d4 gagp30kx - ok
21:18:46.0361 0x08d4 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
21:18:46.0448 0x08d4 gpsvc - ok
21:18:46.0461 0x08d4 [ E1B44A75947137F4143308D566889837, EC7E883E7AF38BF3AC0AC513CFDE0186038443E9ACC7AD616EE6BD0EC09AACB9 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:18:46.0483 0x08d4 gupdate - ok
21:18:46.0493 0x08d4 [ E1B44A75947137F4143308D566889837, EC7E883E7AF38BF3AC0AC513CFDE0186038443E9ACC7AD616EE6BD0EC09AACB9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:18:46.0514 0x08d4 gupdatem - ok
21:18:46.0522 0x08d4 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:18:46.0547 0x08d4 hcw85cir - ok
21:18:46.0566 0x08d4 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:18:46.0606 0x08d4 HdAudAddService - ok
21:18:46.0619 0x08d4 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
21:18:46.0652 0x08d4 HDAudBus - ok
21:18:46.0661 0x08d4 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:18:46.0686 0x08d4 HidBatt - ok
21:18:46.0697 0x08d4 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:18:46.0727 0x08d4 HidBth - ok
21:18:46.0737 0x08d4 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:18:46.0765 0x08d4 HidIr - ok
21:18:46.0773 0x08d4 [ D42E350C3F5B9DDCE7BDDB109B413109, F015CCAB3719B1834DF3EE0265D905675C743F116526A2882B6077E540B8A74F ] hidkmdf C:\Windows\system32\DRIVERS\hidkmdf.sys
21:18:46.0792 0x08d4 hidkmdf - ok
21:18:46.0802 0x08d4 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
21:18:46.0864 0x08d4 hidserv - ok
21:18:46.0873 0x08d4 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:18:46.0898 0x08d4 HidUsb - ok
21:18:46.0909 0x08d4 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:18:46.0973 0x08d4 hkmsvc - ok
21:18:46.0989 0x08d4 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:18:47.0023 0x08d4 HomeGroupListener - ok
21:18:47.0037 0x08d4 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:18:47.0071 0x08d4 HomeGroupProvider - ok
21:18:47.0082 0x08d4 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:18:47.0104 0x08d4 HpSAMD - ok
21:18:47.0113 0x08d4 [ F47CEC45FB85791D4AB237563AD0FA8F, 1035066D48BD179855BCA7F62EFA1B951E6E839D2E29E15A31844E18A126DD41 ] HTCAND64 C:\Windows\system32\Drivers\ANDROIDUSB.sys
21:18:47.0148 0x08d4 HTCAND64 - ok
21:18:47.0160 0x08d4 [ 7C7C986776D00E575BFBDE5DCBDC615D, 4CF12851A5A45917C3A9139B19D79434F2038611B617F83A714506CC7A1A6C61 ] HtcVCom32 C:\Windows\system32\DRIVERS\HtcVComV64.sys
21:18:47.0195 0x08d4 HtcVCom32 - ok
21:18:47.0227 0x08d4 [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:18:47.0277 0x08d4 HTTP - ok
21:18:47.0288 0x08d4 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:18:47.0308 0x08d4 hwpolicy - ok
21:18:47.0320 0x08d4 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
21:18:47.0349 0x08d4 i8042prt - ok
21:18:47.0370 0x08d4 [ 3DF4395A7CF8B7A72A5F4606366B8C2D, 483588B8FC6E05488ED631C4E1CFC398553FEBFA2CD2BB527B4DF12D19774F80 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:18:47.0406 0x08d4 iaStorV - ok
21:18:47.0441 0x08d4 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:18:47.0492 0x08d4 idsvc - ok
21:18:47.0503 0x08d4 IEEtwCollectorService - ok
21:18:47.0513 0x08d4 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
21:18:47.0535 0x08d4 iirsp - ok
21:18:47.0570 0x08d4 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
21:18:47.0627 0x08d4 IKEEXT - ok
21:18:47.0641 0x08d4 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
21:18:47.0662 0x08d4 intelide - ok
21:18:47.0671 0x08d4 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:18:47.0697 0x08d4 intelppm - ok
21:18:47.0708 0x08d4 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:18:47.0771 0x08d4 IPBusEnum - ok
21:18:47.0781 0x08d4 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:18:47.0838 0x08d4 IpFilterDriver - ok
21:18:47.0863 0x08d4 [ A34A587FFFD45FA649FBA6D03784D257, C9A2BCD4E2A5EB6E320092A3AFD5737ECDCDA0B83EE42314A23C4978F2974767 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:18:47.0943 0x08d4 iphlpsvc - ok
21:18:47.0955 0x08d4 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:18:47.0981 0x08d4 IPMIDRV - ok
21:18:47.0992 0x08d4 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:18:48.0053 0x08d4 IPNAT - ok
21:18:48.0061 0x08d4 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:18:48.0092 0x08d4 IRENUM - ok
21:18:48.0100 0x08d4 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:18:48.0122 0x08d4 isapnp - ok
21:18:48.0138 0x08d4 [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:18:48.0168 0x08d4 iScsiPrt - ok
21:18:48.0178 0x08d4 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:18:48.0200 0x08d4 kbdclass - ok
21:18:48.0210 0x08d4 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:18:48.0236 0x08d4 kbdhid - ok
21:18:48.0243 0x08d4 [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] KeyIso C:\Windows\system32\lsass.exe
21:18:48.0270 0x08d4 KeyIso - ok
21:18:48.0316 0x08d4 [ 64801398A9EA492548703CC5F0109F87, C87D7C3844801672010F723E16BF4609910A8D47EA14BA255D599BD916A58B24 ] ksaud C:\Windows\system32\drivers\ksaud.sys
21:18:48.0377 0x08d4 ksaud - ok
21:18:48.0392 0x08d4 [ BCC83F22805F560C8A487F2F296A78FE, B6729B9D85CC3B9377E3143FEF920EFAA82D152845A43074417E9266C9F5C1A8 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:18:48.0416 0x08d4 KSecDD - ok
21:18:48.0431 0x08d4 [ 33D52A96BEEE8AFCE9E07EEC9FE0C9DB, 5367B46A43296792A0E6294906D40511079D5CAA23F08D5A7EDE02C06AD34484 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:18:48.0458 0x08d4 KSecPkg - ok
21:18:48.0467 0x08d4 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:18:48.0525 0x08d4 ksthunk - ok
21:18:48.0544 0x08d4 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
21:18:48.0617 0x08d4 KtmRm - ok
21:18:48.0633 0x08d4 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
21:18:48.0701 0x08d4 LanmanServer - ok
21:18:48.0713 0x08d4 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:18:48.0779 0x08d4 LanmanWorkstation - ok
21:18:48.0800 0x08d4 [ 7772DFAB22611050B79504E671B06E6E, 331FE235EDBCF48EE96A5A9D5D0560457CD85FA3FD7BEACD3700055F815D9F13 ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
21:18:48.0832 0x08d4 LBTServ - ok
21:18:48.0849 0x08d4 [ ED7EC050CD6C20E1A93A4DAFB7EFD14D, 9B3B9FA23788680D13E3DC2EEA2F127591A368578AEAB70F03AC379BA7379184 ] LEqdUsb C:\Windows\system32\DRIVERS\LEqdUsb.Sys
21:18:48.0871 0x08d4 LEqdUsb - ok
21:18:48.0880 0x08d4 [ 3267BC698E29474A8381E68904EB0390, A653ED6364D4B7E02FB7087D364E33D029B15A92E0FAAB176877DE5F93B36B65 ] LHidEqd C:\Windows\system32\DRIVERS\LHidEqd.Sys
21:18:48.0900 0x08d4 LHidEqd - ok
21:18:48.0910 0x08d4 [ 241F2648ADF090E2A10095BD6D6F5DCB, D31F50F7A70A62E3CA45071F75C56FFA21464BFAF4CA4A3AD2482D7477D78D4E ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
21:18:48.0932 0x08d4 LHidFilt - ok
21:18:48.0943 0x08d4 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:18:49.0001 0x08d4 lltdio - ok
21:18:49.0019 0x08d4 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:18:49.0090 0x08d4 lltdsvc - ok
21:18:49.0098 0x08d4 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:18:49.0159 0x08d4 lmhosts - ok
21:18:49.0169 0x08d4 [ 342ED5A4B3326014438F36D22D803737, 45488402BD919D84729A19E618B3595D615EB1F73FB9BC77675A21E7DB80AB6C ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
21:18:49.0190 0x08d4 LMouFilt - ok
21:18:49.0205 0x08d4 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
21:18:49.0230 0x08d4 LSI_FC - ok
21:18:49.0243 0x08d4 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
21:18:49.0267 0x08d4 LSI_SAS - ok
21:18:49.0276 0x08d4 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:18:49.0299 0x08d4 LSI_SAS2 - ok
21:18:49.0311 0x08d4 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:18:49.0335 0x08d4 LSI_SCSI - ok
21:18:49.0347 0x08d4 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
21:18:49.0407 0x08d4 luafv - ok
21:18:49.0427 0x08d4 [ 0C85B2B6FB74B36A251792D45E0EF860, 2E04204560C1159ABC25F273B0B7F81FDF9BA5E88C17929FD924C4E945DE5020 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
21:18:49.0459 0x08d4 LVRS64 - ok
21:18:49.0622 0x08d4 [ FF3A488924B0032B1A9CA6948C1FA9E8, 6F05852B75498210926F5CDF49D2A6DD97C39CD93D32E3200D7240AADA3E7BEE ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
21:18:49.0815 0x08d4 LVUVC64 - ok
21:18:49.0839 0x08d4 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:18:49.0870 0x08d4 Mcx2Svc - ok
21:18:49.0879 0x08d4 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
21:18:49.0901 0x08d4 megasas - ok
21:18:49.0919 0x08d4 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
21:18:49.0950 0x08d4 MegaSR - ok
21:18:49.0961 0x08d4 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
21:18:50.0023 0x08d4 MMCSS - ok
21:18:50.0032 0x08d4 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
21:18:50.0090 0x08d4 Modem - ok
21:18:50.0098 0x08d4 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:18:50.0126 0x08d4 monitor - ok
21:18:50.0135 0x08d4 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:18:50.0158 0x08d4 mouclass - ok
21:18:50.0166 0x08d4 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:18:50.0191 0x08d4 mouhid - ok
21:18:50.0202 0x08d4 [ 67050452C0118BAF2883928E6FCCFE47, 335FC0AEB7B47DCC7CE0CF3F424EB60ACB1327D2FF6515F04D9AC03A10FF1E31 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:18:50.0226 0x08d4 mountmgr - ok
21:18:50.0237 0x08d4 [ FB43242146FF12BD2C286A764CD1C41E, 75054BE8A1AE75844F43B4B1DAAF2D6560B8B8C1AB3CA32B55E890A80D58F91C ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:18:50.0261 0x08d4 MozillaMaintenance - ok
21:18:50.0276 0x08d4 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
21:18:50.0302 0x08d4 mpio - ok
21:18:50.0313 0x08d4 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:18:50.0373 0x08d4 mpsdrv - ok
21:18:50.0407 0x08d4 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:18:50.0494 0x08d4 MpsSvc - ok
21:18:50.0509 0x08d4 [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:18:50.0538 0x08d4 MRxDAV - ok
21:18:50.0552 0x08d4 [ 73ADDCC406B86E7DA4416691E8E74BDA, 4EC970B9095E6DAA79BF7EFB92DF3F2C0AB0C46739AA36C171A262E05B63CBB5 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:18:50.0581 0x08d4 mrxsmb - ok
21:18:50.0598 0x08d4 [ 7C81098FBAF2EAF5B54B939F832B0F61, 999435DF4638ECB136D5BF1B84305A84B215BAB542E4D5301E57D28D507E11B3 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:18:50.0633 0x08d4 mrxsmb10 - ok
21:18:50.0648 0x08d4 [ ACB763673BCCE6C7B3B8F858C9FE4F1F, CCD49558F8A01A225AEAE60BF299BCA6E9399E39F4F553FABC36CADB164BBBC0 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:18:50.0676 0x08d4 mrxsmb20 - ok
21:18:50.0685 0x08d4 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
21:18:50.0706 0x08d4 msahci - ok
21:18:50.0718 0x08d4 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:18:50.0744 0x08d4 msdsm - ok
21:18:50.0756 0x08d4 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
21:18:50.0790 0x08d4 MSDTC - ok
21:18:50.0815 0x08d4 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:18:50.0875 0x08d4 Msfs - ok
21:18:50.0884 0x08d4 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:18:50.0942 0x08d4 mshidkmdf - ok
21:18:50.0950 0x08d4 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:18:50.0971 0x08d4 msisadrv - ok
21:18:50.0984 0x08d4 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:18:51.0050 0x08d4 MSiSCSI - ok
21:18:51.0058 0x08d4 msiserver - ok
21:18:51.0067 0x08d4 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:18:51.0124 0x08d4 MSKSSRV - ok
21:18:51.0131 0x08d4 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:18:51.0191 0x08d4 MSPCLOCK - ok
21:18:51.0198 0x08d4 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:18:51.0254 0x08d4 MSPQM - ok
21:18:51.0274 0x08d4 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:18:51.0309 0x08d4 MsRPC - ok
21:18:51.0322 0x08d4 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
21:18:51.0343 0x08d4 mssmbios - ok
21:18:51.0353 0x08d4 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:18:51.0409 0x08d4 MSTEE - ok
21:18:51.0417 0x08d4 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
21:18:51.0442 0x08d4 MTConfig - ok
21:18:51.0451 0x08d4 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
21:18:51.0474 0x08d4 Mup - ok
21:18:51.0497 0x08d4 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
21:18:51.0574 0x08d4 napagent - ok
21:18:51.0594 0x08d4 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:18:51.0635 0x08d4 NativeWifiP - ok
21:18:51.0674 0x08d4 [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:18:51.0730 0x08d4 NDIS - ok
21:18:51.0741 0x08d4 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:18:51.0798 0x08d4 NdisCap - ok
21:18:51.0806 0x08d4 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:18:51.0862 0x08d4 NdisTapi - ok
21:18:51.0872 0x08d4 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:18:51.0928 0x08d4 Ndisuio - ok
21:18:51.0943 0x08d4 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:18:52.0004 0x08d4 NdisWan - ok
21:18:52.0013 0x08d4 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:18:52.0070 0x08d4 NDProxy - ok
21:18:52.0080 0x08d4 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:18:52.0139 0x08d4 NetBIOS - ok
21:18:52.0156 0x08d4 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:18:52.0221 0x08d4 NetBT - ok
21:18:52.0230 0x08d4 [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] Netlogon C:\Windows\system32\lsass.exe
21:18:52.0257 0x08d4 Netlogon - ok
21:18:52.0275 0x08d4 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
21:18:52.0349 0x08d4 Netman - ok
21:18:52.0360 0x08d4 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:18:52.0390 0x08d4 NetMsmqActivator - ok
21:18:52.0401 0x08d4 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:18:52.0430 0x08d4 NetPipeActivator - ok
21:18:52.0453 0x08d4 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
21:18:52.0529 0x08d4 netprofm - ok
21:18:52.0541 0x08d4 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:18:52.0569 0x08d4 NetTcpActivator - ok
21:18:52.0579 0x08d4 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:18:52.0608 0x08d4 NetTcpPortSharing - ok
21:18:52.0618 0x08d4 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
21:18:52.0641 0x08d4 nfrd960 - ok
21:18:52.0658 0x08d4 [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll
21:18:52.0696 0x08d4 NlaSvc - ok
21:18:52.0705 0x08d4 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:18:52.0764 0x08d4 Npfs - ok
21:18:52.0773 0x08d4 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
21:18:52.0837 0x08d4 nsi - ok
21:18:52.0845 0x08d4 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:18:52.0903 0x08d4 nsiproxy - ok
21:18:52.0969 0x08d4 [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:18:53.0053 0x08d4 Ntfs - ok
21:18:53.0065 0x08d4 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
21:18:53.0122 0x08d4 Null - ok
21:18:53.0134 0x08d4 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48, 7738785DE8B50D69993F4408498B812D0283FEE5C04FF5B89C20F149B44E9737 ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:18:53.0160 0x08d4 nvraid - ok
21:18:53.0174 0x08d4 [ F7CD50FE7139F07E77DA8AC8033D1832, DA96F4B15C8165E6AE1D00E03A062C66CA3A3089E4FF0E9E11CE00B154DD12EC ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:18:53.0200 0x08d4 nvstor - ok
21:18:53.0214 0x08d4 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:18:53.0239 0x08d4 nv_agp - ok
21:18:53.0249 0x08d4 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:18:53.0275 0x08d4 ohci1394 - ok
21:18:53.0285 0x08d4 [ 12DD405F6326466CF124E60A7A532004, 7FCA67F2F3F04DA70E2BC26F59E77DD2D330D8EEBA7D68A99FAE1A5F0AD6187F ] OpenVPNService C:\Program Files\OpenVPN\bin\openvpnserv.exe
21:18:53.0307 0x08d4 OpenVPNService - ok
21:18:53.0327 0x08d4 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:18:53.0366 0x08d4 p2pimsvc - ok
21:18:53.0389 0x08d4 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
21:18:53.0431 0x08d4 p2psvc - ok
21:18:53.0443 0x08d4 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:18:53.0470 0x08d4 Parport - ok
21:18:53.0480 0x08d4 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:18:53.0503 0x08d4 partmgr - ok
21:18:53.0518 0x08d4 [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:18:53.0552 0x08d4 PcaSvc - ok
21:18:53.0567 0x08d4 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
21:18:53.0594 0x08d4 pci - ok
21:18:53.0603 0x08d4 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
21:18:53.0623 0x08d4 pciide - ok
21:18:53.0638 0x08d4 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:18:53.0667 0x08d4 pcmcia - ok
21:18:53.0677 0x08d4 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
21:18:53.0699 0x08d4 pcw - ok
21:18:53.0767 0x08d4 [ 8F98C4BC605261B4B6E568FE791EB67A, 7B0D99D972A60423F7378BEE886061695FDA79B59AFF939744A130721E0174A1 ] PDF Architect 2 C:\Program Files (x86)\PDF Architect 2\ws.exe
21:18:53.0850 0x08d4 PDF Architect 2 - ok
21:18:53.0888 0x08d4 [ 9077A3059AB47834633AEAAED465F3D9, 9CA662E9CBA30795E4E5DAB3E309D2062FFDC2053C261054E24EF7EE5300F69F ] pdfforge CrashHandler C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe
21:18:53.0936 0x08d4 pdfforge CrashHandler - ok
21:18:53.0967 0x08d4 [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:18:54.0015 0x08d4 PEAUTH - ok
21:18:54.0136 0x08d4 [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
21:18:54.0213 0x08d4 PeerDistSvc - ok
21:18:54.0268 0x08d4 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:18:54.0295 0x08d4 PerfHost - ok
21:18:54.0360 0x08d4 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
21:18:54.0469 0x08d4 pla - ok
21:18:54.0495 0x08d4 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:18:54.0539 0x08d4 PlugPlay - ok
21:18:54.0548 0x08d4 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:18:54.0576 0x08d4 PNRPAutoReg - ok
21:18:54.0593 0x08d4 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:18:54.0633 0x08d4 PNRPsvc - ok
21:18:54.0657 0x08d4 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:18:54.0731 0x08d4 PolicyAgent - ok
21:18:54.0749 0x08d4 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
21:18:54.0816 0x08d4 Power - ok
21:18:54.0828 0x08d4 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:18:54.0887 0x08d4 PptpMiniport - ok
21:18:54.0897 0x08d4 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:18:54.0923 0x08d4 Processor - ok
21:18:54.0944 0x08d4 [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll
21:18:54.0980 0x08d4 ProfSvc - ok
21:18:54.0989 0x08d4 [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:18:55.0017 0x08d4 ProtectedStorage - ok
21:18:55.0028 0x08d4 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:18:55.0088 0x08d4 Psched - ok
21:18:55.0097 0x08d4 [ C32ECB99AD25E9A04F01C8665DF29EF8, 0489B3DEC6A33E50D8A48A8DAD3F5B923A81F7300E4A71358D90D2879BAC9AA2 ] pwdrvio C:\Windows\system32\pwdrvio.sys
21:18:55.0123 0x08d4 pwdrvio - ok
21:18:55.0132 0x08d4 [ D619356B955EEFA642F5FF72755E8B3C, 1FD54978A77ACD6FBF1236E177ED074894743A9141E4169FE9AFE28680FC93C5 ] pwdspio C:\Windows\system32\pwdspio.sys
21:18:55.0157 0x08d4 pwdspio - ok
21:18:55.0214 0x08d4 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
21:18:55.0289 0x08d4 ql2300 - ok
21:18:55.0306 0x08d4 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
21:18:55.0330 0x08d4 ql40xx - ok
21:18:55.0346 0x08d4 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
21:18:55.0389 0x08d4 QWAVE - ok
21:18:55.0399 0x08d4 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:18:55.0431 0x08d4 QWAVEdrv - ok
21:18:55.0439 0x08d4 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:18:55.0495 0x08d4 RasAcd - ok
21:18:55.0508 0x08d4 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:18:55.0567 0x08d4 RasAgileVpn - ok
21:18:55.0577 0x08d4 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
21:18:55.0642 0x08d4 RasAuto - ok
21:18:55.0654 0x08d4 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:18:55.0714 0x08d4 Rasl2tp - ok
21:18:55.0733 0x08d4 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
21:18:55.0803 0x08d4 RasMan - ok
21:18:55.0821 0x08d4 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:18:55.0880 0x08d4 RasPppoe - ok
21:18:55.0891 0x08d4 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:18:55.0950 0x08d4 RasSstp - ok
21:18:55.0967 0x08d4 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:18:56.0033 0x08d4 rdbss - ok
21:18:56.0042 0x08d4 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:18:56.0071 0x08d4 rdpbus - ok
21:18:56.0079 0x08d4 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:18:56.0135 0x08d4 RDPCDD - ok
21:18:56.0153 0x08d4 [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
21:18:56.0181 0x08d4 RDPDR - ok
21:18:56.0189 0x08d4 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:18:56.0246 0x08d4 RDPENCDD - ok
21:18:56.0258 0x08d4 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:18:56.0314 0x08d4 RDPREFMP - ok
21:18:56.0327 0x08d4 [ 065F79543D7999EC28B687F87E96B803, 6B235C422DCA79ABF0D051C066B2866643333F7ADB7AF914F6EEAC448AA59AAF ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
21:18:56.0352 0x08d4 RdpVideoMiniport - ok
21:18:56.0367 0x08d4 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:18:56.0400 0x08d4 RDPWD - ok
21:18:56.0416 0x08d4 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:18:56.0444 0x08d4 rdyboost - ok
21:18:56.0456 0x08d4 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:18:56.0520 0x08d4 RemoteAccess - ok
21:18:56.0533 0x08d4 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:18:56.0600 0x08d4 RemoteRegistry - ok
21:18:56.0612 0x08d4 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:18:56.0677 0x08d4 RpcEptMapper - ok
21:18:56.0685 0x08d4 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
21:18:56.0713 0x08d4 RpcLocator - ok
21:18:56.0737 0x08d4 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
21:18:56.0815 0x08d4 RpcSs - ok
21:18:56.0828 0x08d4 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:18:56.0886 0x08d4 rspndr - ok
21:18:56.0924 0x08d4 [ D2D055E7ED70A5EE885D17D35DF97E80, 51781E55EEE111140A261822D3F78D76AD288E9DDF8578E236358E0AEB872C2F ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
21:18:56.0982 0x08d4 RTL8167 - ok
21:18:57.0015 0x08d4 [ B3F36B4B3F192EA87DDC119F3A0B3E45, DE80502994ED9977AD64483385A0BC0C6060EA9E9C08645E72FBBCFE8B2358C7 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys
21:18:57.0060 0x08d4 RTL8192su - ok
21:18:57.0070 0x08d4 [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys
21:18:57.0092 0x08d4 s3cap - ok
21:18:57.0100 0x08d4 [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] SamSs C:\Windows\system32\lsass.exe
21:18:57.0128 0x08d4 SamSs - ok
21:18:57.0138 0x08d4 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:18:57.0164 0x08d4 sbp2port - ok
21:18:57.0180 0x08d4 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:18:57.0249 0x08d4 SCardSvr - ok
21:18:57.0257 0x08d4 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:18:57.0313 0x08d4 scfilter - ok
21:18:57.0355 0x08d4 [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule C:\Windows\system32\schedsvc.dll
21:18:57.0424 0x08d4 Schedule - ok
21:18:57.0438 0x08d4 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
21:18:57.0497 0x08d4 SCPolicySvc - ok
21:18:57.0512 0x08d4 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:18:57.0547 0x08d4 SDRSVC - ok
21:18:57.0556 0x08d4 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:18:57.0581 0x08d4 secdrv - ok
21:18:57.0590 0x08d4 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
21:18:57.0652 0x08d4 seclogon - ok
21:18:57.0661 0x08d4 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
21:18:57.0725 0x08d4 SENS - ok
21:18:57.0733 0x08d4 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:18:57.0762 0x08d4 SensrSvc - ok
21:18:57.0771 0x08d4 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:18:57.0795 0x08d4 Serenum - ok
21:18:57.0805 0x08d4 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:18:57.0833 0x08d4 Serial - ok
21:18:57.0842 0x08d4 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
21:18:57.0867 0x08d4 sermouse - ok
21:18:57.0890 0x08d4 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
21:18:57.0956 0x08d4 SessionEnv - ok
21:18:57.0963 0x08d4 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:18:57.0991 0x08d4 sffdisk - ok
21:18:57.0999 0x08d4 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:18:58.0028 0x08d4 sffp_mmc - ok
21:18:58.0035 0x08d4 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:18:58.0064 0x08d4 sffp_sd - ok
21:18:58.0072 0x08d4 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:18:58.0096 0x08d4 sfloppy - ok
21:18:58.0116 0x08d4 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:18:58.0188 0x08d4 SharedAccess - ok
21:18:58.0209 0x08d4 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:18:58.0282 0x08d4 ShellHWDetection - ok
21:18:58.0292 0x08d4 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:18:58.0314 0x08d4 SiSRaid2 - ok
21:18:58.0324 0x08d4 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
21:18:58.0348 0x08d4 SiSRaid4 - ok
21:18:58.0367 0x08d4 [ 050A4112B00BCA2E13314CDE48C1DEEE, 86C679CD494DEEB984372BF954EFBB8982AC7995FBF89FCF83BC228991D1B825 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
21:18:58.0403 0x08d4 SkypeUpdate - ok
21:18:58.0414 0x08d4 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:18:58.0475 0x08d4 Smb - ok
21:18:58.0490 0x08d4 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:18:58.0521 0x08d4 SNMPTRAP - ok
21:18:58.0530 0x08d4 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
21:18:58.0552 0x08d4 spldr - ok
21:18:58.0578 0x08d4 [ B96C17B5DC1424D56EEA3A99E97428CD, AF0A85066A7983878DC1C663811CE61C6CA1912DC956184F878B7B82DB93C651 ] Spooler C:\Windows\System32\spoolsv.exe
21:18:58.0660 0x08d4 Spooler - ok
21:18:58.0783 0x08d4 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
21:18:58.0971 0x08d4 sppsvc - ok
21:18:58.0992 0x08d4 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:18:59.0056 0x08d4 sppuinotify - ok
21:18:59.0078 0x08d4 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
21:18:59.0118 0x08d4 srv - ok
21:18:59.0139 0x08d4 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:18:59.0179 0x08d4 srv2 - ok
21:18:59.0215 0x08d4 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:18:59.0244 0x08d4 srvnet - ok
21:18:59.0260 0x08d4 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:18:59.0328 0x08d4 SSDPSRV - ok
21:18:59.0338 0x08d4 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:18:59.0406 0x08d4 SstpSvc - ok
21:18:59.0421 0x08d4 [ 91310683D7B6B292B746D60734B59322, 2C56C3E4AA7356FB544B52F80ABDA39A80473390CB2059C69BDCCAD40FE56325 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
21:18:59.0448 0x08d4 ssudmdm - ok
21:18:59.0456 0x08d4 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
21:18:59.0478 0x08d4 stexstor - ok
21:18:59.0506 0x08d4 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
21:18:59.0563 0x08d4 stisvc - ok
21:18:59.0574 0x08d4 [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\Windows\system32\drivers\vmstorfl.sys
21:18:59.0597 0x08d4 storflt - ok
21:18:59.0606 0x08d4 [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys
21:18:59.0627 0x08d4 storvsc - ok
21:18:59.0636 0x08d4 SVKP - ok
21:18:59.0645 0x08d4 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
21:18:59.0667 0x08d4 swenum - ok
21:18:59.0691 0x08d4 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
21:18:59.0771 0x08d4 swprv - ok
21:18:59.0781 0x08d4 Synth3dVsc - ok
21:18:59.0848 0x08d4 [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain C:\Windows\system32\sysmain.dll
21:18:59.0940 0x08d4 SysMain - ok
21:18:59.0979 0x08d4 [ 00068CD7BD0A2BFA6ACC1F75671394FF, BE2235923006B300910404020D8FA3E4B6F4798778E03D1AFD3A04D995411C72 ] SystemExplorerHelpService C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe
21:19:00.0029 0x08d4 SystemExplorerHelpService - ok
21:19:00.0041 0x08d4 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:19:00.0082 0x08d4 TabletInputService - ok
21:19:00.0091 0x08d4 [ 134B275751051C5D03F9ACCDC4F8CAAB, D50F96485AF6F26EA9A5A3A2ADEACC2DFD3B2ABCDAB88195B75CC72EAC543BE2 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
21:19:00.0114 0x08d4 tap0901 - ok
21:19:00.0132 0x08d4 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
21:19:00.0205 0x08d4 TapiSrv - ok
21:19:00.0215 0x08d4 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
21:19:00.0278 0x08d4 TBS - ok
21:19:00.0347 0x08d4 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:19:00.0437 0x08d4 Tcpip - ok
21:19:00.0515 0x08d4 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:19:00.0603 0x08d4 TCPIP6 - ok
21:19:00.0622 0x08d4 [ DF687E3D8836BFB04FCC0615BF15A519, 7C5B1E72673B4299DFC21E869F0FBB28198CA54DF4F4AF7080005F2D82467784 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:19:00.0679 0x08d4 tcpipreg - ok
21:19:00.0692 0x08d4 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:19:00.0717 0x08d4 TDPIPE - ok
21:19:00.0725 0x08d4 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:19:00.0749 0x08d4 TDTCP - ok
21:19:00.0761 0x08d4 [ AA77EB517D2F07A947294F260E3ACA83, B7A5DF3066830C0C2302B059778A67419792058A0D300C471DE40AB245EA7E58 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:19:00.0789 0x08d4 tdx - ok
21:19:00.0799 0x08d4 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
21:19:00.0823 0x08d4 TermDD - ok
21:19:00.0853 0x08d4 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
21:19:00.0908 0x08d4 TermService - ok
21:19:00.0919 0x08d4 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
21:19:00.0956 0x08d4 Themes - ok
21:19:00.0966 0x08d4 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
21:19:01.0028 0x08d4 THREADORDER - ok
21:19:01.0041 0x08d4 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
21:19:01.0108 0x08d4 TrkWks - ok
21:19:01.0123 0x08d4 [ 370A6907DDF79532A39319492B1FA38A, 46AECC5160F04FC3FFE4D37B404CCBBD1C5DC1501C2CEEE8284FF544DBDF10F8 ] truecrypt C:\Windows\system32\drivers\truecrypt.sys
21:19:01.0152 0x08d4 truecrypt - ok
21:19:01.0165 0x08d4 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:19:01.0227 0x08d4 TrustedInstaller - ok
21:19:01.0240 0x08d4 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:19:01.0264 0x08d4 tssecsrv - ok
21:19:01.0273 0x08d4 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:19:01.0298 0x08d4 TsUsbFlt - ok
21:19:01.0306 0x08d4 tsusbhub - ok
21:19:01.0320 0x08d4 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:19:01.0379 0x08d4 tunnel - ok
21:19:01.0390 0x08d4 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
21:19:01.0413 0x08d4 uagp35 - ok
21:19:01.0432 0x08d4 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:19:01.0498 0x08d4 udfs - ok
21:19:01.0514 0x08d4 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:19:01.0548 0x08d4 UI0Detect - ok
21:19:01.0558 0x08d4 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:19:01.0580 0x08d4 uliagpkx - ok
21:19:01.0590 0x08d4 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:19:01.0615 0x08d4 umbus - ok
21:19:01.0623 0x08d4 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
21:19:01.0646 0x08d4 UmPass - ok
21:19:01.0662 0x08d4 [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll
21:19:01.0699 0x08d4 UmRdpService - ok
21:19:01.0721 0x08d4 [ 67A95B9D129ED5399E7965CD09CF30E7, F1F2F684146F1CCB293BB9871117B8CFC1D04588A830F67CE5D3F0D034D93B2A ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
21:19:01.0757 0x08d4 UMVPFSrv - ok
21:19:01.0778 0x08d4 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
21:19:01.0853 0x08d4 upnphost - ok
21:19:01.0866 0x08d4 [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
21:19:01.0891 0x08d4 usbaudio - ok
21:19:01.0903 0x08d4 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:19:01.0929 0x08d4 usbccgp - ok
21:19:01.0941 0x08d4 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:19:01.0968 0x08d4 usbcir - ok
21:19:01.0977 0x08d4 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:19:02.0002 0x08d4 usbehci - ok
21:19:02.0021 0x08d4 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:19:02.0057 0x08d4 usbhub - ok
21:19:02.0066 0x08d4 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
21:19:02.0090 0x08d4 usbohci - ok
21:19:02.0098 0x08d4 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:19:02.0127 0x08d4 usbprint - ok
21:19:02.0136 0x08d4 [ 2C42E595E7E381596B9A14F88F5AE027, 948C2AD7FA0B01184312D1ABE43F2F3D85A934CF0658A8B2BDF9F0919568377B ] usbrndis6 C:\Windows\system32\DRIVERS\usb80236.sys
21:19:02.0163 0x08d4 usbrndis6 - ok
21:19:02.0173 0x08d4 [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
21:19:02.0198 0x08d4 usbscan - ok
21:19:02.0209 0x08d4 [ D76510CFA0FC09023077F22C2F979D86, 5662281C6D515423255D3C262EA368DBAFC250235E535FBFA3E59D3487695439 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:19:02.0237 0x08d4 USBSTOR - ok
21:19:02.0246 0x08d4 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
21:19:02.0270 0x08d4 usbuhci - ok
21:19:02.0279 0x08d4 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
21:19:02.0342 0x08d4 UxSms - ok
21:19:02.0349 0x08d4 [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] VaultSvc C:\Windows\system32\lsass.exe
21:19:02.0378 0x08d4 VaultSvc - ok
21:19:02.0390 0x08d4 VBoxAswDrv - ok
21:19:02.0399 0x08d4 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:19:02.0422 0x08d4 vdrvroot - ok
21:19:02.0447 0x08d4 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
21:19:02.0527 0x08d4 vds - ok
21:19:02.0538 0x08d4 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:19:02.0566 0x08d4 vga - ok
21:19:02.0574 0x08d4 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
21:19:02.0633 0x08d4 VgaSave - ok
21:19:02.0640 0x08d4 VGPU - ok
21:19:02.0656 0x08d4 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:19:02.0684 0x08d4 vhdmp - ok
21:19:02.0693 0x08d4 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
21:19:02.0714 0x08d4 viaide - ok
21:19:02.0726 0x08d4 [ 81707CE3690AEA7BD0BA30A726D009BE, 6CCF2168A9C8000772B69A0152848338AAFD56FB2AC2F48D37D0670E5B991E82 ] ViscosityService C:\Program Files\Viscosity\ViscosityService.exe
21:19:02.0748 0x08d4 ViscosityService - ok
21:19:02.0757 0x08d4 [ 5A3D74BEDAD4D9E678891A9B30AABE66, 69EEE7C27D443C95BBE4BE38138D3438F8AE5ABAC23CECC1290E1EC588D1DD34 ] visctap0901 C:\Windows\system32\DRIVERS\visctap0901.sys
21:19:02.0778 0x08d4 visctap0901 - ok
21:19:02.0793 0x08d4 [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\Windows\system32\drivers\vmbus.sys
21:19:02.0822 0x08d4 vmbus - ok
21:19:02.0831 0x08d4 [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
21:19:02.0855 0x08d4 VMBusHID - ok
21:19:02.0865 0x08d4 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:19:02.0889 0x08d4 volmgr - ok
21:19:02.0910 0x08d4 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:19:02.0944 0x08d4 volmgrx - ok
21:19:02.0963 0x08d4 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:19:02.0994 0x08d4 volsnap - ok
21:19:03.0008 0x08d4 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
21:19:03.0034 0x08d4 vsmraid - ok
21:19:03.0094 0x08d4 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
21:19:03.0212 0x08d4 VSS - ok
21:19:03.0224 0x08d4 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
21:19:03.0253 0x08d4 vwifibus - ok
21:19:03.0262 0x08d4 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
21:19:03.0295 0x08d4 vwififlt - ok
21:19:03.0315 0x08d4 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
21:19:03.0391 0x08d4 W32Time - ok
21:19:03.0407 0x08d4 [ A212A4F5D2BB731F9CC6E2C546A0B464, 32828D9A153519D3521F89419DCE91ABB25AD0601A525ED8947C1FA2434DF608 ] WacHidRouter C:\Windows\system32\DRIVERS\wachidrouter.sys
21:19:03.0430 0x08d4 WacHidRouter - ok
21:19:03.0439 0x08d4 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
21:19:03.0463 0x08d4 WacomPen - ok
21:19:03.0472 0x08d4 [ E722E0C28881186D1B7E09A66C4D4DA5, 8BAF9D96706EE4251F20E850ECDF4201ADB04C9A8E31FD5C669F75E2299A0414 ] wacomrouterfilter C:\Windows\system32\DRIVERS\wacomrouterfilter.sys
21:19:03.0492 0x08d4 wacomrouterfilter - ok
21:19:03.0504 0x08d4 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:19:03.0560 0x08d4 WANARP - ok
21:19:03.0569 0x08d4 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:19:03.0627 0x08d4 Wanarpv6 - ok
21:19:03.0677 0x08d4 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
21:19:03.0743 0x08d4 WatAdminSvc - ok
21:19:03.0803 0x08d4 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
21:19:03.0886 0x08d4 wbengine - ok
21:19:03.0906 0x08d4 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:19:03.0948 0x08d4 WbioSrvc - ok
21:19:03.0968 0x08d4 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:19:04.0018 0x08d4 wcncsvc - ok
21:19:04.0028 0x08d4 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:19:04.0059 0x08d4 WcsPlugInService - ok
21:19:04.0068 0x08d4 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
21:19:04.0089 0x08d4 Wd - ok
21:19:04.0098 0x08d4 [ A3D04EBF5227886029B4532F20D026F7, D90F7B9C176008675DA0B5FD7E4973CBC2A04172CEDF8FB7D3B3B4F27B5440D7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
21:19:04.0120 0x08d4 WDC_SAM - ok
21:19:04.0153 0x08d4 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:19:04.0205 0x08d4 Wdf01000 - ok
21:19:04.0216 0x08d4 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:19:04.0289 0x08d4 WdiServiceHost - ok
21:19:04.0298 0x08d4 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:19:04.0339 0x08d4 WdiSystemHost - ok
21:19:04.0356 0x08d4 [ 4E89FC53493704BF835F0300DC201C34, FB3080725E144D93512DED81047D21C0582BC3412250EFF37E039108D7351F53 ] WebClient C:\Windows\System32\webclnt.dll
21:19:04.0393 0x08d4 WebClient - ok
21:19:04.0409 0x08d4 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:19:04.0479 0x08d4 Wecsvc - ok
21:19:04.0491 0x08d4 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:19:04.0558 0x08d4 wercplsupport - ok
21:19:04.0569 0x08d4 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
21:19:04.0633 0x08d4 WerSvc - ok
21:19:04.0641 0x08d4 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:19:04.0699 0x08d4 WfpLwf - ok
21:19:04.0707 0x08d4 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:19:04.0728 0x08d4 WIMMount - ok
21:19:04.0735 0x08d4 WinDefend - ok
21:19:04.0751 0x08d4 WinHttpAutoProxySvc - ok
21:19:04.0776 0x08d4 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:19:04.0843 0x08d4 Winmgmt - ok
21:19:04.0920 0x08d4 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
21:19:05.0054 0x08d4 WinRM - ok
21:19:05.0076 0x08d4 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
21:19:05.0106 0x08d4 WinUSB - ok
21:19:05.0142 0x08d4 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
21:19:05.0210 0x08d4 Wlansvc - ok
21:19:05.0222 0x08d4 [ 680A7846370000D20D7E74917D5B7936, 55B77B358039672845D361CA4205F3482D1F30A4654B610FD785A1337EFDC316 ] WmBEnum C:\Windows\system32\drivers\WmBEnum.sys
21:19:05.0241 0x08d4 WmBEnum - ok
21:19:05.0252 0x08d4 [ 14C35BA8189C6F65D839163AA285E954, 8981AA488320C75E26E1ABDF884B721A4065F5D28F54782598B03F21B8CDC020 ] WmFilter C:\Windows\system32\drivers\WmFilter.sys
21:19:05.0272 0x08d4 WmFilter - ok
21:19:05.0282 0x08d4 [ AC4331AF118A720F13C9C5CABBFE27BD, 2C5F453996B00078F3E8E731F6B3DD4529831BDA2146EAFC66727C9460E85112 ] WmHidLo C:\Windows\system32\drivers\WmHidLo.sys
21:19:05.0302 0x08d4 WmHidLo - ok
21:19:05.0310 0x08d4 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:19:05.0334 0x08d4 WmiAcpi - ok
21:19:05.0354 0x08d4 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:19:05.0385 0x08d4 wmiApSrv - ok
21:19:05.0392 0x08d4 WMPNetworkSvc - ok
21:19:05.0404 0x08d4 [ 8488DD91A3EE54A8E29F02AD7BB8201E, D428ED991D9E4A8765C240B21884A262854278698D60862117AC5949713231F9 ] WmVirHid C:\Windows\system32\drivers\WmVirHid.sys
21:19:05.0424 0x08d4 WmVirHid - ok
21:19:05.0434 0x08d4 [ 14802B3A30AA849C97CB968CCC813BF3, 330AD828ABD040ECDBF58F7162978CD61BFC093CAD404FD2BCAC74E3F2EC542A ] WmXlCore C:\Windows\system32\drivers\WmXlCore.sys
21:19:05.0456 0x08d4 WmXlCore - ok
21:19:05.0464 0x08d4 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:19:05.0493 0x08d4 WPCSvc - ok
21:19:05.0505 0x08d4 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:19:05.0568 0x08d4 WPDBusEnum - ok
21:19:05.0583 0x08d4 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:19:05.0645 0x08d4 ws2ifsl - ok
21:19:05.0656 0x08d4 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
21:19:05.0696 0x08d4 wscsvc - ok
21:19:05.0704 0x08d4 WSearch - ok
21:19:05.0740 0x08d4 [ 539D52A1CB4CC3BFB9B6CAD7883B8ECA, 3CAC8F755F85F06C6FFA8C5328943DC55F410EAAA64F0E4241C3E7F60A48D4A9 ] WTabletServiceCon C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
21:19:05.0780 0x08d4 WTabletServiceCon - ok
21:19:05.0869 0x08d4 [ 6075791ED85E47A2A2916B1F34582944, 25B5FAD161711875B38BDD014A26FA527C8EE4854D485989D19A72D5EBBA4054 ] wuauserv C:\Windows\system32\wuaueng.dll
21:19:05.0993 0x08d4 wuauserv - ok
21:19:06.0011 0x08d4 [ D3381DC54C34D79B22CEE0D65BA91B7C, 70DC4ADCA4C0C28BB133287511E329D1B6B9B97F96CDE5B1D2F1F59FE1A965D9 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:19:06.0071 0x08d4 WudfPf - ok
21:19:06.0085 0x08d4 [ CF8D590BE3373029D57AF80914190682, FB9641777E90A58C063FBE95F081DC6D2F4770827DE19108A9DC3E3D6B17B4BF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:19:06.0147 0x08d4 WUDFRd - ok
21:19:06.0158 0x08d4 [ 7A95C95B6C4CF292D689106BCAE49543, 9029F489E1E817CE12839B8C6656E46190497D445DC3F43C20CF96E5E6BD0691 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:19:06.0223 0x08d4 wudfsvc - ok
21:19:06.0239 0x08d4 [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc C:\Windows\System32\wwansvc.dll
21:19:06.0284 0x08d4 WwanSvc - ok
21:19:06.0309 0x08d4 ================ Scan global ===============================
21:19:06.0316 0x08d4 [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
21:19:06.0333 0x08d4 [ FF41063E45C6238CAF48CBE6D0D6FC4B, 9B755EA23E7D2554E3AC3ADFFC4AFF7EB4F4A0F5CD3E6F2300BC98B21474CBC6 ] C:\Windows\system32\winsrv.dll
21:19:06.0359 0x08d4 [ FF41063E45C6238CAF48CBE6D0D6FC4B, 9B755EA23E7D2554E3AC3ADFFC4AFF7EB4F4A0F5CD3E6F2300BC98B21474CBC6 ] C:\Windows\system32\winsrv.dll
21:19:06.0377 0x08d4 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
21:19:06.0399 0x08d4 [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
21:19:06.0415 0x08d4 [ Global ] - ok
21:19:06.0416 0x08d4 ================ Scan MBR ==================================
21:19:06.0878 0x08d4 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:19:06.0971 0x08d4 \Device\Harddisk0\DR0 - ok
21:19:06.0979 0x08d4 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
21:19:07.0650 0x08d4 \Device\Harddisk1\DR1 - ok
21:19:07.0651 0x08d4 ================ Scan VBR ==================================
21:19:07.0656 0x08d4 [ 84031E6DF511C5BC86A51D864CA48637 ] \Device\Harddisk0\DR0\Partition1
21:19:07.0656 0x08d4 \Device\Harddisk0\DR0\Partition1 - ok
21:19:07.0664 0x08d4 [ 10528ABA9CD4213E02EE88F65D7962A8 ] \Device\Harddisk1\DR1\Partition1
21:19:07.0666 0x08d4 \Device\Harddisk1\DR1\Partition1 - ok
21:19:07.0673 0x08d4 [ D434BFFE06F1E8D252EFABB859F2239F ] \Device\Harddisk1\DR1\Partition2
21:19:07.0676 0x08d4 \Device\Harddisk1\DR1\Partition2 - ok
21:19:07.0677 0x08d4 ================ Scan generic autorun ======================
21:19:07.0684 0x08d4 [ 053C93D5967E08748DBA0E132EAEC0B3, B48A00B00DFDFCF6911911B34788CD359BF90AB66F4A2A3FE177B75EB775C2C2 ] C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe
21:19:07.0696 0x08d4 NUSB3MON - detected UnsignedFile.Multi.Generic ( 1 )
21:19:10.0347 0x08d4 Detect skipped due to KSN trusted
21:19:10.0347 0x08d4 NUSB3MON - ok
21:19:10.0352 0x08d4 Creative SB Monitoring Utility - ok
21:19:10.0427 0x08d4 [ DF72D700CC33611206675B8A2FD4D4F9, AB3AF6FD92140A1432FEAFFF2015CFAD5E9362F0018EA1D859A2DA349E95847D ] C:\Program Files\Logitech\SetPointP\SetPoint.exe
21:19:10.0508 0x08d4 EvtMgr6 - ok
21:19:10.0551 0x08d4 [ 06BB3578BE06B0980AF9917EC94488EC, 4C66DC5C55E7AC80838D21AA04D194ACE62D70FF0D469FAB910FFE05B1C2A4E7 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe
21:19:10.0599 0x08d4 StartCCC - ok
21:19:10.0794 0x08d4 [ 12DDF400E9E4441C0A9C144861D1EE01, 8B6702F149E044EC0CDA1291EE7AE64B9954E93E68F15DF8A925E396435254FF ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
21:19:11.0034 0x08d4 AvastUI.exe - ok
21:19:11.0090 0x08d4 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
21:19:11.0164 0x08d4 Sidebar - ok
21:19:11.0175 0x08d4 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
21:19:11.0213 0x08d4 mctadmin - ok
21:19:11.0256 0x08d4 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
21:19:11.0320 0x08d4 Sidebar - ok
21:19:11.0331 0x08d4 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
21:19:11.0369 0x08d4 mctadmin - ok
21:19:11.0496 0x08d4 [ F73154E180105822A5F9B755BA933737, 1CD775B6CE3736A70EC5FC7A6B77A2FEDA70D59B49A66046CC20B341005501D9 ] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
21:19:11.0655 0x08d4 DAEMON Tools Lite - ok
21:19:11.0875 0x08d4 [ F2E5126DF9CBBEEFFA91279D62430652, 1E65AAE2BBE9F01063A5BF26A6172AEBD0C6695A6DCA9C894FDC2BD7706768B4 ] C:\Program Files\CCleaner\CCleaner64.exe
21:19:12.0134 0x08d4 CCleaner - ok
21:19:12.0198 0x08d4 [ FA8F08013422A4EB68072668B3A73293, 7F4E7AC770928E9D313B7E91DB4B904A98F3D8BBAC3E0B88FBCA9EF15DD6ED71 ] C:\Program Files\TrueCrypt\TrueCrypt.exe
21:19:12.0272 0x08d4 TrueCrypt - ok
21:19:12.0329 0x08d4 [ 7A60DCF0B0F2521A7F505F8A56E5AB68, 7F23D55D4BC55ACACA9E4F94DA2439539FD2AA96D1DCA6FF58C8469F7F9C622F ] C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
21:19:12.0400 0x08d4 FreeAC - ok
21:19:12.0458 0x08d4 [ B089B94149741F21B45B1F85D89E7C33, 1E7A0DFB503FD651BEC8AE52E6DD162BACFC7469740D56423C2C8A2147927CA4 ] C:\Program Files\Viscosity\Viscosity.exe
21:19:12.0526 0x08d4 Viscosity - ok
21:19:12.0540 0x08d4 [ 7C6D524C78A1722AD987B9E47AC1FEE2, FFDC6C92ABB547D0DCD2621EC423C755A78079B061A41FA1751A56799D1A79A5 ] C:\Users\BUN\AppData\Local\Dropbox\Update\DropboxUpdate.exe
21:19:12.0562 0x08d4 Dropbox Update - ok
21:19:12.0631 0x08d4 [ 78E70968C04DE6C85541CF70F8CF4E78, 247480142CD098739FF5E68499911CB43E9215AC38328B6452D74FEC9F7BA0EA ] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
21:19:12.0712 0x08d4 HydraVisionDesktopManager - detected UnsignedFile.Multi.Generic ( 1 )
21:19:15.0356 0x08d4 Detect skipped due to KSN trusted
21:19:15.0356 0x08d4 HydraVisionDesktopManager - ok
21:19:15.0359 0x08d4 Waiting for KSN requests completion. In queue: 13
21:19:16.0359 0x08d4 Waiting for KSN requests completion. In queue: 13
21:19:17.0359 0x08d4 Waiting for KSN requests completion. In queue: 13
21:19:18.0025 0x141c Object required for P2P: [ 12DDF400E9E4441C0A9C144861D1EE01 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
21:19:18.0359 0x08d4 Waiting for KSN requests completion. In queue: 11
21:19:19.0359 0x08d4 Waiting for KSN requests completion. In queue: 11
21:19:20.0359 0x08d4 Waiting for KSN requests completion. In queue: 11
21:19:20.0821 0x141c Object send P2P result: true
21:19:21.0417 0x08d4 AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.3.2223.1143 ), 0x41000 ( enabled : updated )
21:19:21.0421 0x08d4 FW detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.3.2223.1143 ), 0x40010 ( disabled )
21:19:21.0434 0x08d4 Win FW state via NFP2: enabled ( trusted )
21:19:24.0112 0x08d4 ============================================================
21:19:24.0112 0x08d4 Scan finished
21:19:24.0112 0x08d4 ============================================================
21:19:24.0142 0x0110 Detected object count: 0
21:19:24.0142 0x0110 Actual detected object count: 0
|
|
12.12.2015, 10:57
| #5 |
| /// TB-Ausbilder | infizierte .doc Datei geöffnet - Banking Trojaner? Servus, Scan mit Combofix
|
|
12.12.2015, 17:50
| #6 |
| | infizierte .doc Datei geöffnet - Banking Trojaner? Combofix habe ich vom Desktop aus ausgeführt. Zwischendurch ist der PC einmal in den standby, aber nachdem ich ihn wieder geweckt habe lief das Programm ohne Probleme weiter. Avast habe ich abgeschaltet bevor ich combofix gestartet habe. Vielen Dank erstmal für eure ganze mühe  Anbei die log file: Code:
ATTFilter ComboFix 15-12-12.01 - BUN 12.12.2015 15:35:24.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1033.18.3523.2281 [GMT 1:00]
ausgeführt von:: c:\users\BUN\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-11-12 bis 2015-12-12 ))))))))))))))))))))))))))))))
.
.
2015-12-12 16:23 . 2015-12-12 16:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-12-12 14:20 . 2015-12-12 14:20 -------- d-----w- c:\program files (x86)\MozBackup
2015-12-11 19:29 . 2015-12-11 19:36 -------- d-----w- c:\programdata\SystemExplorer
2015-12-11 19:29 . 2015-12-11 19:29 -------- d-----w- c:\program files (x86)\System Explorer
2015-12-11 17:31 . 2015-12-11 20:06 -------- d-----w- C:\FRST
2015-12-11 09:16 . 2015-10-29 09:28 11138400 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EBB3DEA1-4FC0-4CE4-8F14-6DCF81972DB6}\mpengine.dll
2015-12-04 03:18 . 2015-12-04 03:18 -------- d-----w- c:\program files (x86)\Common Files\Wrye Bash
2015-12-03 18:24 . 2015-12-03 18:24 -------- d-----w- c:\program files\Common Files\AV
2015-12-03 18:24 . 2015-12-03 18:24 -------- d-----w- c:\program files (x86)\Common Files\AV
2015-12-03 15:21 . 2015-12-03 18:53 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2015-11-17 23:48 . 2015-11-27 18:26 -------- d-----w- c:\users\BUN\helden
2015-11-16 22:08 . 2015-11-16 22:08 -------- d-----w- c:\program files (x86)\MIDI4all
2015-11-16 21:24 . 1999-12-17 09:13 86016 ----a-w- c:\windows\unvise32.exe
2015-11-16 21:24 . 2015-11-16 21:24 -------- d-----w- c:\program files (x86)\emagic
2015-11-16 21:08 . 2015-11-16 21:10 -------- d-----w- c:\program files (x86)\milkytracker-0.90.86-winnt
2015-11-16 20:59 . 2015-11-16 20:59 -------- d-----w- c:\program files (x86)\Microsoft DirectMusic Producer
2015-11-16 20:59 . 1999-02-21 23:00 241672 ----a-w- c:\windows\SysWow64\MSFLXGRD.OCX
2015-11-16 20:59 . 1997-08-26 11:06 315904 ----a-w- c:\windows\IsUninst.exe
2015-11-16 16:48 . 2015-11-16 16:48 -------- d-----w- c:\program files (x86)\Sekaiju4.5
2015-11-16 16:41 . 2015-11-16 16:50 -------- d-----w- c:\program files (x86)\AmazingMIDI
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-12-11 17:17 . 2014-08-03 22:48 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2015-12-11 15:36 . 2014-08-03 22:31 65536 ----a-w- c:\windows\system32\spu_storage.bin
2015-12-09 20:01 . 2014-08-04 09:40 140158008 ----a-w- c:\windows\system32\MRT.exe
2015-12-09 11:16 . 2014-08-04 11:38 419840 ----a-w- c:\windows\system32\systemcpl.dll
2015-12-09 11:16 . 2014-08-04 11:37 14848 ----a-w- c:\windows\system32\slwga.dll
2015-12-09 11:16 . 2014-08-04 11:37 13824 ----a-w- c:\windows\SysWow64\slwga.dll
2015-12-08 22:51 . 2014-08-03 22:39 796864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-12-08 22:51 . 2014-08-03 22:39 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-12-02 12:18 . 2014-08-03 22:13 301728 ------w- c:\windows\system32\MpSigStub.exe
2015-11-10 09:45 . 2014-08-03 22:22 449992 ----a-w- c:\windows\system32\drivers\aswsp.sys
2015-11-10 09:45 . 2014-08-03 22:22 1059656 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2015-10-20 01:12 . 2015-11-11 14:19 5570496 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-10-20 01:12 . 2015-11-11 14:19 154560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-10-20 01:12 . 2015-11-11 14:19 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-10-20 01:09 . 2015-11-11 14:19 1730496 ----a-w- c:\windows\system32\ntdll.dll
2015-10-20 01:06 . 2015-11-11 14:19 243712 ----a-w- c:\windows\system32\wow64.dll
2015-10-20 01:06 . 2015-11-11 14:19 215040 ----a-w- c:\windows\system32\winsrv.dll
2015-10-20 01:06 . 2015-11-11 14:19 362496 ----a-w- c:\windows\system32\wow64win.dll
2015-10-20 01:06 . 2015-11-11 14:19 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2015-10-20 01:05 . 2015-11-11 14:19 210944 ----a-w- c:\windows\system32\wdigest.dll
2015-10-20 01:05 . 2015-11-11 14:19 86528 ----a-w- c:\windows\system32\TSpkg.dll
2015-10-20 01:05 . 2015-11-11 14:19 503808 ----a-w- c:\windows\system32\srcore.dll
2015-10-20 01:05 . 2015-11-11 14:19 50176 ----a-w- c:\windows\system32\srclient.dll
2015-10-20 01:05 . 2015-11-11 14:19 29184 ----a-w- c:\windows\system32\sspisrv.dll
2015-10-20 01:05 . 2015-11-11 14:19 136192 ----a-w- c:\windows\system32\sspicli.dll
2015-10-20 01:05 . 2015-11-11 14:19 28160 ----a-w- c:\windows\system32\secur32.dll
2015-10-20 01:05 . 2015-11-11 14:19 344064 ----a-w- c:\windows\system32\schannel.dll
2015-10-20 01:05 . 2015-11-11 14:19 1216512 ----a-w- c:\windows\system32\rpcrt4.dll
2015-10-20 01:05 . 2015-11-11 14:19 312320 ----a-w- c:\windows\system32\ncrypt.dll
2015-10-20 01:05 . 2015-11-11 14:19 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2015-10-20 01:05 . 2015-11-11 14:19 315392 ----a-w- c:\windows\system32\msv1_0.dll
2015-10-20 01:05 . 2015-11-11 14:19 729600 ----a-w- c:\windows\system32\kerberos.dll
2015-10-20 01:05 . 2015-11-11 14:19 1461760 ----a-w- c:\windows\system32\lsasrv.dll
2015-10-20 01:05 . 2015-11-11 14:19 1164800 ----a-w- c:\windows\system32\kernel32.dll
2015-10-20 01:05 . 2015-11-11 14:19 424960 ----a-w- c:\windows\system32\KernelBase.dll
2015-10-20 01:05 . 2015-11-11 14:19 44032 ----a-w- c:\windows\system32\cryptbase.dll
2015-10-20 01:05 . 2015-11-11 14:19 43520 ----a-w- c:\windows\system32\csrsrv.dll
2015-10-20 01:05 . 2015-11-11 14:19 22016 ----a-w- c:\windows\system32\credssp.dll
2015-10-20 01:05 . 2015-11-11 14:19 112640 ----a-w- c:\windows\system32\smss.exe
2015-10-20 01:05 . 2015-11-11 14:19 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-10-20 01:04 . 2015-11-11 14:19 31232 ----a-w- c:\windows\system32\lsass.exe
2015-10-20 01:04 . 2015-11-11 14:19 338432 ----a-w- c:\windows\system32\conhost.exe
2015-10-20 01:04 . 2015-11-11 14:19 64000 ----a-w- c:\windows\system32\auditpol.exe
2015-10-20 01:00 . 2015-11-11 14:19 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-10-20 00:59 . 2015-11-11 14:19 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-10-20 00:53 . 2015-11-11 14:19 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-10-20 00:53 . 2015-11-11 14:19 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-10-20 00:53 . 2015-11-11 14:19 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-20 00:53 . 2015-11-11 14:19 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-20 00:53 . 2015-11-11 14:19 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-20 00:53 . 2015-11-11 14:19 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-10-20 00:53 . 2015-11-11 14:19 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-20 00:53 . 2015-11-11 14:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-20 00:53 . 2015-11-11 14:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-20 00:53 . 2015-11-11 14:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-20 00:53 . 2015-11-11 14:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-10-20 00:53 . 2015-11-11 14:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-10-20 00:53 . 2015-11-11 14:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-10-20 00:53 . 2015-11-11 14:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-10-20 00:53 . 2015-11-11 14:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-10-20 00:53 . 2015-11-11 14:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-10-20 00:53 . 2015-11-11 14:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-10-20 00:53 . 2015-11-11 14:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-10-20 00:53 . 2015-11-11 14:19 6656 ----a-w- c:\windows\system32\apisetschema.dll
2015-10-20 00:53 . 2015-11-11 14:19 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-10-20 00:53 . 2015-11-11 14:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-20 00:53 . 2015-11-11 14:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-10-20 00:53 . 2015-11-11 14:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-10-20 00:53 . 2015-11-11 14:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-20 00:53 . 2015-11-11 14:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-10-20 00:53 . 2015-11-11 14:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-10-20 00:53 . 2015-11-11 14:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-20 00:53 . 2015-11-11 14:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-10-20 00:53 . 2015-11-11 14:19 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-10-20 00:53 . 2015-11-11 14:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-10-20 00:52 . 2015-11-11 14:19 3991488 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-10-20 00:52 . 2015-11-11 14:19 3935680 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-10-20 00:48 . 2015-11-11 14:19 1311768 ----a-w- c:\windows\SysWow64\ntdll.dll
2015-10-20 00:45 . 2015-11-11 14:19 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2015-10-20 00:45 . 2015-11-11 14:19 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2015-10-20 00:45 . 2015-11-11 14:19 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-10-20 00:45 . 2015-11-11 14:19 251392 ----a-w- c:\windows\SysWow64\schannel.dll
2015-10-20 00:45 . 2015-11-11 14:19 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2015-10-20 00:45 . 2015-11-11 14:19 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2015-10-20 00:45 . 2015-11-11 14:19 223232 ----a-w- c:\windows\SysWow64\ncrypt.dll
2015-10-20 00:45 . 2015-11-11 14:19 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2015-10-20 00:45 . 2015-11-11 14:19 552960 ----a-w- c:\windows\SysWow64\kerberos.dll
2015-10-20 00:45 . 2015-11-11 14:19 36864 ----a-w- c:\windows\SysWow64\cryptbase.dll
2015-10-20 00:45 . 2015-11-11 14:19 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2015-10-20 00:45 . 2015-11-11 14:19 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-10-20 00:45 . 2015-11-11 14:19 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2015-10-20 00:44 . 2015-11-11 14:19 50176 ----a-w- c:\windows\SysWow64\auditpol.exe
2015-10-20 00:44 . 2015-11-11 14:19 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2015-10-20 00:44 . 2015-11-11 14:19 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2015-10-20 00:44 . 2015-11-11 14:19 665088 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2015-10-20 00:44 . 2015-11-11 14:19 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2015-10-20 00:39 . 2015-11-11 14:19 60416 ----a-w- c:\windows\SysWow64\msobjs.dll
2015-10-20 00:39 . 2015-11-11 14:19 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2015-10-20 00:35 . 2015-11-11 14:19 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2015-10-20 00:35 . 2015-11-11 14:19 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-12-08 21:33 199488 ----a-w- c:\users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-12-08 21:33 199488 ----a-w- c:\users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-12-08 21:33 199488 ----a-w- c:\users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-12-08 21:33 199488 ----a-w- c:\users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-12-08 21:33 199488 ----a-w- c:\users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-12-08 21:33 199488 ----a-w- c:\users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-12-08 21:33 199488 ----a-w- c:\users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-12-08 21:33 199488 ----a-w- c:\users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-12-08 21:33 199488 ----a-w- c:\users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-12-08 21:33 199488 ----a-w- c:\users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-12-08 21:33 199488 ----a-w- c:\users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-12-08 21:33 199488 ----a-w- c:\users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-12-08 21:33 199488 ----a-w- c:\users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-12-08 21:33 199488 ----a-w- c:\users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-12-08 21:33 199488 ----a-w- c:\users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-12-08 21:33 199488 ----a-w- c:\users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
"CCleaner"="c:\program files\CCleaner\CCleaner64.exe" [2014-07-23 6265624]
"TrueCrypt"="c:\program files\TrueCrypt\TrueCrypt.exe" [2014-08-05 1516496]
"FreeAC"="c:\program files (x86)\FreeAlarmClock\FreeAlarmClock.exe" [2014-02-20 1553688]
"Viscosity"="c:\program files\Viscosity\Viscosity.exe" [2015-09-07 1434400]
"Dropbox Update"="c:\users\BUN\AppData\Local\Dropbox\Update\DropboxUpdate.exe" [2015-06-17 134512]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2014-04-17 1967616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-04-17 767200]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-11-10 6108752]
.
c:\users\BUN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\BUN\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-5-5 24952456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys;c:\windows\SYSNATIVE\SVKP.sys [x]
R3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;j:\programme\Common\Database\bin\fbserver.exe;j:\programme\Common\Database\bin\fbserver.exe [x]
R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\DRIVERS\HtcVComV64.sys;c:\windows\SYSNATIVE\DRIVERS\HtcVComV64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech Webcam 500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 PDF Architect 2;PDF Architect 2;c:\program files (x86)\PDF Architect 2\ws.exe;c:\program files (x86)\PDF Architect 2\ws.exe [x]
R3 pdfforge CrashHandler;pdfforge CrashHandler;c:\program files (x86)\PDF Architect 2\crash-handler-ws.exe;c:\program files (x86)\PDF Architect 2\crash-handler-ws.exe [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 SystemExplorerHelpService;System Explorer Service;c:\program files (x86)\System Explorer\service\SystemExplorerService64.exe;c:\program files (x86)\System Explorer\service\SystemExplorerService64.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;tsusbhub [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 APXACC;AppEx Networks Accelerator LWF;c:\windows\system32\DRIVERS\appexDrv.sys;c:\windows\SYSNATIVE\DRIVERS\appexDrv.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys;c:\windows\SYSNATIVE\DRIVERS\amdhub30.sys [x]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys;c:\windows\SYSNATIVE\DRIVERS\amdxhc.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 AsrVDrive;AsrVDrive;c:\windows\system32\DRIVERS\AsrVDrive.sys;c:\windows\SYSNATIVE\DRIVERS\AsrVDrive.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys;c:\windows\SYSNATIVE\drivers\ksaud.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2015-12-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-03 22:51]
.
2015-07-18 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2977046599-1652667645-1297689053-1000Core.job
- c:\users\BUN\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17 09:32]
.
2015-07-18 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2977046599-1652667645-1297689053-1000UA.job
- c:\users\BUN\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17 09:32]
.
2015-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-02-07 00:24]
.
2015-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-02-07 00:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-12-08 21:33 236352 ----a-w- c:\users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-12-08 21:33 236352 ----a-w- c:\users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-12-08 21:33 236352 ----a-w- c:\users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-12-08 21:33 236352 ----a-w- c:\users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-12-08 21:33 236352 ----a-w- c:\users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-12-08 21:33 236352 ----a-w- c:\users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-12-08 21:33 236352 ----a-w- c:\users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-12-08 21:33 236352 ----a-w- c:\users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-07-27 18:23 777544 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe" [2012-04-11 97280]
"Creative SB Monitoring Utility"="sbavmon.dll" [2009-12-16 109056]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.0.1 192.168.0.2
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
AddRemove-Age of Empires 2.0 - j:\games\AOE2\UNINSTAL.EXE
AddRemove-Age of Empires II - The Conquerors - 1.0e Patch FINAL_is1 - j:\games\AOE2\unins000.exe
AddRemove-Age of Empires II: The Conquerors Expansion 1.0 - j:\games\AOE2\UNINSTALX.EXE
AddRemove-Anno 1503 GOLD_is1 - j:\games\Anno 1503\unins000.exe
AddRemove-Bastion_is1 - j:\games\Bastion\unins000.exe
AddRemove-Broken Sword - The Shadow of the Templars_is1 - j:\games\Broken Sword - The Shadow of the Templars\unins000.exe
AddRemove-Cossacks Anthology_is1 - j:\games\Cossacks Anthology\unins000.exe
AddRemove-Firebird SQL Server D - j:\programme\Common\Database\unwise.exe
AddRemove-GOGPACKFAHRENHEIT_is1 - j:\games\Fahrenheit\unins000.exe
AddRemove-GOGPACKSTRONGHOLDHD_is1 - j:\games\Stronghold HD\unins000.exe
AddRemove-Gothic II - j:\games\GOTHIC~3\UNWISE.EXE
AddRemove-Gothic II - Die Nacht des Raben - j:\games\GOTHIC~1\UNWISE.EXE
AddRemove-Gothic Multiplayer - j:\games\Gothic II\uninstallgmp.exe
AddRemove-Heroes of Annihilated Empires_is1 - j:\games\HeroesOfAE\unins000.exe
AddRemove-MAGIX Music Maker for MySpace D - j:\programme\MusicMaker15_for_MySpace\unwise.exe
AddRemove-Need For Speed Underground (v 1.1001.0)_is1 - j:\games\Need For Speed Underground (v 1.1001.0)\unins000.exe
AddRemove-Nehrim - Am Rande des Schicksals_is1 - j:\games\Oblivion\Nehrim\unins000.exe
AddRemove-Oblivion mod manager_is1 - j:\games\Oblivion\obmm\uninstall\unins000.exe
AddRemove-Outland ENG 1.00 - c:\games\Outland ENG\Uninstall.exe
AddRemove-Project 64_is1 - j:\games\Project64 2.1\unins000.exe
AddRemove-Project Nomads - j:\games\PROJEC~1\UNINST~1\UNWISE.EXE
AddRemove-Reason5_is1 - j:\programme\Reason\Uninstall Reason\unins000.exe
AddRemove-Sattis_Texturpatch - j:\games\gothic\Sattis_Texturpatch deinstallieren.exe
AddRemove-Sins of a Solar Empire Trinity_is1 - j:\games\Sins of a Solar Empire\unins000.exe
AddRemove-Soldat_is1 - j:\games\Soldat\unins000.exe
AddRemove-The Forest v0.050.05 - j:\games\The Forest\uninstall.exe
AddRemove-ThielHater's Texturepatch_is1 - j:\games\gothic\unins000.exe
AddRemove-TmlkaG9nZ2luY2xVcGRhdGUx_is1 - j:\games\Nidhogg incl. Update 1\unins000.exe
AddRemove-TmlkaG9nZw==_is1 - j:\games\Nidhogg\unins000.exe
AddRemove-uTorrent - j:\programme\µtorrent\uTorrent.exe
AddRemove-{B62B5438-6DDA-49D6-B9CF-0BDC428116D8}_is1 - j:\games\Worms Armageddon\unins000.exe
AddRemove-{BA10AC78-E687-4523-8B93-540428FC256F} - j:\games\Fahrenheit\unins000.exe
AddRemove-{E17A3A24-0365-40AB-9D0C-9FB11E2035DF}_is1 - j:\games\Schein\unins000.exe
AddRemove-Five Nights at Freddy's - j:\games\Five Nights at Freddy's\Uninstall.exe
AddRemove-Half-Life 2 - j:\games\half life 2\Uninstal.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.032"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.abr"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.ani"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.apd"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.arw"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.bay"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.bmp"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.cr2"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.crw"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.cs1"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.cur"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.dcr"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.dcx"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.dib"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.djv"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.djvu"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.dng"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.emf"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (S-1-5-21-2977046599-1652667645-1297689053-1000)
@Denied: (2) (LocalSystem)
"Progid"="Applications\\AcroRD32.exe"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.erf"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.fff"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.gif"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.hdr"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.icl"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.icn"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.iw4"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.j2c"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.j2k"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.jbr"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.jfif"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.jif"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.jp2"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.jpc"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.jpe"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.jpeg"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.jpg"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.jpk"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.jpx"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.kdc"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.mef"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.mos"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.mrw"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.nef"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.nrw"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.orf"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.pbr"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.pct"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.pcx"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.pef"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.pic"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.pict"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (S-1-5-21-2977046599-1652667645-1297689053-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.png"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.psd"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.psp"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.pspbrush"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.pspimage"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.raf"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.raw"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.rle"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.rw2"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.rwl"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.sr2"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.srf"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.srw"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.tga"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.thm"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.tif"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.tiff"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.ttc"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.ttf"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v17o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.v17o"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v17p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.v17p"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v17pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.v17pf"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.wbm"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.wbmp"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.webp"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.wmf"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.xif"
.
[HKEY_USERS\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 17.xmp"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-12-12 17:26:29
ComboFix-quarantined-files.txt 2015-12-12 16:26
.
Vor Suchlauf: 9.420.668.928 Bytes frei
Nach Suchlauf: 9.233.821.696 Bytes frei
.
- - End Of File - - B49B580EED64EBC2D925435CF75398FB
A36C5E4F47E84449FF07ED3517B43A31
Es kam eine Mail mit einer vermeindlichen Rechnung (invoice-8zahlen-.doc) im Anhang an. Die Datei wurde mit Open Office aus Thunderbird heraus geöffnet und enthielt nur Unsinn, wahllose Zeichen. Sonst ist erstmal nichts passiert. Avast hat die oben beschriebenen 3 Sachen gefunden, wobei 2 davon aus der quarantäne eines alten Virenprogramms zu stammen scheinen. Die 3 Sachen könnten auch schon vorher drauf gewesen sein und wurden nur bei einem gründlichen Avast Scan gefunden. Liebe Grüße |
|
12.12.2015, 20:32
| #7 |
| /// TB-Ausbilder | infizierte .doc Datei geöffnet - Banking Trojaner? Servus, ok, danke für die Info. Wir kontrollieren einfach alles gründlich durch, um sicherzugehen.  Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 3 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 4
Bitte poste mit deiner nächsten Antwort
|
|
13.12.2015, 15:39
| #8 |
| | infizierte .doc Datei geöffnet - Banking Trojaner? Gründlich hört sich gut an. Anbei die Protokolle. Hoffe es sind die richtigen. MBAM hat einen "Trojan.Agent, C:\Windows\SysWOW64\SVKP.sys" gefunden. Code:
ATTFilter # AdwCleaner v5.024 - Logfile created 13/12/2015 at 13:37:29
# Updated 07/12/2015 by Xplode
# Database : 2015-12-12.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : BUN - BUN
# Running from : C:\Users\BUN\Desktop\AdwCleaner_5.024.exe
# Option : Scan
# Support : hxxp://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
***** [ Files ] *****
***** [ DLL ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
***** [ Web browsers ] *****
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [575 bytes] ##########
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 13.12.2015 Suchlaufzeit: 13:41 Protokolldatei: mbam.txt Administrator: Ja Version: 2.2.0.1024 Malware-Datenbank: v2015.12.13.03 Rootkit-Datenbank: v2015.12.07.01 Lizenz: Testversion Malware-Schutz: Aktiviert Schutz vor bösartigen Websites: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: BUN Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 344410 Abgelaufene Zeit: 8 Min., 48 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswerte: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 1 Trojan.Agent, C:\Windows\SysWOW64\SVKP.sys, In Quarantäne, [2f6843615e2de551738fbb7bac575da3], Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 7 Ultimate x64
Ran by BUN (Administrator) on 13.12.2015 at 14:00:38,04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 1
Successfully deleted: C:\Users\BUN\AppData\Roaming\Mozilla\Firefox\Profiles\zwsomlqj.default-1434228995644\gm_scripts\Bypass_YouTube_age_verification\Bypass_YouTube_age_verification.user.js (File)
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.12.2015 at 14:05:24,71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-12-2015 01 Ran by BUN (administrator) on BUN (13-12-2015 15:11:47) Running from C:\Users\BUN\Desktop Loaded Profiles: BUN (Available Profiles: BUN) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Englisch (USA) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (SparkLabs) C:\Program Files\Viscosity\ViscosityService.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Beepa P/L) C:\Program Files\Fraps\fraps64.dat (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NUSB3MON] => C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe [97280 2012-04-11] (Advanced Micro Devices, Inc.) HKLM\...\Run: [Creative SB Monitoring Utility] => RunDll32 sbavmon.dll,SBAVMonitor HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6108752 2015-11-10] (AVAST Software) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\S-1-5-21-2977046599-1652667645-1297689053-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) HKU\S-1-5-21-2977046599-1652667645-1297689053-1000\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [6265624 2014-07-23] (Piriform Ltd) HKU\S-1-5-21-2977046599-1652667645-1297689053-1000\...\Run: [TrueCrypt] => C:\Program Files\TrueCrypt\TrueCrypt.exe [1516496 2014-08-05] (TrueCrypt Foundation) HKU\S-1-5-21-2977046599-1652667645-1297689053-1000\...\Run: [FreeAC] => C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe [1553688 2014-02-20] (Comfort Software Group) HKU\S-1-5-21-2977046599-1652667645-1297689053-1000\...\Run: [Viscosity] => C:\Program Files\Viscosity\Viscosity.exe [1434400 2015-09-07] (SparkLabs) HKU\S-1-5-21-2977046599-1652667645-1297689053-1000\...\Run: [Dropbox Update] => C:\Users\BUN\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-17] (Dropbox, Inc.) HKU\S-1-5-21-2977046599-1652667645-1297689053-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [1967616 2014-04-17] (AMD) ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-27] (AVAST Software) ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) Startup: C:\Users\BUN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-10-18] ShortcutTarget: Dropbox.lnk -> C:\Users\BUN\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2 Tcpip\..\Interfaces\{117EA0DF-6107-47CA-8291-AF29CC15F5BD}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{60B6F006-A789-47D5-BC6A-265DF6BA7D9F}: [DhcpNameServer] 192.168.0.1 192.168.0.2 Tcpip\..\Interfaces\{A5E2E802-2E6C-47F5-893C-7A82D6450F94}: [DhcpNameServer] 46.246.46.46 194.132.32.23 Tcpip\..\Interfaces\{C4CB63A8-1223-4CB1-AD9C-E94D3E936B8B}: [DhcpNameServer] 192.168.0.1 192.168.0.2 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-2977046599-1652667645-1297689053-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000 -> {2277E17C-2BD4-4CD4-81CC-CF6F8CC0A52D} URL = hxxps://www.google.com/search?q={searchTerms} BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-18] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-18] (Oracle Corporation) Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices) FireFox: ======== FF ProfilePath: C:\Users\BUN\AppData\Roaming\Mozilla\Firefox\Profiles\zwsomlqj.default-1434228995644 FF Session Restore: -> is enabled. FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-08] () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-07-28] (Tracker Software Products (Canada) Ltd.) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems) FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-08] () FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-07-28] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-18] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-18] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems) FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll [2014-10-10] (pdfforge GmbH) FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin HKU\S-1-5-21-2977046599-1652667645-1297689053-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-07-28] (Tracker Software Products (Canada) Ltd.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\GoogleMapsClassic.src [2014-10-09] FF Extension: Greasemonkey - C:\Users\BUN\AppData\Roaming\Mozilla\Firefox\Profiles\zwsomlqj.default-1434228995644\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-11-21] FF Extension: Youtube MP3 Podcaster - C:\Users\BUN\AppData\Roaming\Mozilla\Firefox\Profiles\zwsomlqj.default-1434228995644\extensions\youtubemp3podcaster@jeremy.d.gregorio.com [2015-12-12] FF Extension: Lightbeam - C:\Users\BUN\AppData\Roaming\Mozilla\Firefox\Profiles\zwsomlqj.default-1434228995644\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2015-12-11] FF Extension: YouTube™ Flash-HTML5 - C:\Users\BUN\AppData\Roaming\Mozilla\Firefox\Profiles\zwsomlqj.default-1434228995644\Extensions\jid1-o2qEVrZ4t5FJWu@jetpack.xpi [2015-10-26] FF Extension: uBlock Origin - C:\Users\BUN\AppData\Roaming\Mozilla\Firefox\Profiles\zwsomlqj.default-1434228995644\Extensions\uBlock0@raymondhill.net.xpi [2015-12-13] FF Extension: YouTube Unblocker - C:\Users\BUN\AppData\Roaming\Mozilla\Firefox\Profiles\zwsomlqj.default-1434228995644\Extensions\youtubeunblocker__web@unblocker.yt [2015-12-12] FF Extension: BugMeNot Plugin - C:\Users\BUN\AppData\Roaming\Mozilla\Firefox\Profiles\zwsomlqj.default-1434228995644\Extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}.xpi [2015-09-29] FF Extension: Easy Youtube Video Downloader Express - C:\Users\BUN\AppData\Roaming\Mozilla\Firefox\Profiles\zwsomlqj.default-1434228995644\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2015-12-04] FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-27] (AVAST Software) S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-10-09] (Creative Labs) [File not signed] S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-10-09] (Creative Labs) [File not signed] R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes) S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [38200 2015-03-19] (The OpenVPN Project) S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-10-10] (pdfforge GmbH) S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-10-10] (pdfforge GmbH) S3 SystemExplorerHelpService; C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe [820960 2014-12-20] (Mister Group) R2 ViscosityService; C:\Program Files\Viscosity\ViscosityService.exe [83232 2015-09-07] (SparkLabs) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.) S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X] S3 FirebirdServerMAGIXInstance; J:\Programme\Common\Database\bin\fbserver.exe [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 APXACC; C:\Windows\System32\DRIVERS\appexDrv.sys [225504 2014-03-28] (AppEx Networks Corporation) R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49048 2012-07-18] (Asmedia Technology) R3 AsrVDrive; C:\Windows\System32\DRIVERS\AsrVDrive.sys [23048 2011-01-26] (ASRock Inc.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-27] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-27] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-27] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-27] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-10] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-10] (AVAST Software) S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150160 2015-07-27] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-27] (AVAST Software) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-04] (Disc Soft Ltd) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated) R3 ksaud; C:\Windows\System32\drivers\ksaud.sys [1148288 2011-07-06] (Creative Technology Ltd.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-13] (Malwarebytes) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation) S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] () S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] () S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation) S3 visctap0901; C:\Windows\System32\DRIVERS\visctap0901.sys [34440 2015-09-07] (The OpenVPN Project) S3 dgderdrv; System32\drivers\dgderdrv.sys [X] S2 SVKP; \??\C:\Windows\system32\SVKP.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-12-13 15:11 - 2015-12-13 15:11 - 00000000 ____D C:\Users\BUN\Desktop\FRST-OlderVersion 2015-12-13 14:14 - 2015-12-13 14:14 - 00000747 _____ C:\Users\BUN\Desktop\JRTlog.txt 2015-12-13 14:05 - 2015-12-13 14:18 - 00000548 _____ C:\Users\BUN\Desktop\JRT.txt 2015-12-13 13:41 - 2015-12-13 15:10 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-12-13 13:40 - 2015-12-13 13:40 - 00001106 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-12-13 13:40 - 2015-12-13 13:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-12-13 13:40 - 2015-12-13 13:40 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-12-13 13:40 - 2015-12-13 13:40 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-12-13 13:40 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-12-13 13:40 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-12-13 13:40 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2015-12-13 13:39 - 2015-12-13 13:39 - 00000653 _____ C:\Users\BUN\Desktop\AdwCleaner[S2].txt 2015-12-13 13:35 - 2015-12-13 13:35 - 22908888 _____ (Malwarebytes ) C:\Users\BUN\Desktop\mbam-setup-2.2.0.1024.exe 2015-12-13 13:35 - 2015-12-13 13:35 - 01599336 _____ (Malwarebytes) C:\Users\BUN\Desktop\JRT.exe 2015-12-13 13:34 - 2015-12-13 13:34 - 01738240 _____ C:\Users\BUN\Desktop\AdwCleaner_5.024.exe 2015-12-12 17:36 - 2015-12-12 15:21 - 00000765 _____ C:\Users\BUN\Documents\indexfile.txt 2015-12-12 17:30 - 2015-12-12 17:30 - 00055528 _____ C:\Users\BUN\Desktop\combofixlog.txt 2015-12-12 17:26 - 2015-12-12 17:26 - 00055528 _____ C:\ComboFix.txt 2015-12-12 15:33 - 2015-12-12 17:26 - 00000000 ____D C:\Qoobox 2015-12-12 15:33 - 2015-12-12 17:24 - 00000000 ____D C:\Windows\erdnt 2015-12-12 15:33 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe 2015-12-12 15:33 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe 2015-12-12 15:33 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-12-12 15:33 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-12-12 15:33 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-12-12 15:33 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe 2015-12-12 15:33 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe 2015-12-12 15:33 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe 2015-12-12 15:32 - 2015-12-12 15:32 - 05640685 ____R (Swearware) C:\Users\BUN\Desktop\ComboFix.exe 2015-12-12 15:23 - 2015-12-12 15:31 - 2072652361 _____ C:\Users\BUN\Desktop\Thunderbird 38.4.0 (de) - 2015-12-12.pcv 2015-12-12 15:21 - 2015-12-12 15:22 - 98944038 _____ C:\Users\BUN\Desktop\Firefox 43.0 (x86 de) - 2015-12-12.pcv 2015-12-12 15:20 - 2015-12-12 15:20 - 01035926 _____ C:\Users\BUN\Downloads\MozBackup-1.5.1-EN.exe 2015-12-12 15:20 - 2015-12-12 15:20 - 00001031 _____ C:\Users\Public\Desktop\MozBackup.lnk 2015-12-12 15:20 - 2015-12-12 15:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup 2015-12-12 15:20 - 2015-12-12 15:20 - 00000000 ____D C:\Program Files (x86)\MozBackup 2015-12-12 15:19 - 2015-12-12 15:19 - 00000000 ____D C:\Users\BUN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-12-12 15:17 - 2015-12-12 15:17 - 00018683 _____ C:\Users\BUN\Desktop\bookmarks-2015-12-12.json 2015-12-11 21:17 - 2015-12-11 21:21 - 00218604 _____ C:\TDSSKiller.3.1.0.8_11.12.2015_21.17.12_log.txt 2015-12-11 21:16 - 2015-12-11 21:16 - 00000490 _____ C:\TDSSKiller.3.1.0.8_11.12.2015_21.16.14_log.txt 2015-12-11 21:02 - 2015-12-11 21:03 - 04676456 _____ (Kaspersky Lab ZAO) C:\Users\BUN\Desktop\tdsskiller.exe 2015-12-11 20:29 - 2015-12-11 20:36 - 00000000 ____D C:\ProgramData\SystemExplorer 2015-12-11 20:29 - 2015-12-11 20:29 - 01917528 _____ (Mister Group ) C:\Users\BUN\Downloads\SystemExplorerSetup_700.exe 2015-12-11 20:29 - 2015-12-11 20:29 - 00001090 _____ C:\Users\Public\Desktop\System Explorer.lnk 2015-12-11 20:29 - 2015-12-11 20:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Explorer 2015-12-11 20:29 - 2015-12-11 20:29 - 00000000 ____D C:\Program Files (x86)\System Explorer 2015-12-11 18:32 - 2015-12-11 21:14 - 00043434 _____ C:\Users\BUN\Desktop\Addition.txt 2015-12-11 18:31 - 2015-12-13 15:12 - 00021909 _____ C:\Users\BUN\Desktop\FRST.txt 2015-12-11 18:31 - 2015-12-13 15:11 - 00000000 ____D C:\FRST 2015-12-11 18:30 - 2015-12-13 15:11 - 02369536 _____ (Farbar) C:\Users\BUN\Desktop\FRST64.exe 2015-12-11 11:35 - 2015-12-11 11:35 - 00246154 _____ C:\Users\BUN\AppData\Local\recently-used.xbel 2015-12-11 10:44 - 2015-12-11 13:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-12-09 12:47 - 2015-11-20 19:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-12-09 12:47 - 2015-11-20 19:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-12-09 12:47 - 2015-11-20 19:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-12-09 12:47 - 2015-11-20 19:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-12-09 12:47 - 2015-11-20 19:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-12-09 12:47 - 2015-11-20 19:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-12-09 12:47 - 2015-11-20 19:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-12-09 12:47 - 2015-11-20 19:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-12-09 12:47 - 2015-11-20 19:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-12-09 12:47 - 2015-11-20 19:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-12-09 12:47 - 2015-11-20 19:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-12-09 12:47 - 2015-11-20 19:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-12-09 12:47 - 2015-11-20 19:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-12-09 12:47 - 2015-11-20 19:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-12-09 12:47 - 2015-11-20 19:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-12-09 12:47 - 2015-11-20 19:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-12-09 12:47 - 2015-11-11 19:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll 2015-12-09 12:47 - 2015-11-11 19:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll 2015-12-09 12:47 - 2015-11-11 19:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll 2015-12-09 12:47 - 2015-11-11 19:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll 2015-12-09 12:47 - 2015-11-10 19:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-12-09 12:47 - 2015-11-10 19:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-12-09 12:47 - 2015-11-10 19:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll 2015-12-09 12:47 - 2015-11-10 19:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-12-09 12:47 - 2015-11-10 19:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll 2015-12-09 12:47 - 2015-11-10 18:47 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-12-09 12:47 - 2015-11-05 20:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll 2015-12-09 12:47 - 2015-11-05 20:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll 2015-12-09 12:47 - 2015-11-05 10:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys 2015-12-09 12:47 - 2015-11-03 20:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2015-12-09 12:47 - 2015-11-03 19:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll 2015-12-09 12:46 - 2015-11-11 22:12 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-12-09 12:46 - 2015-11-11 21:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-12-09 12:46 - 2015-11-11 17:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-12-09 12:46 - 2015-11-11 17:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-12-09 12:46 - 2015-11-11 16:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-12-09 12:46 - 2015-11-11 16:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-12-09 12:46 - 2015-11-11 16:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-12-09 12:46 - 2015-11-11 16:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-12-09 12:46 - 2015-11-11 15:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-12-09 12:46 - 2015-11-10 01:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-12-09 12:46 - 2015-11-10 01:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-12-09 12:46 - 2015-11-10 01:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-12-09 12:46 - 2015-11-10 01:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-12-09 12:46 - 2015-11-10 01:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-12-09 12:46 - 2015-11-10 01:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-12-09 12:46 - 2015-11-10 01:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-12-09 12:46 - 2015-11-10 01:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-12-09 12:46 - 2015-11-10 01:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-12-09 12:46 - 2015-11-10 01:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-12-09 12:46 - 2015-11-10 01:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-12-09 12:46 - 2015-11-10 01:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-12-09 12:46 - 2015-11-10 01:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-12-09 12:46 - 2015-11-10 00:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-12-09 12:46 - 2015-11-10 00:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-12-09 12:46 - 2015-11-10 00:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-12-09 12:46 - 2015-11-10 00:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2015-12-09 12:46 - 2015-11-10 00:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2015-12-09 12:46 - 2015-11-10 00:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-12-09 12:46 - 2015-11-10 00:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-12-09 12:46 - 2015-11-10 00:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-12-09 12:46 - 2015-11-10 00:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-12-09 12:46 - 2015-11-10 00:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-12-09 12:46 - 2015-11-10 00:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-12-09 12:46 - 2015-11-08 23:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-12-09 12:46 - 2015-11-08 23:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-12-09 12:46 - 2015-11-08 23:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-12-09 12:46 - 2015-11-08 23:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-12-09 12:46 - 2015-11-08 23:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-12-09 12:46 - 2015-11-08 23:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-12-09 12:46 - 2015-11-08 23:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-12-09 12:46 - 2015-11-08 23:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-12-09 12:46 - 2015-11-08 23:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-12-09 12:46 - 2015-11-08 23:06 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-12-09 12:46 - 2015-11-08 23:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-12-09 12:46 - 2015-11-08 23:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-12-09 12:46 - 2015-11-08 23:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-12-09 12:46 - 2015-11-08 23:01 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-12-09 12:46 - 2015-11-08 23:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-12-09 12:46 - 2015-11-08 23:01 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-12-09 12:46 - 2015-11-08 22:52 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-12-09 12:46 - 2015-11-08 22:48 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-12-09 12:46 - 2015-11-08 22:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-12-09 12:46 - 2015-11-08 22:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-12-09 12:46 - 2015-11-08 22:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-12-09 12:46 - 2015-11-08 22:29 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2015-12-09 12:46 - 2015-11-08 22:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-12-09 12:46 - 2015-11-08 22:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-12-09 12:46 - 2015-11-08 22:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-12-09 12:46 - 2015-11-08 22:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-12-09 12:46 - 2015-11-08 22:14 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-12-09 12:46 - 2015-11-08 22:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-12-09 12:46 - 2015-11-08 21:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-12-09 12:46 - 2015-11-08 21:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-12-09 12:46 - 2015-11-08 21:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-12-09 12:46 - 2015-11-03 20:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll 2015-12-09 12:46 - 2015-11-03 19:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll 2015-12-06 22:25 - 2015-12-06 22:25 - 00000000 _____ C:\Users\BUN\Desktop\19-20 maa kat.txt 2015-12-05 16:00 - 2015-12-05 16:00 - 00001135 _____ C:\Users\Public\Desktop\Cossacks - European Wars.lnk 2015-12-05 16:00 - 2015-12-05 16:00 - 00001121 _____ C:\Users\Public\Desktop\Cossacks - Back To War.lnk 2015-12-05 16:00 - 2015-12-05 16:00 - 00001046 _____ C:\Users\Public\Desktop\Cossacks - Art Of War.lnk 2015-12-04 19:34 - 2015-12-04 19:34 - 25357772 _____ C:\Users\BUN\Downloads\VCStarterV1.65.1.zip 2015-12-04 18:47 - 2015-12-04 18:47 - 04147600 _____ ($Co_Name Inc.) C:\Users\BUN\Downloads\unifying250.exe 2015-12-04 04:18 - 2015-12-04 04:18 - 18483337 _____ (Wrye Bash development team) C:\Users\BUN\Downloads\Wrye Bash 306 - Installer-1840-306.exe 2015-12-04 04:18 - 2015-12-04 04:18 - 00000000 ____D C:\Users\BUN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wrye Bash 2015-12-04 04:15 - 2015-12-04 04:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oblivion Mod Manager 2015-12-04 04:14 - 2015-12-04 04:14 - 01668612 _____ C:\Users\BUN\Downloads\obmm 1_1_12 full installer-2097.zip 2015-12-03 21:58 - 2015-12-03 21:58 - 10226263 _____ C:\Users\BUN\Downloads\Patch.v1.01.rar 2015-12-03 21:58 - 2015-12-03 21:58 - 07987371 _____ C:\Users\BUN\Downloads\vietcong_v141.7z 2015-12-03 19:24 - 2015-12-03 19:24 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software 2015-12-03 19:24 - 2015-12-03 19:24 - 00000000 ____D C:\Program Files\Common Files\AV 2015-12-03 16:21 - 2015-12-03 19:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2015-11-30 21:35 - 2015-11-30 21:35 - 00000000 _____ C:\Users\BUN\Desktop\12.12 hannah geb 2015-11-30 02:28 - 2015-11-30 02:28 - 00049133 _____ C:\Users\BUN\Desktop\Rücksendung Nähmaschine fuss fehlt.pdf 2015-11-25 23:39 - 2015-11-25 23:39 - 00000000 _____ C:\Users\BUN\Desktop\28.12 sperrmüll mariola.txt 2015-11-20 20:50 - 2015-11-20 20:51 - 56909694 _____ C:\Users\BUN\Downloads\Waving The Guns - Pflaster.mp4 2015-11-20 19:58 - 2015-11-20 19:59 - 17068918 _____ C:\Users\BUN\Downloads\Spax - Neuseeland.mp4 2015-11-18 00:48 - 2015-11-27 19:26 - 00008022 _____ C:\Users\BUN\.heldEinstellungen4_1.xml 2015-11-18 00:48 - 2015-11-27 19:26 - 00000000 ____D C:\Users\BUN\helden 2015-11-18 00:45 - 2015-11-18 15:02 - 00000000 ____D C:\Users\BUN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Helden-Software 2015-11-18 00:45 - 2015-11-18 00:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Helden-Software 2015-11-16 23:13 - 2015-11-16 23:13 - 11228750 _____ C:\Users\BUN\Downloads\media-540ec999.wav 2015-11-16 23:08 - 2015-11-16 23:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MIDI4all 2015-11-16 23:08 - 2015-11-16 23:08 - 00000000 ____D C:\Program Files (x86)\MIDI4all 2015-11-16 23:07 - 2015-11-16 23:07 - 93092356 _____ (Webdesign-Forum.de ) C:\Users\BUN\Downloads\setup_1_.exe 2015-11-16 22:55 - 2015-11-16 23:01 - 00001647 _____ C:\Users\BUN\Desktop\test.MID 2015-11-16 22:55 - 2015-11-16 22:55 - 00039832 _____ C:\Users\BUN\Desktop\test.LSO 2015-11-16 22:39 - 2015-11-16 22:39 - 00013668 _____ C:\Windows\Logic Fun.PRF 2015-11-16 22:24 - 2015-11-16 22:24 - 00000000 ____D C:\Users\BUN\Downloads\LogicFunPC 2015-11-16 22:24 - 2015-11-16 22:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\emagic 2015-11-16 22:24 - 2015-11-16 22:24 - 00000000 ____D C:\Program Files (x86)\emagic 2015-11-16 22:24 - 1999-12-17 10:13 - 00086016 _____ (MindVision Software) C:\Windows\unvise32.exe 2015-11-16 22:23 - 2015-11-16 22:23 - 08138153 _____ C:\Users\BUN\Downloads\LogicFunPC.zip 2015-11-16 22:08 - 2015-11-16 22:10 - 00000000 ____D C:\Program Files (x86)\milkytracker-0.90.86-winnt 2015-11-16 22:07 - 2015-11-16 22:07 - 01416674 _____ C:\Users\BUN\Downloads\milkytracker-0.90.86-winnt.zip 2015-11-16 21:59 - 2015-11-16 22:09 - 00003314 _____ C:\Windows\DMUSProd.INI 2015-11-16 21:59 - 2015-11-16 22:01 - 00000000 ____D C:\Users\BUN\Documents\DMUSProducer 2015-11-16 21:59 - 2015-11-16 21:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft DirectMusic 2015-11-16 21:59 - 2015-11-16 21:59 - 00000000 ____D C:\Program Files (x86)\Microsoft DirectMusic Producer 2015-11-16 21:59 - 1999-02-22 00:00 - 00241672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSFLXGRD.OCX 2015-11-16 21:59 - 1997-08-26 12:06 - 00315904 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe 2015-11-16 21:57 - 2015-11-16 21:58 - 10339192 _____ C:\Users\BUN\Downloads\DX81MusicProducer.exe 2015-11-16 17:48 - 2015-11-16 17:48 - 19050975 _____ C:\Users\BUN\Downloads\Sekaiju4.5.zip 2015-11-16 17:48 - 2015-11-16 17:48 - 00000000 ____D C:\Program Files (x86)\Sekaiju4.5 2015-11-16 17:46 - 2015-11-16 17:46 - 00047244 _____ C:\Users\BUN\Downloads\05- Makin´ Whoopee - Gerry Mulligan.mid 2015-11-16 17:41 - 2015-11-16 17:50 - 00000000 ____D C:\Program Files (x86)\AmazingMIDI 2015-11-16 17:41 - 2015-11-16 17:41 - 00000000 ____D C:\Users\BUN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AmazingMIDI 2015-11-16 17:41 - 2015-11-16 17:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AmazingMIDI 2015-11-16 17:40 - 2015-11-16 17:40 - 00761380 _____ C:\Users\BUN\Downloads\azmid170.exe 2015-11-15 22:25 - 2015-11-16 02:05 - 00000236 _____ C:\Users\BUN\Desktop\samples.txt ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-12-13 15:10 - 2014-08-03 23:39 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-12-13 14:49 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf 2015-12-13 14:00 - 2015-02-07 01:24 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-12-13 14:00 - 2014-08-05 19:45 - 00696932 _____ C:\Windows\system32\perfh007.dat 2015-12-13 14:00 - 2014-08-05 19:45 - 00148900 _____ C:\Windows\system32\perfc007.dat 2015-12-13 14:00 - 2009-07-14 06:13 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI 2015-12-13 13:58 - 2009-07-14 04:20 - 00000000 ____D C:\Windows 2015-12-13 13:57 - 2014-10-18 17:54 - 00003152 _____ C:\Windows\System32\Tasks\FRAPS 2015-12-13 13:57 - 2014-10-18 17:53 - 00000000 ____D C:\Program Files\Fraps 2015-12-13 13:56 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-12-13 13:55 - 2014-08-03 23:31 - 00065536 _____ C:\Windows\system32\spu_storage.bin 2015-12-13 13:55 - 2009-07-14 05:45 - 00022528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-12-13 13:55 - 2009-07-14 05:45 - 00022528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-12-13 13:37 - 2015-04-07 14:22 - 00000000 ____D C:\AdwCleaner 2015-12-12 17:23 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini 2015-12-12 15:19 - 2015-01-27 21:59 - 00000000 ____D C:\Users\BUN\AppData\Roaming\Dropbox 2015-12-11 18:17 - 2014-08-03 23:48 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys 2015-12-11 14:45 - 2014-08-03 23:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-12-11 13:47 - 2014-09-07 19:02 - 00000000 ____D C:\Users\BUN\.gimp-2.8 2015-12-11 11:35 - 2014-09-07 19:05 - 00000000 ____D C:\Users\BUN\AppData\Local\gtk-2.0 2015-12-11 08:26 - 2014-08-03 23:22 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2015-12-11 00:21 - 2014-08-05 22:18 - 00000000 ____D C:\Users\BUN\AppData\Roaming\vlc 2015-12-10 20:48 - 2014-09-15 19:55 - 00000000 ____D C:\Users\BUN\Documents\Rezepte 2015-12-10 16:49 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache 2015-12-10 12:17 - 2009-07-14 05:45 - 04858136 _____ C:\Windows\system32\FNTCACHE.DAT 2015-12-09 21:08 - 2014-08-04 10:40 - 00000000 ____D C:\Windows\system32\MRT 2015-12-09 21:01 - 2014-08-04 10:40 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-12-09 12:16 - 2014-08-04 12:38 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\systemcpl.dll 2015-12-09 12:16 - 2014-08-04 12:37 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\slwga.dll 2015-12-09 12:16 - 2014-08-04 12:37 - 00013824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\slwga.dll 2015-12-08 23:59 - 2014-11-02 23:21 - 00001208 _____ C:\Windows\scummvm.ini 2015-12-08 23:51 - 2014-08-03 23:39 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-12-08 23:51 - 2014-08-03 23:39 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-12-08 23:51 - 2014-08-03 23:39 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-12-06 14:40 - 2014-10-09 15:35 - 00000311 ___RH C:\Windows\ctfile.rfc 2015-12-05 16:01 - 2014-08-06 20:17 - 00000000 ____D C:\Users\BUN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2015-12-05 16:00 - 2014-11-18 23:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com 2015-12-04 18:50 - 2015-01-13 23:27 - 00000000 ____D C:\Users\BUN\AppData\Local\Logitech 2015-12-04 18:49 - 2014-08-03 23:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech 2015-12-04 04:21 - 2014-08-16 20:00 - 00000023 _____ C:\Windows\BlendSettings.ini 2015-12-03 21:31 - 2015-02-07 01:24 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-12-03 21:31 - 2015-02-07 01:24 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-12-03 21:31 - 2015-02-07 01:24 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-12-03 17:39 - 2014-11-06 16:56 - 00000000 ____D C:\Users\BUN\AppData\Roaming\Skype 2015-12-02 13:18 - 2014-08-03 23:13 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-11-27 19:27 - 2014-11-18 12:38 - 00000000 ____D C:\Users\BUN\Documents\dsa 2015-11-27 19:16 - 2015-02-11 02:02 - 00000417 _____ C:\Users\BUN\.dsa4.properties 2015-11-27 19:16 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp 2015-11-26 11:26 - 2014-08-04 11:08 - 00000000 ____D C:\Users\BUN\AppData\Roaming\DAEMON Tools Lite 2015-11-25 19:29 - 2015-06-16 19:31 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2015-11-24 22:02 - 2014-08-28 20:31 - 00000034 _____ C:\Users\BUN\AppData\Roaming\AdobeWLCMCache.dat 2015-11-23 13:30 - 2015-01-15 21:46 - 00000000 ____D C:\Users\BUN\AppData\Roaming\Media Player Classic 2015-11-18 00:48 - 2014-08-03 21:19 - 00000000 ____D C:\Users\BUN 2015-11-18 00:47 - 2015-02-11 03:09 - 00085037 _____ C:\Users\BUN\helden.xml 2015-11-18 00:47 - 2015-02-11 02:02 - 00003708 _____ C:\Users\BUN\.heldEinstellungen.xml 2015-11-16 22:34 - 2014-08-03 23:15 - 00067840 _____ C:\Users\BUN\AppData\Local\GDIPFONTCACHEV1.DAT 2015-11-16 22:24 - 2009-07-14 03:34 - 00000455 _____ C:\Windows\win.ini 2015-11-13 15:01 - 2009-07-14 08:45 - 00000000 ___RD C:\Users\Public\Recorded TV ==================== Files in the root of some directories ======= 2014-08-28 20:31 - 2015-11-24 22:02 - 0000034 _____ () C:\Users\BUN\AppData\Roaming\AdobeWLCMCache.dat 2014-10-17 12:46 - 2014-12-26 19:47 - 0000803 _____ () C:\Users\BUN\AppData\Roaming\gnuplot_history 2015-02-01 23:44 - 2015-02-01 23:44 - 0000331 ____H () C:\Users\BUN\AppData\Local\CacheConfig.dat 2015-12-11 11:35 - 2015-12-11 11:35 - 0246154 _____ () C:\Users\BUN\AppData\Local\recently-used.xbel 2009-02-24 11:40 - 2009-02-24 11:40 - 0001026 _____ () C:\ProgramData\cfSB0270.ini 2009-02-24 11:40 - 2009-02-24 11:40 - 0001026 _____ () C:\ProgramData\cfSB0271.ini 2009-02-24 11:40 - 2009-02-24 11:40 - 0001302 _____ () C:\ProgramData\cfSB0300.ini 2009-02-24 11:40 - 2009-02-24 11:40 - 0001282 _____ () C:\ProgramData\cfSB0471.ini 2009-02-24 11:40 - 2009-02-24 11:40 - 0001208 _____ () C:\ProgramData\cfSB0490.ini 2009-02-24 11:40 - 2009-02-24 11:40 - 0001027 _____ () C:\ProgramData\cfSB0560.ini 2009-02-24 11:40 - 2009-02-24 11:40 - 0001352 _____ () C:\ProgramData\cfSB0910.ini 2009-02-24 11:40 - 2009-02-24 11:40 - 0000590 _____ () C:\ProgramData\cfSB0950.ini 2009-02-24 11:40 - 2009-02-24 11:40 - 0001352 _____ () C:\ProgramData\cfSB1090.ini 2009-02-24 11:40 - 2009-02-24 11:40 - 0001346 _____ () C:\ProgramData\cfSB1100.ini ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-13 15:36 ==================== End of FRST.txt ============================ --- --- --- [CODE]Additional FRST Logfile: FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version:12-12-2015 01
Ran by BUN (2015-12-13 15:12:33)
Running from C:\Users\BUN\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2014-08-03 20:18:57)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2977046599-1652667645-1297689053-500 - Administrator - Disabled)
BUN (S-1-5-21-2977046599-1652667645-1297689053-1000 - Administrator - Enabled) => C:\Users\BUN
Guest (S-1-5-21-2977046599-1652667645-1297689053-501 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - emc, uTorrent.CZ)
ACDSee 17 (HKLM-x32\...\{A47900DC-2011-46C8-8E07-5BDD9D83DE47}) (Version: 17.1.68 - ACD Systems International Inc.)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.22.87 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
Adobe Illustrator CC 2014 (HKLM-x32\...\{2B4B4082-8043-4646-8334-B0A29E641211}) (Version: 18.0 - Adobe Systems Incorporated)
Adobe Illustrator CS5.1 (HKLM-x32\...\{23767F5D-A80C-4264-B8EA-ED4085FC332A}) (Version: 15.1 - Adobe Systems Incorporated)
Age of Empires II - The Conquerors - 1.0e Patch FINAL (HKLM-x32\...\Age of Empires II - The Conquerors - 1.0e Patch FINAL_is1) (Version: 1.0e - tOrMeNtIuM/m0d)
AmazingMIDI (HKLM-x32\...\AmazingMIDI) (Version: - )
AMD Catalyst Install Manager (HKLM\...\{6119B3A6-3603-9695-0398-CDF2AF0A13F8}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.10.0.0 - AppEx Networks)
Anno 1503 GOLD (HKLM-x32\...\Anno 1503 GOLD_is1) (Version: - GamersGate)
Armagetron Advanced 0.2.8.3.2 (HKLM-x32\...\Armagetron Advanced) (Version: 0.2.8.3.2 - Armagetron Advanced Team)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.8.000 - Asmedia Technology)
ASRock 3TB+ Unlocker v1.1 (HKLM\...\ASRock 3TB+ Unlocker_is1) (Version: - ASRock Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2223 - AVAST Software)
Bastion (HKLM-x32\...\Bastion_is1) (Version: - )
Broken Sword - The Shadow of the Templars (HKLM-x32\...\Broken Sword - The Shadow of the Templars_is1) (Version: - GOG.com)
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Cossacks Anthology (HKLM-x32\...\Cossacks Anthology_is1) (Version: - GOG.com)
Creative ALchemy (HKLM-x32\...\ALchemy) (Version: 1.43 - Creative Technology Limited)
Creative Audio-Systemsteuerung (HKLM-x32\...\AudioCS) (Version: 2.00 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dark Messiah Of Might And Magic (HKLM-x32\...\Dark Messiah Of Might And Magic_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91)
Das Schwarze Auge (HKLM-x32\...\{9309441A-73B1-4A26-8A78-57E298DC2D02}) (Version: 1.0.0 - JoWood)
Diablo II (HKLM-x32\...\Diablo II) (Version: - )
Dropbox (HKU\S-1-5-21-2977046599-1652667645-1297689053-1000\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Fahrenheit (Indigo Prophecy) (HKLM-x32\...\GOGPACKFAHRENHEIT_is1) (Version: 2.0.0.7 - GOG.com)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\Firebird SQL Server D) (Version: 2.0.1.13 - MAGIX AG)
Fraps (HKLM-x32\...\Fraps) (Version: - )
Free Alarm Clock 3.1.0 (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 3.1 - Comfort Software Group)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
gnuplot 4.6.6 (HKLM-x32\...\{AB419AC3-9BC1-4EC5-A75B-4D8870DD651F}_is1) (Version: 4.6.6 - gnuplot development team)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Gothic (HKLM-x32\...\{BBF10B37-4ED3-11D5-A818-00500435FC18}) (Version: - )
Gothic II - Die Nacht des Raben (HKLM-x32\...\Gothic II - Die Nacht des Raben) (Version: - JoWooD Productions Software AG)
Gothic II (HKLM-x32\...\Gothic II) (Version: - JoWooD Productions Software AG)
Gothic Multiplayer (HKLM-x32\...\Gothic Multiplayer) (Version: 0.1.9 - Gothic Multiplayer Team)
Gothic_Patch (HKLM-x32\...\{302AC480-43D2-11D5-A818-00500435FC18}) (Version: - )
GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.15) (Version: 9.15 - Artifex Software Inc.)
Grand Theft Auto Vice City (HKU\S-1-5-21-2977046599-1652667645-1297689053-1000\...\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}) (Version: 1.00.000 - )
GTA San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games)
Heroes of Annihilated Empires (HKLM-x32\...\Heroes of Annihilated Empires_is1) (Version: - GSC Game World)
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
Image Resizer for Windows (64 bit) (Version: 3.0.4802.35565 - Brice Lambson) Hidden
Image Resizer for Windows (HKLM-x32\...\{69d72156-6582-4556-8637-06f40aa7f85b}) (Version: 3.0.4802.35565 - Brice Lambson)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Logic Fun 4.8 (HKLM-x32\...\Logic Fun 4.8) (Version: - )
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech)
Logitech Unifying-Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
MAGIX Music Maker for MySpace 15.0.1.8 (D) (HKLM-x32\...\MAGIX Music Maker for MySpace D) (Version: 15.0.1.8 - MAGIX AG)
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - )
Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version: - )
Microsoft DirectMusic Producer (HKLM-x32\...\DirectMusic Producer) (Version: - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
MIDI4all (HKLM-x32\...\{668B80AF-D98F-42FC-8EE1-36252B03C5C9}_is1) (Version: MIDI4all 1.5 - Webdesign-Forum.de)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
MiniTool Partition Wizard Home Edition 8.1.1 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek)
Mozilla Firefox 43.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 43.0 (x86 de)) (Version: 43.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.0.5820 - Mozilla)
Mozilla Thunderbird 38.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 38.4.0 (x86 de)) (Version: 38.4.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Need For Speed Underground (v 1.1001.0) version 1.1001.0 (HKLM-x32\...\Need For Speed Underground (v 1.1001.0)_is1) (Version: 1.1001.0 - Black Plague)
NehrimUninstaller (HKLM-x32\...\Nehrim - Am Rande des Schicksals_is1) (Version: 1.0.0 - SureAI)
Nidhogg (HKLM-x32\...\TmlkaG9nZw==_is1) (Version: 1 - )
Nidhogg incl. Update 1 (HKLM-x32\...\TmlkaG9nZ2luY2xVcGRhdGUx_is1) (Version: 1 - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.7 - Notepad++ Team)
Oblivion - Horse Armor Pack (HKLM-x32\...\{3ABEBD00-299D-4DCA-967F-B912163AB5EA}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion - Knights of the Nine (HKLM-x32\...\{14C87AA7-08E6-419F-A165-998EBE5023D7}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion - Thieves Den (HKLM-x32\...\{FFFFFD17-B460-41EB-93F1-C48ABAD63828}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion - Vile Lair (HKLM-x32\...\{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion - Wizard's Tower (HKLM-x32\...\{2F2E3D62-8B8C-448F-8900-451325E50948}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion (HKLM-x32\...\{35CB6715-41F8-4F99-8881-6FC75BF054B0}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion mod manager 1.1.12 (HKLM-x32\...\Oblivion mod manager_is1) (Version: - Timeslip)
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
OpenVPN 2.3.6-I603 (HKLM\...\OpenVPN) (Version: 2.3.6-I603 - )
Outland ENG 1.00 (HKLM-x32\...\Outland ENG 1.00) (Version: 1.00 - Èãðû íà Cat-A-Cat.NET)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version: - )
PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.24.16092 - pdfforge GmbH)
PDF Architect 2 Edit Module (HKLM-x32\...\{8B0A956F-9BE6-495B-AF80-7B5B42061D79}) (Version: 2.1.6.19758 - pdfforge GmbH)
PDF Architect 2 View Module (HKLM-x32\...\{D691E998-CF53-4F6C-AC20-E4284660E0E7}) (Version: 2.1.6.19758 - pdfforge GmbH)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.309.0 - Tracker Software Products Ltd)
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.9 - )
pidgin-otr 4.0.0-1 (HKLM-x32\...\pidgin-otr) (Version: 4.0.0-1 - Cypherpunks CA)
Project 64 version 2.1.0.1 (HKLM-x32\...\Project 64_is1) (Version: 2.1.0.1 - )
Project Nomads (HKLM-x32\...\Project Nomads) (Version: - )
Python 2.7.9 (HKLM-x32\...\{79F081BF-7454-43DB-BD8F-9EE596813232}) (Version: 2.7.9150 - Python Software Foundation)
RCT3 Soaked (HKLM-x32\...\{EA926717-CE5A-4CB4-AB21-9E6E9565A458}) (Version: 1.00.000 - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.86.508.2014 - Realtek)
Reason 5.0 (HKLM-x32\...\Reason5_is1) (Version: 5.0 - Propellerhead Software AB)
RollerCoaster Tycoon 2 (HKLM-x32\...\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}) (Version: - )
RollerCoaster Tycoon® 3 (HKLM-x32\...\{907B4640-266B-4A21-92FB-CD1A86CD0F63}) (Version: 1.00.000 - )
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Satti's Texturpatch 1.5 (HKLM-x32\...\Sattis_Texturpatch) (Version: - )
Schein version 1.0.7 (HKLM-x32\...\{E17A3A24-0365-40AB-9D0C-9FB11E2035DF}_is1) (Version: 1.0.7 - Zeppelin Studio)
Sins of a Solar Empire Trinity (HKLM-x32\...\Sins of a Solar Empire Trinity_is1) (Version: - Stardock Entertainment)
Skype™ 6.22 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.104 - Skype Technologies S.A.)
Soldat 1.6.8 (HKLM-x32\...\Soldat_is1) (Version: 1.6.8 - Michal Marcinkowski)
Stream What You Hear (SWYH) Version 1.4 (HKLM-x32\...\{5FBEA9D3-668E-4B88-BF6C-E1BCF441ECFD}_is1) (Version: 1.4 - Sebastien.warin.fr)
Stronghold Crusader Extreme (HKLM-x32\...\{8C3727F2-8E37-49E4-820C-03B1677F53B6}) (Version: 1.20.0000 - Firefly Studios)
Stronghold HD (HKLM-x32\...\GOGPACKSTRONGHOLDHD_is1) (Version: 2.0.0.3 - GOG.com)
System Explorer 7.0.0 (HKLM-x32\...\{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1) (Version: - Mister Group)
TAP-Windows 9.21.1 (HKLM\...\TAP-Windows) (Version: 9.21.1 - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeXnicCenter Version 2.02 Stable (HKLM\...\TeXnicCenter_is1) (Version: 2.02 Stable - The TeXnicCenter Team)
The Forest v0.05 (HKLM-x32\...\The Forest v0.050.05) (Version: 0.05 - Friends in War)
ThielHater's Texturepatch v1.0.2 (HKLM-x32\...\ThielHater's Texturepatch_is1) (Version: 1.0 - ThielHater © 2007-2009)
Tropico (HKLM-x32\...\{818FB39B-1A57-4F1B-A54D-391C33D6C586}) (Version: - )
Tropico: Paradise Island (HKLM-x32\...\{2BAE6A53-E241-11D5-873A-0050DABC2539}) (Version: - )
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Viscosity 1.5.10 (1385) (HKLM\...\{CC85567E-DC83-4BB5-AD77-D84514C0D059}_is1) (Version: 1.5.10.1385 - SparkLabs)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.5-3 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
Wrye Bash (HKLM-x32\...\Wrye Bash) (Version: 0.3.0.6 - Wrye & Wrye Bash Development Team)
XnView 2.31 (HKLM-x32\...\XnView_is1) (Version: 2.31 - Gougelet Pierre-e)
Zip Motion Block Video codec (Remove Only) (HKLM-x32\...\ZMBV) (Version: - DOSBox Team)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\BUN\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
==================== Restore Points =========================
ATTENTION: System Restore is disabled
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2015-03-12 21:08 - 00002046 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {03AB49A5-CC1F-4044-AF72-91F3E69A8FDA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-08] (Adobe Systems Incorporated)
Task: {16C1E1F5-F59B-4E1C-8CA2-FBB7FB12C859} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-07] (Google Inc.)
Task: {18D48FFE-AE2F-4642-BB8F-CF15C47F81D7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-07] (Google Inc.)
Task: {1EC69B59-7666-4A24-AF6C-637CE27473C2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {2C00892F-CA0B-47D8-B5B5-103EDF3DDFEF} - System32\Tasks\FRAPS => C:\Program Files\Fraps\fraps.exe [2013-02-26] (Beepa P/L)
Task: {355CFB12-189B-493A-ADB5-9B96C9D74F01} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2015-12-03] (AVAST Software)
Task: {4CB05B81-66DC-417A-871C-8CECCCCF3CED} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2977046599-1652667645-1297689053-1000UA => C:\Users\BUN\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17] (Dropbox, Inc.)
Task: {6D5B4D38-B347-477E-B301-F51657FB517D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-27] (AVAST Software)
Task: {7E35BD39-3E00-4443-B3FA-F04EF93AF19C} - System32\Tasks\AdobeAAMUpdater-1.0-BUN-BUN => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {AFBF4D9E-87F2-4624-98B9-A3F9FBC369B9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {ECCA614C-87DE-40E3-88BA-DD2934C9A974} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2977046599-1652667645-1297689053-1000Core => C:\Users\BUN\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17] (Dropbox, Inc.)
Task: {EF1B2409-F863-40D6-99DC-6FDA1720BE68} - System32\Tasks\{533B3A72-C546-4737-9C57-C2BCB10D0B00} => pcalua.exe -a D:\DirectX81\dxsetup.exe -d D:\DirectX81
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2977046599-1652667645-1297689053-1000Core.job => C:\Users\BUN\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2977046599-1652667645-1297689053-1000UA.job => C:\Users\BUN\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-07-27 19:23 - 2015-07-27 19:23 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-07-27 19:23 - 2015-07-27 19:23 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-12-13 13:32 - 2015-12-13 13:32 - 02803200 _____ () C:\Program Files\AVAST Software\Avast\defs\15121300\algo.dll
2015-04-23 12:34 - 2015-04-23 12:34 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2977046599-1652667645-1297689053-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\BUN\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1 - 192.168.0.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Users^BUN^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenVPN GUI.lnk => C:\Windows\pss\OpenVPN GUI.lnk.Startup
MSCONFIG\startupreg: ACSW17DE => "C:\Program Files (x86)\ACD Systems\ACDSee\17.0\acdIDInTouch2.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5.5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: AppEx Accelerator UI => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe -h
MSCONFIG\startupreg: HydraVisionDesktopManager => "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: Start WingMan Profiler => C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
MSCONFIG\startupreg: Viscosity => C:\Program Files\Viscosity\Viscosity.exe
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{4327D6D5-A0F2-410D-8092-0B32E2349286}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{6E43EBFD-2560-4FEF-A575-C172FEFD0FAC}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{C2E665DF-38FD-41E4-BD98-CEB3F55A99B6}] => (Block) %ProgramFiles% (x86)\Common Files\Adobe\OOBE\PDApp\core\PDapp.exe
FirewallRules: [{25417818-D42D-4AB6-81B1-2078D02AB5FA}] => (Block) J:\Programme\Illustrator\Adobe Illustrator CC 2014\Support Files\Contents\Windows\Illustrator.exe
FirewallRules: [{078CD343-B791-4933-B62D-BF2ABEC304B3}] => (Block) J:\Programme\Illustrator\Adobe Illustrator CC 2014\Support Files\Contents\Windows\Illustrator.exe
FirewallRules: [{619C0ABF-F05E-44B7-AAE2-6B2BFB039F4A}] => (Block) %ProgramFiles% (x86)\Common Files\Adobe\OOBE\PDApp\core\PDapp.exe
FirewallRules: [TCP Query User{52E2E571-C4CC-4A58-9349-BAE17064D706}J:\desktop\games\siedler2multiplayer\s25rttr_20140724\s25client.exe] => (Allow) J:\desktop\games\siedler2multiplayer\s25rttr_20140724\s25client.exe
FirewallRules: [UDP Query User{38E98AB5-A5BD-468E-A07D-48B6A2771D35}J:\desktop\games\siedler2multiplayer\s25rttr_20140724\s25client.exe] => (Allow) J:\desktop\games\siedler2multiplayer\s25rttr_20140724\s25client.exe
FirewallRules: [{22E67D42-71EE-4BDE-9261-281F551E1BD5}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{3E1DBFE8-6B1B-4A79-B719-F1430E5172D4}C:\games\outland eng\outland.exe] => (Block) C:\games\outland eng\outland.exe
FirewallRules: [UDP Query User{3F06E140-9AD6-4DB2-BBD3-4B0188A7972B}C:\games\outland eng\outland.exe] => (Block) C:\games\outland eng\outland.exe
FirewallRules: [TCP Query User{18D630E8-A374-47FD-83F3-383588B5CBB3}J:\games\garrys.mod.13.v163\garry's mod\hl2.exe] => (Block) J:\games\garrys.mod.13.v163\garry's mod\hl2.exe
FirewallRules: [UDP Query User{65202322-CCB5-43B3-B4D0-2A6D1767CC3E}J:\games\garrys.mod.13.v163\garry's mod\hl2.exe] => (Block) J:\games\garrys.mod.13.v163\garry's mod\hl2.exe
FirewallRules: [TCP Query User{537719F0-A846-4346-9A67-C19B7B9FD9F7}J:\games\heroesofae\data\engine.exe] => (Allow) J:\games\heroesofae\data\engine.exe
FirewallRules: [UDP Query User{75AC2AFB-A714-4403-ACBB-447B4CC671CE}J:\games\heroesofae\data\engine.exe] => (Allow) J:\games\heroesofae\data\engine.exe
FirewallRules: [{BA15CB80-96D2-41AB-A811-55B932BF5F48}] => (Allow) C:\Windows\SysWOW64\dplaysvr.exe
FirewallRules: [{4F983578-EF26-4942-8D89-490BF9AEF57F}] => (Allow) C:\Windows\SysWOW64\dplaysvr.exe
FirewallRules: [{9FEC3CA9-AD7F-41EC-9D0F-4C56FFF6ED6D}] => (Allow) J:\games\AOE2\age2_x1\age2_x2.exe
FirewallRules: [{9EBCD385-8CC3-4362-B87B-DAF725E28EBF}] => (Allow) J:\games\AOE2\age2_x1\age2_x2.exe
FirewallRules: [TCP Query User{27784A5F-3E3B-43C0-BE2C-6E05190658FB}J:\games\stronghold crusaders x\stronghold crusader.exe] => (Allow) J:\games\stronghold crusaders x\stronghold crusader.exe
FirewallRules: [UDP Query User{74FADE77-0C55-4603-A78A-5DCC7E6F0732}J:\games\stronghold crusaders x\stronghold crusader.exe] => (Allow) J:\games\stronghold crusaders x\stronghold crusader.exe
FirewallRules: [TCP Query User{DBE7E813-D991-4F5B-A41A-383C60F013F5}J:\games\aoe2\age2_x1\age2_x2.exe] => (Allow) J:\games\aoe2\age2_x1\age2_x2.exe
FirewallRules: [UDP Query User{1F39176F-3A26-409D-A0C5-459FBAB31039}J:\games\aoe2\age2_x1\age2_x2.exe] => (Allow) J:\games\aoe2\age2_x1\age2_x2.exe
FirewallRules: [TCP Query User{39313C56-680C-4C38-B249-0CDF7B5543DE}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{A3436D77-AB29-439D-8A3F-5DB744675782}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{AB501570-EFCB-44EB-B8D2-51A84C29D8DF}J:\games\anno 1503\1503startup.exe] => (Allow) J:\games\anno 1503\1503startup.exe
FirewallRules: [UDP Query User{B665B328-90E8-4F22-8974-468701054A43}J:\games\anno 1503\1503startup.exe] => (Allow) J:\games\anno 1503\1503startup.exe
FirewallRules: [{0C748F88-96D3-4631-A252-5DFAC2CF4265}] => (Block) J:\games\anno 1503\1503startup.exe
FirewallRules: [{3986A006-7B64-4EB9-82D0-2B7CBA1778EE}] => (Block) J:\games\anno 1503\1503startup.exe
FirewallRules: [{6597CB7D-5614-43F9-B8CC-1E989F84F28D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1F55D85C-969E-4A71-9571-2525BE4D0F6E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{39B04C3D-B012-4BA9-B249-BF9C052F07FF}J:\games\stronghold hd\stronghold.exe] => (Allow) J:\games\stronghold hd\stronghold.exe
FirewallRules: [UDP Query User{99DC6BEF-EBC2-4F02-948D-891EA13CB20F}J:\games\stronghold hd\stronghold.exe] => (Allow) J:\games\stronghold hd\stronghold.exe
FirewallRules: [TCP Query User{89D9A7B2-1B2A-4B1B-B25C-124924554789}J:\games\soldat\soldat.exe] => (Allow) J:\games\soldat\soldat.exe
FirewallRules: [UDP Query User{C6DEFDBE-C5FE-4C96-8B2A-803F791791BB}J:\games\soldat\soldat.exe] => (Allow) J:\games\soldat\soldat.exe
FirewallRules: [TCP Query User{3B31FE70-4F11-4EC0-ADBF-6723B7F7CCDA}J:\desktop\games\siedler ii\s25rttr_0.8.1\s25client.exe] => (Block) J:\desktop\games\siedler ii\s25rttr_0.8.1\s25client.exe
FirewallRules: [UDP Query User{B1489B47-8F54-4E87-8D94-11300E95C709}J:\desktop\games\siedler ii\s25rttr_0.8.1\s25client.exe] => (Block) J:\desktop\games\siedler ii\s25rttr_0.8.1\s25client.exe
FirewallRules: [{9FDA6E54-35FC-4E44-B4E9-B7357557D800}] => (Allow) C:\Users\BUN\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{E030201E-52A2-4155-BB93-120C274AE149}] => (Allow) C:\Users\BUN\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{7DF2FD8E-2CD7-44EA-A926-A1DD6B667C94}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{1004B879-BDBA-429F-94EC-36776180B139}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{A32517CE-437D-4C91-A1D2-9B26F8B6897B}] => (Allow) J:\Programme\µtorrent\uTorrent.exe
FirewallRules: [{546D825C-C0DA-4240-96B3-841F31867E16}] => (Allow) J:\Programme\µtorrent\uTorrent.exe
FirewallRules: [TCP Query User{AF8067F2-79B7-4FE7-9D9E-234D2643086F}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [UDP Query User{9370C4F1-2BAE-486D-B6B5-0BD74FAD06E4}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [TCP Query User{13A66C83-22C9-4655-8BBD-C0E55544D488}C:\users\bun\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\bun\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{37F18C06-305C-431C-88A3-0FC3EC339B9D}C:\users\bun\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\bun\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{2C43D41B-DE77-488C-BBFF-F3BC0D77E8DF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4D137316-6008-4188-B6A4-8A19EEFD02F4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{C31164FF-670C-4421-88F6-A1FD2122674A}C:\program files (x86)\stream what you hear\swyh.exe] => (Allow) C:\program files (x86)\stream what you hear\swyh.exe
FirewallRules: [UDP Query User{43EE5955-2A2F-4D90-B876-039C4A95C95A}C:\program files (x86)\stream what you hear\swyh.exe] => (Allow) C:\program files (x86)\stream what you hear\swyh.exe
FirewallRules: [TCP Query User{761F2BF1-A38E-4F2E-AEB8-1FEBE45155D5}C:\windows\syswow64\dpnsvr.exe] => (Allow) C:\windows\syswow64\dpnsvr.exe
FirewallRules: [UDP Query User{5434C314-0EAA-4BD3-B9C0-C5A8D45A464B}C:\windows\syswow64\dpnsvr.exe] => (Allow) C:\windows\syswow64\dpnsvr.exe
FirewallRules: [TCP Query User{EBF03F23-7F9D-417C-9CEB-CB529D40D876}J:\games\counter strike 1.6\counter strike 1.6\hl.exe] => (Allow) J:\games\counter strike 1.6\counter strike 1.6\hl.exe
FirewallRules: [UDP Query User{905A5DA8-0E46-4A52-A5E4-F2D46928A3D8}J:\games\counter strike 1.6\counter strike 1.6\hl.exe] => (Allow) J:\games\counter strike 1.6\counter strike 1.6\hl.exe
FirewallRules: [TCP Query User{2B0E7919-0DAA-43A9-A20F-77BC1A0A7BBD}J:\games\downhill pakoon! 2.many unlimited 2009\pakoon2.exe] => (Allow) J:\games\downhill pakoon! 2.many unlimited 2009\pakoon2.exe
FirewallRules: [UDP Query User{B953840D-07ED-44F8-85CD-DF6636A0EB81}J:\games\downhill pakoon! 2.many unlimited 2009\pakoon2.exe] => (Allow) J:\games\downhill pakoon! 2.many unlimited 2009\pakoon2.exe
FirewallRules: [TCP Query User{7BD3957B-7ADF-4616-8403-2D19A8F1C3C9}J:\games\unreal tournament\unrealtournament\system\unrealtournament.exe] => (Allow) J:\games\unreal tournament\unrealtournament\system\unrealtournament.exe
FirewallRules: [UDP Query User{91E617AF-F8CD-437D-8A55-4F0FE007FBC4}J:\games\unreal tournament\unrealtournament\system\unrealtournament.exe] => (Allow) J:\games\unreal tournament\unrealtournament\system\unrealtournament.exe
FirewallRules: [TCP Query User{14350D9D-6781-41CB-9D25-EA45044F0350}J:\games\cossacks anthology\cossacks - european wars\dmcr.exe] => (Allow) J:\games\cossacks anthology\cossacks - european wars\dmcr.exe
FirewallRules: [UDP Query User{02EFACF4-1698-48AD-8BFE-051CEAA7DB5A}J:\games\cossacks anthology\cossacks - european wars\dmcr.exe] => (Allow) J:\games\cossacks anthology\cossacks - european wars\dmcr.exe
FirewallRules: [TCP Query User{BF062D11-48F7-49CA-8F0A-DD34762A7BB0}J:\games\cossacks anthology\cossacks - art of war\dmcr.exe] => (Allow) J:\games\cossacks anthology\cossacks - art of war\dmcr.exe
FirewallRules: [UDP Query User{30FD45FB-77E7-42F9-9DC3-AC05D87F4176}J:\games\cossacks anthology\cossacks - art of war\dmcr.exe] => (Allow) J:\games\cossacks anthology\cossacks - art of war\dmcr.exe
==================== Faulty Device Manager Devices =============
Name: TAP-Windows Adapter V9
Description: TAP-Windows Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: tap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Viscosity Virtual Adapter V9.1
Description: Viscosity Virtual Adapter V9.1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: SparkLabs VPN
Service: visctap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (12/13/2015 02:44:21 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: Fehler beim Lizenzaktivierungsplaner (sppuinotify.dll). Fehlercode:
0x80070005
Error: (12/13/2015 01:56:21 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.
Error: (12/13/2015 01:32:14 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.
Error: (12/12/2015 09:09:55 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: Fehler beim Lizenzaktivierungsplaner (sppuinotify.dll). Fehlercode:
0x80070005
Error: (12/12/2015 08:09:55 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: Fehler beim Lizenzaktivierungsplaner (sppuinotify.dll). Fehlercode:
0x80070005
Error: (12/12/2015 07:08:44 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: Fehler beim Lizenzaktivierungsplaner (sppuinotify.dll). Fehlercode:
0x80070005
Error: (12/12/2015 06:03:01 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: Fehler beim Lizenzaktivierungsplaner (sppuinotify.dll). Fehlercode:
0x80070005
Error: (12/12/2015 03:56:29 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: Fehler beim Lizenzaktivierungsplaner (sppuinotify.dll). Fehlercode:
0x80070005
Error: (12/12/2015 03:08:30 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.
Error: (12/11/2015 10:34:13 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: Fehler beim Lizenzaktivierungsplaner (sppuinotify.dll). Fehlercode:
0x80070005
System errors:
=============
Error: (12/13/2015 02:44:21 PM) (Source: DCOM) (EventID: 10001) (User: )
Description: C:\Windows\System32\slui.exe -Embedding5{F87B28F1-DA9A-4F35-8EC0-800EFCF26B83}
Error: (12/13/2015 01:56:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "VBoxAsw Support Driver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error: (12/13/2015 01:56:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SVKP" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (12/13/2015 01:56:22 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen werden. Zusätzliche Daten: Fehlerwert: 2147549183.
Error: (12/13/2015 01:32:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "VBoxAsw Support Driver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error: (12/13/2015 01:32:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SVKP" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (12/13/2015 01:32:14 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen werden. Zusätzliche Daten: Fehlerwert: 2147549183.
Error: (12/12/2015 05:23:38 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (12/12/2015 04:06:58 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (12/12/2015 03:56:29 PM) (Source: DCOM) (EventID: 10001) (User: )
Description: C:\Windows\System32\slui.exe -Embedding5{F87B28F1-DA9A-4F35-8EC0-800EFCF26B83}
==================== Memory info ===========================
Processor: AMD Athlon(tm) 5350 APU with Radeon(tm) R3
Percentage of memory in use: 36%
Total physical RAM: 3522.6 MB
Available physical RAM: 2228.27 MB
Total Virtual: 9664.8 MB
Available Virtual: 8161.63 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:58.59 GB) (Free:8.79 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 4F5F4095)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=06)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 58.7 GB) (Disk ID: 55D5A24D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=58.6 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
--- --- --- |
|
14.12.2015, 13:34
| #9 |
| /// TB-Ausbilder | infizierte .doc Datei geöffnet - Banking Trojaner? Servus, Hinweis: Der Suchlauf mit ESET kann länger dauern. Avast deaktivieren, damit es keine Probleme bei Schritt 1 bereitet! Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
CloseProcesses:
Tcpip\..\Interfaces\{A5E2E802-2E6C-47F5-893C-7A82D6450F94}: [DhcpNameServer] 46.246.46.46 194.132.32.23
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2977046599-1652667645-1297689053-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF NetworkProxy: "type", 0
Task: {EF1B2409-F863-40D6-99DC-6FDA1720BE68} - System32\Tasks\{533B3A72-C546-4737-9C57-C2BCB10D0B00} => pcalua.exe -a D:\DirectX81\dxsetup.exe -d D:\DirectX81
C:\Windows\system32\Drivers\etc\hosts
Hosts:
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
Schritt 3 ESET Online Scanner
Schritt 4
Bitte poste mit deiner nächsten Antwort
|
|
14.12.2015, 19:53
| #10 |
| | infizierte .doc Datei geöffnet - Banking Trojaner? Hoi, anbei das volle Programm. Code:
ATTFilter Fix result of Farbar Recovery Scan Tool (x64) Version:12-12-2015 01
Ran by BUN (2015-12-14 17:53:22) Run:1
Running from C:\Users\BUN\Desktop
Loaded Profiles: BUN (Available Profiles: BUN)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CloseProcesses:
Tcpip\..\Interfaces\{A5E2E802-2E6C-47F5-893C-7A82D6450F94}: [DhcpNameServer] 46.246.46.46 194.132.32.23
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2977046599-1652667645-1297689053-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF NetworkProxy: "type", 0
Task: {EF1B2409-F863-40D6-99DC-6FDA1720BE68} - System32\Tasks\{533B3A72-C546-4737-9C57-C2BCB10D0B00} => pcalua.exe -a D:\DirectX81\dxsetup.exe -d D:\DirectX81
C:\Windows\system32\Drivers\etc\hosts
Hosts:
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end
*****************
Processes closed successfully.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A5E2E802-2E6C-47F5-893C-7A82D6450F94}\\DhcpNameServer => value removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-2977046599-1652667645-1297689053-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
Firefox Proxy settings were reset.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EF1B2409-F863-40D6-99DC-6FDA1720BE68}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EF1B2409-F863-40D6-99DC-6FDA1720BE68}" => key removed successfully
C:\Windows\System32\Tasks\{533B3A72-C546-4737-9C57-C2BCB10D0B00} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{533B3A72-C546-4737-9C57-C2BCB10D0B00}" => key removed successfully
C:\Windows\system32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
========= RemoveProxy: =========
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2977046599-1652667645-1297689053-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2977046599-1652667645-1297689053-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
========= End of RemoveProxy: =========
========= ipconfig /flushdns =========
Windows-IP-Konfiguration
Der DNS-Aufl�sungscache wurde geleert.
========= End of CMD: =========
========= netsh winsock reset =========
Der Winsock-Katalog wurde zur�ckgesetzt.
Sie m�ssen den Computer neu starten, um den Vorgang abzuschlie�en.
========= End of CMD: =========
EmptyTemp: => 60.7 MB temporary data Removed.
The system needed a reboot.
==== End of Fixlog 17:53:28 ====
Code:
ATTFilter
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=60cbb979bc11374da50461dc494664c5
# end=init
# utc_time=2015-12-14 05:01:25
# local_time=2015-12-14 06:01:25 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 27191
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=60cbb979bc11374da50461dc494664c5
# end=updated
# utc_time=2015-12-14 05:09:00
# local_time=2015-12-14 06:09:00 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=60cbb979bc11374da50461dc494664c5
# engine=27191
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-12-14 06:17:32
# local_time=2015-12-14 07:17:32 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 84 8796 43012520 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 295275 201746902 0 0
# scanned=217038
# found=2
# cleaned=0
# scan_time=4111
sh=8258A3FD5E26C32FEB09EC02907B19B5EF9FD548 ft=1 fh=bae112a5a89590e2 vn="Variante von Win32/AdkDLLWrapper.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\BUN\AppData\Roaming\uTorrent\updates\3.4.2_32691.exe"
sh=64C63505096186996B6CAB3B009E80D257BBF075 ft=1 fh=f64f4ef24f987c38 vn="Win32/Toolbar.Babylon evtl. unerwünschte Anwendung" ac=I fn="C:\Users\BUN\Downloads\PSDViewer32Setup.exe"
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-12-2015 01
Ran by BUN (administrator) on BUN (14-12-2015 19:43:19)
Running from C:\Users\BUN\Desktop
Loaded Profiles: BUN (Available Profiles: BUN)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Englisch (USA)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Beepa P/L) C:\Program Files\Fraps\fraps.exe
(SparkLabs) C:\Program Files\Viscosity\ViscosityService.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe
(Comfort Software Group) C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
(SparkLabs) C:\Program Files\Viscosity\Viscosity.exe
(Dropbox, Inc.) C:\Users\BUN\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Beepa P/L) C:\Program Files\Fraps\fraps64.dat
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NUSB3MON] => C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe [97280 2012-04-11] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Creative SB Monitoring Utility] => RunDll32 sbavmon.dll,SBAVMonitor
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-14] (AVAST Software)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2977046599-1652667645-1297689053-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-2977046599-1652667645-1297689053-1000\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [6265624 2014-07-23] (Piriform Ltd)
HKU\S-1-5-21-2977046599-1652667645-1297689053-1000\...\Run: [TrueCrypt] => C:\Program Files\TrueCrypt\TrueCrypt.exe [1516496 2014-08-05] (TrueCrypt Foundation)
HKU\S-1-5-21-2977046599-1652667645-1297689053-1000\...\Run: [FreeAC] => C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe [1553688 2014-02-20] (Comfort Software Group)
HKU\S-1-5-21-2977046599-1652667645-1297689053-1000\...\Run: [Viscosity] => C:\Program Files\Viscosity\Viscosity.exe [1434400 2015-09-07] (SparkLabs)
HKU\S-1-5-21-2977046599-1652667645-1297689053-1000\...\Run: [Dropbox Update] => C:\Users\BUN\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-17] (Dropbox, Inc.)
HKU\S-1-5-21-2977046599-1652667645-1297689053-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [1967616 2014-04-17] (AMD)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-12-14] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
Startup: C:\Users\BUN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-10-18]
ShortcutTarget: Dropbox.lnk -> C:\Users\BUN\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2
Tcpip\..\Interfaces\{117EA0DF-6107-47CA-8291-AF29CC15F5BD}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{60B6F006-A789-47D5-BC6A-265DF6BA7D9F}: [DhcpNameServer] 192.168.0.1 192.168.0.2
Tcpip\..\Interfaces\{C4CB63A8-1223-4CB1-AD9C-E94D3E936B8B}: [DhcpNameServer] 192.168.0.1 192.168.0.2
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2977046599-1652667645-1297689053-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000 -> {2277E17C-2BD4-4CD4-81CC-CF6F8CC0A52D} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-18] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-18] (Oracle Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
FireFox:
========
FF ProfilePath: C:\Users\BUN\AppData\Roaming\Mozilla\Firefox\Profiles\zwsomlqj.default-1434228995644
FF Session Restore: -> is enabled.
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-08] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-07-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-08] ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-07-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll [2014-10-10] (pdfforge GmbH)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-2977046599-1652667645-1297689053-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-07-28] (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\GoogleMapsClassic.src [2014-10-09]
FF Extension: Greasemonkey - C:\Users\BUN\AppData\Roaming\Mozilla\Firefox\Profiles\zwsomlqj.default-1434228995644\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-11-21]
FF Extension: Youtube MP3 Podcaster - C:\Users\BUN\AppData\Roaming\Mozilla\Firefox\Profiles\zwsomlqj.default-1434228995644\extensions\youtubemp3podcaster@jeremy.d.gregorio.com [2015-12-12]
FF Extension: Lightbeam - C:\Users\BUN\AppData\Roaming\Mozilla\Firefox\Profiles\zwsomlqj.default-1434228995644\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2015-12-11]
FF Extension: YouTube™ Flash-HTML5 - C:\Users\BUN\AppData\Roaming\Mozilla\Firefox\Profiles\zwsomlqj.default-1434228995644\Extensions\jid1-o2qEVrZ4t5FJWu@jetpack.xpi [2015-10-26]
FF Extension: uBlock Origin - C:\Users\BUN\AppData\Roaming\Mozilla\Firefox\Profiles\zwsomlqj.default-1434228995644\Extensions\uBlock0@raymondhill.net.xpi [2015-12-13]
FF Extension: YouTube Unblocker - C:\Users\BUN\AppData\Roaming\Mozilla\Firefox\Profiles\zwsomlqj.default-1434228995644\Extensions\youtubeunblocker__web@unblocker.yt [2015-12-12]
FF Extension: BugMeNot Plugin - C:\Users\BUN\AppData\Roaming\Mozilla\Firefox\Profiles\zwsomlqj.default-1434228995644\Extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}.xpi [2015-09-29]
FF Extension: Easy Youtube Video Downloader Express - C:\Users\BUN\AppData\Roaming\Mozilla\Firefox\Profiles\zwsomlqj.default-1434228995644\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2015-12-04]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-14] (AVAST Software)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-10-09] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-10-09] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [File not signed]
S4 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [38200 2015-03-19] (The OpenVPN Project)
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-10-10] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-10-10] (pdfforge GmbH)
S3 SystemExplorerHelpService; C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe [820960 2014-12-20] (Mister Group)
R2 ViscosityService; C:\Program Files\Viscosity\ViscosityService.exe [83232 2015-09-07] (SparkLabs)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]
S3 FirebirdServerMAGIXInstance; J:\Programme\Common\Database\bin\fbserver.exe [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 APXACC; C:\Windows\System32\DRIVERS\appexDrv.sys [225504 2014-03-28] (AppEx Networks Corporation)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49048 2012-07-18] (Asmedia Technology)
R3 AsrVDrive; C:\Windows\System32\DRIVERS\AsrVDrive.sys [23048 2011-01-26] (ASRock Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-14] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-14] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-14] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1055560 2015-12-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [450504 2015-12-14] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-14] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-14] (AVAST Software)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-04] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R3 ksaud; C:\Windows\System32\drivers\ksaud.sys [1148288 2011-07-06] (Creative Technology Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
S3 visctap0901; C:\Windows\System32\DRIVERS\visctap0901.sys [34440 2015-09-07] (The OpenVPN Project)
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S2 SVKP; \??\C:\Windows\system32\SVKP.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-14 18:01 - 2015-12-14 19:17 - 00001807 _____ C:\Users\BUN\Desktop\ESETlog.txt
2015-12-14 18:00 - 2015-12-14 18:01 - 02870984 _____ (ESET) C:\Users\BUN\Desktop\esetsmartinstaller_deu.exe
2015-12-14 17:55 - 2015-12-14 17:59 - 00000000 ____D C:\ProgramData\HitmanPro
2015-12-14 17:55 - 2015-12-14 17:55 - 11323704 _____ (SurfRight B.V.) C:\Users\BUN\Desktop\HitmanPro_x64.exe
2015-12-14 17:53 - 2015-12-14 17:53 - 00003210 _____ C:\Users\BUN\Desktop\Fixlog.txt
2015-12-14 17:50 - 2015-12-14 17:50 - 00386096 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-12-14 17:50 - 2015-12-14 17:50 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-12-13 21:47 - 2015-12-13 23:07 - 00000000 ____D C:\Users\BUN\Downloads\Bilder
2015-12-13 19:27 - 2015-12-13 19:32 - 28165303 _____ C:\Users\BUN\Downloads\The Legend of Kyrandia 1 (CD DOS).zip
2015-12-13 15:52 - 2015-12-14 01:02 - 00000000 ____D C:\Users\BUN\Desktop\scummvm-1.7.0-win32
2015-12-13 15:51 - 2015-12-13 15:51 - 10434637 _____ C:\Users\BUN\Downloads\scummvm-1.7.0-win32.zip
2015-12-13 15:45 - 2015-12-13 15:48 - 29554178 _____ C:\Users\BUN\Downloads\The Legend of Kyrandia 1 (CD DOS, German).zip
2015-12-13 15:34 - 2015-12-13 15:34 - 00001256 _____ C:\Users\BUN\Desktop\mbam.txt
2015-12-13 15:11 - 2015-12-13 15:11 - 00000000 ____D C:\Users\BUN\Desktop\FRST-OlderVersion
2015-12-13 14:14 - 2015-12-13 14:14 - 00000747 _____ C:\Users\BUN\Desktop\JRTlog.txt
2015-12-13 14:05 - 2015-12-13 14:18 - 00000548 _____ C:\Users\BUN\Desktop\JRT.txt
2015-12-13 13:41 - 2015-12-14 17:51 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-13 13:40 - 2015-12-13 13:40 - 00001106 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-12-13 13:40 - 2015-12-13 13:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-12-13 13:40 - 2015-12-13 13:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-12-13 13:40 - 2015-12-13 13:40 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-12-13 13:40 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-12-13 13:40 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-12-13 13:40 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-12-13 13:39 - 2015-12-13 13:39 - 00000653 _____ C:\Users\BUN\Desktop\AdwCleaner[S2].txt
2015-12-13 13:35 - 2015-12-13 13:35 - 22908888 _____ (Malwarebytes ) C:\Users\BUN\Desktop\mbam-setup-2.2.0.1024.exe
2015-12-13 13:35 - 2015-12-13 13:35 - 01599336 _____ (Malwarebytes) C:\Users\BUN\Desktop\JRT.exe
2015-12-13 13:34 - 2015-12-13 13:34 - 01738240 _____ C:\Users\BUN\Desktop\AdwCleaner_5.024.exe
2015-12-12 17:36 - 2015-12-12 15:21 - 00000765 _____ C:\Users\BUN\Documents\indexfile.txt
2015-12-12 17:30 - 2015-12-12 17:30 - 00055528 _____ C:\Users\BUN\Desktop\combofixlog.txt
2015-12-12 17:26 - 2015-12-12 17:26 - 00055528 _____ C:\ComboFix.txt
2015-12-12 15:33 - 2015-12-12 17:26 - 00000000 ____D C:\Qoobox
2015-12-12 15:33 - 2015-12-12 17:24 - 00000000 ____D C:\Windows\erdnt
2015-12-12 15:33 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2015-12-12 15:33 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2015-12-12 15:33 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-12-12 15:33 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-12-12 15:33 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-12-12 15:33 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2015-12-12 15:33 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2015-12-12 15:33 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2015-12-12 15:32 - 2015-12-12 15:32 - 05640685 ____R (Swearware) C:\Users\BUN\Desktop\ComboFix.exe
2015-12-12 15:23 - 2015-12-12 15:31 - 2072652361 _____ C:\Users\BUN\Desktop\Thunderbird 38.4.0 (de) - 2015-12-12.pcv
2015-12-12 15:21 - 2015-12-12 15:22 - 98944038 _____ C:\Users\BUN\Desktop\Firefox 43.0 (x86 de) - 2015-12-12.pcv
2015-12-12 15:20 - 2015-12-12 15:20 - 01035926 _____ C:\Users\BUN\Downloads\MozBackup-1.5.1-EN.exe
2015-12-12 15:20 - 2015-12-12 15:20 - 00001031 _____ C:\Users\Public\Desktop\MozBackup.lnk
2015-12-12 15:20 - 2015-12-12 15:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup
2015-12-12 15:20 - 2015-12-12 15:20 - 00000000 ____D C:\Program Files (x86)\MozBackup
2015-12-12 15:19 - 2015-12-12 15:19 - 00000000 ____D C:\Users\BUN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-12-12 15:17 - 2015-12-12 15:17 - 00018683 _____ C:\Users\BUN\Desktop\bookmarks-2015-12-12.json
2015-12-11 21:17 - 2015-12-11 21:21 - 00218604 _____ C:\TDSSKiller.3.1.0.8_11.12.2015_21.17.12_log.txt
2015-12-11 21:16 - 2015-12-11 21:16 - 00000490 _____ C:\TDSSKiller.3.1.0.8_11.12.2015_21.16.14_log.txt
2015-12-11 21:02 - 2015-12-11 21:03 - 04676456 _____ (Kaspersky Lab ZAO) C:\Users\BUN\Desktop\tdsskiller.exe
2015-12-11 20:29 - 2015-12-11 20:36 - 00000000 ____D C:\ProgramData\SystemExplorer
2015-12-11 20:29 - 2015-12-11 20:29 - 01917528 _____ (Mister Group ) C:\Users\BUN\Downloads\SystemExplorerSetup_700.exe
2015-12-11 20:29 - 2015-12-11 20:29 - 00001090 _____ C:\Users\Public\Desktop\System Explorer.lnk
2015-12-11 20:29 - 2015-12-11 20:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Explorer
2015-12-11 20:29 - 2015-12-11 20:29 - 00000000 ____D C:\Program Files (x86)\System Explorer
2015-12-11 18:32 - 2015-12-13 15:29 - 00044290 _____ C:\Users\BUN\Desktop\Addition.txt
2015-12-11 18:31 - 2015-12-14 19:43 - 00022491 _____ C:\Users\BUN\Desktop\FRST.txt
2015-12-11 18:31 - 2015-12-14 19:43 - 00000000 ____D C:\FRST
2015-12-11 18:30 - 2015-12-13 15:11 - 02369536 _____ (Farbar) C:\Users\BUN\Desktop\FRST64.exe
2015-12-11 11:35 - 2015-12-11 11:35 - 00246154 _____ C:\Users\BUN\AppData\Local\recently-used.xbel
2015-12-11 10:44 - 2015-12-11 13:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-09 12:47 - 2015-11-20 19:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-09 12:47 - 2015-11-20 19:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-09 12:47 - 2015-11-20 19:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-09 12:47 - 2015-11-20 19:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-09 12:47 - 2015-11-20 19:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-09 12:47 - 2015-11-20 19:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-09 12:47 - 2015-11-20 19:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-12-09 12:47 - 2015-11-20 19:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-09 12:47 - 2015-11-20 19:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-09 12:47 - 2015-11-20 19:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-12-09 12:47 - 2015-11-20 19:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-12-09 12:47 - 2015-11-20 19:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-12-09 12:47 - 2015-11-20 19:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-12-09 12:47 - 2015-11-20 19:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-12-09 12:47 - 2015-11-20 19:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-12-09 12:47 - 2015-11-20 19:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-12-09 12:47 - 2015-11-11 19:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-09 12:47 - 2015-11-11 19:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-09 12:47 - 2015-11-11 19:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-09 12:47 - 2015-11-11 19:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-09 12:47 - 2015-11-10 19:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-09 12:47 - 2015-11-10 19:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-09 12:47 - 2015-11-10 19:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-09 12:47 - 2015-11-10 19:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-09 12:47 - 2015-11-10 19:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-09 12:47 - 2015-11-10 18:47 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-09 12:47 - 2015-11-05 20:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2015-12-09 12:47 - 2015-11-05 20:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2015-12-09 12:47 - 2015-11-05 10:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-09 12:47 - 2015-11-03 20:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-12-09 12:47 - 2015-11-03 19:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-12-09 12:46 - 2015-11-11 22:12 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-09 12:46 - 2015-11-11 21:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-09 12:46 - 2015-11-11 17:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-09 12:46 - 2015-11-11 17:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-09 12:46 - 2015-11-11 16:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-12-09 12:46 - 2015-11-11 16:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-09 12:46 - 2015-11-11 16:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-09 12:46 - 2015-11-11 16:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-09 12:46 - 2015-11-11 15:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-12-09 12:46 - 2015-11-10 01:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-12-09 12:46 - 2015-11-10 01:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-09 12:46 - 2015-11-10 01:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-12-09 12:46 - 2015-11-10 01:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-12-09 12:46 - 2015-11-10 01:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-12-09 12:46 - 2015-11-10 01:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-12-09 12:46 - 2015-11-10 01:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-09 12:46 - 2015-11-10 01:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-12-09 12:46 - 2015-11-10 01:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-12-09 12:46 - 2015-11-10 01:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-09 12:46 - 2015-11-10 01:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-12-09 12:46 - 2015-11-10 01:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-09 12:46 - 2015-11-10 01:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-12-09 12:46 - 2015-11-10 00:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-12-09 12:46 - 2015-11-10 00:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-12-09 12:46 - 2015-11-10 00:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-09 12:46 - 2015-11-10 00:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-12-09 12:46 - 2015-11-10 00:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-12-09 12:46 - 2015-11-10 00:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-09 12:46 - 2015-11-10 00:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-09 12:46 - 2015-11-10 00:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-12-09 12:46 - 2015-11-10 00:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-09 12:46 - 2015-11-10 00:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-09 12:46 - 2015-11-10 00:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-12-09 12:46 - 2015-11-08 23:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-12-09 12:46 - 2015-11-08 23:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-12-09 12:46 - 2015-11-08 23:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-12-09 12:46 - 2015-11-08 23:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-09 12:46 - 2015-11-08 23:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-09 12:46 - 2015-11-08 23:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-12-09 12:46 - 2015-11-08 23:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-12-09 12:46 - 2015-11-08 23:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-12-09 12:46 - 2015-11-08 23:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-12-09 12:46 - 2015-11-08 23:06 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-12-09 12:46 - 2015-11-08 23:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-09 12:46 - 2015-11-08 23:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-09 12:46 - 2015-11-08 23:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-09 12:46 - 2015-11-08 23:01 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-12-09 12:46 - 2015-11-08 23:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-12-09 12:46 - 2015-11-08 23:01 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-12-09 12:46 - 2015-11-08 22:52 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-12-09 12:46 - 2015-11-08 22:48 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-12-09 12:46 - 2015-11-08 22:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-12-09 12:46 - 2015-11-08 22:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-12-09 12:46 - 2015-11-08 22:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-09 12:46 - 2015-11-08 22:29 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-12-09 12:46 - 2015-11-08 22:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-09 12:46 - 2015-11-08 22:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-09 12:46 - 2015-11-08 22:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-09 12:46 - 2015-11-08 22:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-09 12:46 - 2015-11-08 22:14 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-12-09 12:46 - 2015-11-08 22:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-09 12:46 - 2015-11-08 21:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-09 12:46 - 2015-11-08 21:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-09 12:46 - 2015-11-08 21:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-12-09 12:46 - 2015-11-03 20:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2015-12-09 12:46 - 2015-11-03 19:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2015-12-06 22:25 - 2015-12-06 22:25 - 00000000 _____ C:\Users\BUN\Desktop\19-20 maa kat.txt
2015-12-05 16:00 - 2015-12-05 16:00 - 00001135 _____ C:\Users\Public\Desktop\Cossacks - European Wars.lnk
2015-12-05 16:00 - 2015-12-05 16:00 - 00001121 _____ C:\Users\Public\Desktop\Cossacks - Back To War.lnk
2015-12-05 16:00 - 2015-12-05 16:00 - 00001046 _____ C:\Users\Public\Desktop\Cossacks - Art Of War.lnk
2015-12-04 19:34 - 2015-12-04 19:34 - 25357772 _____ C:\Users\BUN\Downloads\VCStarterV1.65.1.zip
2015-12-04 18:47 - 2015-12-04 18:47 - 04147600 _____ ($Co_Name Inc.) C:\Users\BUN\Downloads\unifying250.exe
2015-12-04 04:18 - 2015-12-04 04:18 - 18483337 _____ (Wrye Bash development team) C:\Users\BUN\Downloads\Wrye Bash 306 - Installer-1840-306.exe
2015-12-04 04:18 - 2015-12-04 04:18 - 00000000 ____D C:\Users\BUN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wrye Bash
2015-12-04 04:15 - 2015-12-04 04:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oblivion Mod Manager
2015-12-04 04:14 - 2015-12-04 04:14 - 01668612 _____ C:\Users\BUN\Downloads\obmm 1_1_12 full installer-2097.zip
2015-12-03 21:58 - 2015-12-03 21:58 - 10226263 _____ C:\Users\BUN\Downloads\Patch.v1.01.rar
2015-12-03 21:58 - 2015-12-03 21:58 - 07987371 _____ C:\Users\BUN\Downloads\vietcong_v141.7z
2015-12-03 19:24 - 2015-12-03 19:24 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2015-12-03 19:24 - 2015-12-03 19:24 - 00000000 ____D C:\Program Files\Common Files\AV
2015-12-03 16:21 - 2015-12-03 19:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2015-11-30 02:28 - 2015-11-30 02:28 - 00049133 _____ C:\Users\BUN\Desktop\Rücksendung Nähmaschine fuss fehlt.pdf
2015-11-25 23:39 - 2015-11-25 23:39 - 00000000 _____ C:\Users\BUN\Desktop\28.12 sperrmüll mariola.txt
2015-11-20 20:50 - 2015-11-20 20:51 - 56909694 _____ C:\Users\BUN\Downloads\Waving The Guns - Pflaster.mp4
2015-11-20 19:58 - 2015-11-20 19:59 - 17068918 _____ C:\Users\BUN\Downloads\Spax - Neuseeland.mp4
2015-11-18 00:48 - 2015-11-27 19:26 - 00008022 _____ C:\Users\BUN\.heldEinstellungen4_1.xml
2015-11-18 00:48 - 2015-11-27 19:26 - 00000000 ____D C:\Users\BUN\helden
2015-11-18 00:45 - 2015-11-18 15:02 - 00000000 ____D C:\Users\BUN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Helden-Software
2015-11-18 00:45 - 2015-11-18 00:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Helden-Software
2015-11-16 23:13 - 2015-11-16 23:13 - 11228750 _____ C:\Users\BUN\Downloads\media-540ec999.wav
2015-11-16 23:08 - 2015-11-16 23:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MIDI4all
2015-11-16 23:08 - 2015-11-16 23:08 - 00000000 ____D C:\Program Files (x86)\MIDI4all
2015-11-16 23:07 - 2015-11-16 23:07 - 93092356 _____ (Webdesign-Forum.de ) C:\Users\BUN\Downloads\setup_1_.exe
2015-11-16 22:55 - 2015-11-16 23:01 - 00001647 _____ C:\Users\BUN\Desktop\test.MID
2015-11-16 22:55 - 2015-11-16 22:55 - 00039832 _____ C:\Users\BUN\Desktop\test.LSO
2015-11-16 22:39 - 2015-11-16 22:39 - 00013668 _____ C:\Windows\Logic Fun.PRF
2015-11-16 22:24 - 2015-11-16 22:24 - 00000000 ____D C:\Users\BUN\Downloads\LogicFunPC
2015-11-16 22:24 - 2015-11-16 22:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\emagic
2015-11-16 22:24 - 2015-11-16 22:24 - 00000000 ____D C:\Program Files (x86)\emagic
2015-11-16 22:24 - 1999-12-17 10:13 - 00086016 _____ (MindVision Software) C:\Windows\unvise32.exe
2015-11-16 22:23 - 2015-11-16 22:23 - 08138153 _____ C:\Users\BUN\Downloads\LogicFunPC.zip
2015-11-16 22:08 - 2015-11-16 22:10 - 00000000 ____D C:\Program Files (x86)\milkytracker-0.90.86-winnt
2015-11-16 22:07 - 2015-11-16 22:07 - 01416674 _____ C:\Users\BUN\Downloads\milkytracker-0.90.86-winnt.zip
2015-11-16 21:59 - 2015-11-16 22:09 - 00003314 _____ C:\Windows\DMUSProd.INI
2015-11-16 21:59 - 2015-11-16 22:01 - 00000000 ____D C:\Users\BUN\Documents\DMUSProducer
2015-11-16 21:59 - 2015-11-16 21:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft DirectMusic
2015-11-16 21:59 - 2015-11-16 21:59 - 00000000 ____D C:\Program Files (x86)\Microsoft DirectMusic Producer
2015-11-16 21:59 - 1999-02-22 00:00 - 00241672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSFLXGRD.OCX
2015-11-16 21:59 - 1997-08-26 12:06 - 00315904 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe
2015-11-16 21:57 - 2015-11-16 21:58 - 10339192 _____ C:\Users\BUN\Downloads\DX81MusicProducer.exe
2015-11-16 17:48 - 2015-11-16 17:48 - 19050975 _____ C:\Users\BUN\Downloads\Sekaiju4.5.zip
2015-11-16 17:48 - 2015-11-16 17:48 - 00000000 ____D C:\Program Files (x86)\Sekaiju4.5
2015-11-16 17:46 - 2015-11-16 17:46 - 00047244 _____ C:\Users\BUN\Downloads\05- Makin´ Whoopee - Gerry Mulligan.mid
2015-11-16 17:41 - 2015-11-16 17:50 - 00000000 ____D C:\Program Files (x86)\AmazingMIDI
2015-11-16 17:41 - 2015-11-16 17:41 - 00000000 ____D C:\Users\BUN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AmazingMIDI
2015-11-16 17:41 - 2015-11-16 17:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AmazingMIDI
2015-11-16 17:40 - 2015-11-16 17:40 - 00761380 _____ C:\Users\BUN\Downloads\azmid170.exe
2015-11-15 22:25 - 2015-11-16 02:05 - 00000236 _____ C:\Users\BUN\Desktop\samples.txt
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-14 19:27 - 2009-07-14 05:45 - 00022528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-14 19:27 - 2009-07-14 05:45 - 00022528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-14 18:51 - 2014-08-03 23:39 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-14 17:59 - 2014-08-05 19:45 - 00696932 _____ C:\Windows\system32\perfh007.dat
2015-12-14 17:59 - 2014-08-05 19:45 - 00148900 _____ C:\Windows\system32\perfc007.dat
2015-12-14 17:59 - 2009-07-14 06:13 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-14 17:59 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2015-12-14 17:56 - 2009-07-14 04:20 - 00000000 ____D C:\Windows
2015-12-14 17:54 - 2015-02-07 01:24 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-14 17:54 - 2014-10-18 17:54 - 00003152 _____ C:\Windows\System32\Tasks\FRAPS
2015-12-14 17:54 - 2014-10-18 17:53 - 00000000 ____D C:\Program Files\Fraps
2015-12-14 17:54 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-14 17:53 - 2014-09-25 15:38 - 00000000 ____D C:\Users\BUN\AppData\LocalLow\Temp
2015-12-14 17:53 - 2014-08-03 23:31 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2015-12-14 17:50 - 2014-08-03 23:22 - 01055560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-12-14 17:50 - 2014-08-03 23:22 - 00450504 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-12-14 17:50 - 2014-08-03 23:22 - 00273784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-12-14 17:50 - 2014-08-03 23:22 - 00155304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-12-14 17:50 - 2014-08-03 23:22 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-12-14 17:50 - 2014-08-03 23:22 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-12-14 17:50 - 2014-08-03 23:22 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-12-14 17:50 - 2014-08-03 23:22 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-12-14 17:50 - 2014-08-03 23:22 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-12-14 01:02 - 2014-11-02 23:21 - 00001689 _____ C:\Windows\scummvm.ini
2015-12-13 15:53 - 2014-12-08 23:32 - 00000000 ____D C:\Users\BUN\AppData\Roaming\ScummVM
2015-12-13 13:37 - 2015-04-07 14:22 - 00000000 ____D C:\AdwCleaner
2015-12-12 17:23 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2015-12-12 15:19 - 2015-01-27 21:59 - 00000000 ____D C:\Users\BUN\AppData\Roaming\Dropbox
2015-12-11 18:17 - 2014-08-03 23:48 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2015-12-11 14:45 - 2014-08-03 23:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-11 13:47 - 2014-09-07 19:02 - 00000000 ____D C:\Users\BUN\.gimp-2.8
2015-12-11 11:35 - 2014-09-07 19:05 - 00000000 ____D C:\Users\BUN\AppData\Local\gtk-2.0
2015-12-11 00:21 - 2014-08-05 22:18 - 00000000 ____D C:\Users\BUN\AppData\Roaming\vlc
2015-12-10 20:48 - 2014-09-15 19:55 - 00000000 ____D C:\Users\BUN\Documents\Rezepte
2015-12-10 16:49 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2015-12-10 12:17 - 2009-07-14 05:45 - 04858136 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-09 21:08 - 2014-08-04 10:40 - 00000000 ____D C:\Windows\system32\MRT
2015-12-09 21:01 - 2014-08-04 10:40 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-09 12:16 - 2014-08-04 12:38 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\systemcpl.dll
2015-12-09 12:16 - 2014-08-04 12:37 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\slwga.dll
2015-12-09 12:16 - 2014-08-04 12:37 - 00013824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\slwga.dll
2015-12-08 23:51 - 2014-08-03 23:39 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-08 23:51 - 2014-08-03 23:39 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-08 23:51 - 2014-08-03 23:39 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-06 14:40 - 2014-10-09 15:35 - 00000311 ___RH C:\Windows\ctfile.rfc
2015-12-05 16:01 - 2014-08-06 20:17 - 00000000 ____D C:\Users\BUN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-12-05 16:00 - 2014-11-18 23:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2015-12-04 18:50 - 2015-01-13 23:27 - 00000000 ____D C:\Users\BUN\AppData\Local\Logitech
2015-12-04 18:49 - 2014-08-03 23:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-12-04 04:21 - 2014-08-16 20:00 - 00000023 _____ C:\Windows\BlendSettings.ini
2015-12-03 21:31 - 2015-02-07 01:24 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-03 21:31 - 2015-02-07 01:24 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-03 21:31 - 2015-02-07 01:24 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-03 17:39 - 2014-11-06 16:56 - 00000000 ____D C:\Users\BUN\AppData\Roaming\Skype
2015-12-02 13:18 - 2014-08-03 23:13 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-11-27 19:27 - 2014-11-18 12:38 - 00000000 ____D C:\Users\BUN\Documents\dsa
2015-11-27 19:16 - 2015-02-11 02:02 - 00000417 _____ C:\Users\BUN\.dsa4.properties
2015-11-27 19:16 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-11-26 11:26 - 2014-08-04 11:08 - 00000000 ____D C:\Users\BUN\AppData\Roaming\DAEMON Tools Lite
2015-11-25 19:29 - 2015-06-16 19:31 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-24 22:02 - 2014-08-28 20:31 - 00000034 _____ C:\Users\BUN\AppData\Roaming\AdobeWLCMCache.dat
2015-11-23 13:30 - 2015-01-15 21:46 - 00000000 ____D C:\Users\BUN\AppData\Roaming\Media Player Classic
2015-11-18 00:48 - 2014-08-03 21:19 - 00000000 ____D C:\Users\BUN
2015-11-18 00:47 - 2015-02-11 03:09 - 00085037 _____ C:\Users\BUN\helden.xml
2015-11-18 00:47 - 2015-02-11 02:02 - 00003708 _____ C:\Users\BUN\.heldEinstellungen.xml
2015-11-16 22:34 - 2014-08-03 23:15 - 00067840 _____ C:\Users\BUN\AppData\Local\GDIPFONTCACHEV1.DAT
2015-11-16 22:24 - 2009-07-14 03:34 - 00000455 _____ C:\Windows\win.ini
==================== Files in the root of some directories =======
2014-08-28 20:31 - 2015-11-24 22:02 - 0000034 _____ () C:\Users\BUN\AppData\Roaming\AdobeWLCMCache.dat
2014-10-17 12:46 - 2014-12-26 19:47 - 0000803 _____ () C:\Users\BUN\AppData\Roaming\gnuplot_history
2015-02-01 23:44 - 2015-02-01 23:44 - 0000331 ____H () C:\Users\BUN\AppData\Local\CacheConfig.dat
2015-12-11 11:35 - 2015-12-11 11:35 - 0246154 _____ () C:\Users\BUN\AppData\Local\recently-used.xbel
2009-02-24 11:40 - 2009-02-24 11:40 - 0001026 _____ () C:\ProgramData\cfSB0270.ini
2009-02-24 11:40 - 2009-02-24 11:40 - 0001026 _____ () C:\ProgramData\cfSB0271.ini
2009-02-24 11:40 - 2009-02-24 11:40 - 0001302 _____ () C:\ProgramData\cfSB0300.ini
2009-02-24 11:40 - 2009-02-24 11:40 - 0001282 _____ () C:\ProgramData\cfSB0471.ini
2009-02-24 11:40 - 2009-02-24 11:40 - 0001208 _____ () C:\ProgramData\cfSB0490.ini
2009-02-24 11:40 - 2009-02-24 11:40 - 0001027 _____ () C:\ProgramData\cfSB0560.ini
2009-02-24 11:40 - 2009-02-24 11:40 - 0001352 _____ () C:\ProgramData\cfSB0910.ini
2009-02-24 11:40 - 2009-02-24 11:40 - 0000590 _____ () C:\ProgramData\cfSB0950.ini
2009-02-24 11:40 - 2009-02-24 11:40 - 0001352 _____ () C:\ProgramData\cfSB1090.ini
2009-02-24 11:40 - 2009-02-24 11:40 - 0001346 _____ () C:\ProgramData\cfSB1100.ini
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-13 15:36
==================== End of FRST.txt ============================
|
|
14.12.2015, 19:54
| #11 |
| | infizierte .doc Datei geöffnet - Banking Trojaner?Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version:12-12-2015 01
Ran by BUN (2015-12-14 19:44:11)
Running from C:\Users\BUN\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2014-08-03 20:18:57)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2977046599-1652667645-1297689053-500 - Administrator - Disabled)
BUN (S-1-5-21-2977046599-1652667645-1297689053-1000 - Administrator - Enabled) => C:\Users\BUN
Guest (S-1-5-21-2977046599-1652667645-1297689053-501 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - emc, uTorrent.CZ)
ACDSee 17 (HKLM-x32\...\{A47900DC-2011-46C8-8E07-5BDD9D83DE47}) (Version: 17.1.68 - ACD Systems International Inc.)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.22.87 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
Adobe Illustrator CC 2014 (HKLM-x32\...\{2B4B4082-8043-4646-8334-B0A29E641211}) (Version: 18.0 - Adobe Systems Incorporated)
Adobe Illustrator CS5.1 (HKLM-x32\...\{23767F5D-A80C-4264-B8EA-ED4085FC332A}) (Version: 15.1 - Adobe Systems Incorporated)
Age of Empires II - The Conquerors - 1.0e Patch FINAL (HKLM-x32\...\Age of Empires II - The Conquerors - 1.0e Patch FINAL_is1) (Version: 1.0e - tOrMeNtIuM/m0d)
AmazingMIDI (HKLM-x32\...\AmazingMIDI) (Version: - )
AMD Catalyst Install Manager (HKLM\...\{6119B3A6-3603-9695-0398-CDF2AF0A13F8}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.10.0.0 - AppEx Networks)
Anno 1503 GOLD (HKLM-x32\...\Anno 1503 GOLD_is1) (Version: - GamersGate)
Armagetron Advanced 0.2.8.3.2 (HKLM-x32\...\Armagetron Advanced) (Version: 0.2.8.3.2 - Armagetron Advanced Team)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.8.000 - Asmedia Technology)
ASRock 3TB+ Unlocker v1.1 (HKLM\...\ASRock 3TB+ Unlocker_is1) (Version: - ASRock Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2245 - AVAST Software)
Bastion (HKLM-x32\...\Bastion_is1) (Version: - )
Broken Sword - The Shadow of the Templars (HKLM-x32\...\Broken Sword - The Shadow of the Templars_is1) (Version: - GOG.com)
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Cossacks Anthology (HKLM-x32\...\Cossacks Anthology_is1) (Version: - GOG.com)
Creative ALchemy (HKLM-x32\...\ALchemy) (Version: 1.43 - Creative Technology Limited)
Creative Audio-Systemsteuerung (HKLM-x32\...\AudioCS) (Version: 2.00 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dark Messiah Of Might And Magic (HKLM-x32\...\Dark Messiah Of Might And Magic_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91)
Das Schwarze Auge (HKLM-x32\...\{9309441A-73B1-4A26-8A78-57E298DC2D02}) (Version: 1.0.0 - JoWood)
Diablo II (HKLM-x32\...\Diablo II) (Version: - )
Dropbox (HKU\S-1-5-21-2977046599-1652667645-1297689053-1000\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Fahrenheit (Indigo Prophecy) (HKLM-x32\...\GOGPACKFAHRENHEIT_is1) (Version: 2.0.0.7 - GOG.com)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\Firebird SQL Server D) (Version: 2.0.1.13 - MAGIX AG)
Fraps (HKLM-x32\...\Fraps) (Version: - )
Free Alarm Clock 3.1.0 (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 3.1 - Comfort Software Group)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
gnuplot 4.6.6 (HKLM-x32\...\{AB419AC3-9BC1-4EC5-A75B-4D8870DD651F}_is1) (Version: 4.6.6 - gnuplot development team)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Gothic (HKLM-x32\...\{BBF10B37-4ED3-11D5-A818-00500435FC18}) (Version: - )
Gothic II - Die Nacht des Raben (HKLM-x32\...\Gothic II - Die Nacht des Raben) (Version: - JoWooD Productions Software AG)
Gothic II (HKLM-x32\...\Gothic II) (Version: - JoWooD Productions Software AG)
Gothic Multiplayer (HKLM-x32\...\Gothic Multiplayer) (Version: 0.1.9 - Gothic Multiplayer Team)
Gothic_Patch (HKLM-x32\...\{302AC480-43D2-11D5-A818-00500435FC18}) (Version: - )
GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.15) (Version: 9.15 - Artifex Software Inc.)
Grand Theft Auto Vice City (HKU\S-1-5-21-2977046599-1652667645-1297689053-1000\...\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}) (Version: 1.00.000 - )
GTA San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games)
Heroes of Annihilated Empires (HKLM-x32\...\Heroes of Annihilated Empires_is1) (Version: - GSC Game World)
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
Image Resizer for Windows (64 bit) (Version: 3.0.4802.35565 - Brice Lambson) Hidden
Image Resizer for Windows (HKLM-x32\...\{69d72156-6582-4556-8637-06f40aa7f85b}) (Version: 3.0.4802.35565 - Brice Lambson)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Logic Fun 4.8 (HKLM-x32\...\Logic Fun 4.8) (Version: - )
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech)
Logitech Unifying-Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
MAGIX Music Maker for MySpace 15.0.1.8 (D) (HKLM-x32\...\MAGIX Music Maker for MySpace D) (Version: 15.0.1.8 - MAGIX AG)
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - )
Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version: - )
Microsoft DirectMusic Producer (HKLM-x32\...\DirectMusic Producer) (Version: - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
MIDI4all (HKLM-x32\...\{668B80AF-D98F-42FC-8EE1-36252B03C5C9}_is1) (Version: MIDI4all 1.5 - Webdesign-Forum.de)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
MiniTool Partition Wizard Home Edition 8.1.1 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek)
Mozilla Firefox 43.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 43.0 (x86 de)) (Version: 43.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.0.5820 - Mozilla)
Mozilla Thunderbird 38.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 38.4.0 (x86 de)) (Version: 38.4.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Need For Speed Underground (v 1.1001.0) version 1.1001.0 (HKLM-x32\...\Need For Speed Underground (v 1.1001.0)_is1) (Version: 1.1001.0 - Black Plague)
NehrimUninstaller (HKLM-x32\...\Nehrim - Am Rande des Schicksals_is1) (Version: 1.0.0 - SureAI)
Nidhogg (HKLM-x32\...\TmlkaG9nZw==_is1) (Version: 1 - )
Nidhogg incl. Update 1 (HKLM-x32\...\TmlkaG9nZ2luY2xVcGRhdGUx_is1) (Version: 1 - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.7 - Notepad++ Team)
Oblivion - Horse Armor Pack (HKLM-x32\...\{3ABEBD00-299D-4DCA-967F-B912163AB5EA}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion - Knights of the Nine (HKLM-x32\...\{14C87AA7-08E6-419F-A165-998EBE5023D7}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion - Thieves Den (HKLM-x32\...\{FFFFFD17-B460-41EB-93F1-C48ABAD63828}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion - Vile Lair (HKLM-x32\...\{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion - Wizard's Tower (HKLM-x32\...\{2F2E3D62-8B8C-448F-8900-451325E50948}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion (HKLM-x32\...\{35CB6715-41F8-4F99-8881-6FC75BF054B0}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion mod manager 1.1.12 (HKLM-x32\...\Oblivion mod manager_is1) (Version: - Timeslip)
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
OpenVPN 2.3.6-I603 (HKLM\...\OpenVPN) (Version: 2.3.6-I603 - )
Outland ENG 1.00 (HKLM-x32\...\Outland ENG 1.00) (Version: 1.00 - Èãðû íà Cat-A-Cat.NET)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version: - )
PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.24.16092 - pdfforge GmbH)
PDF Architect 2 Edit Module (HKLM-x32\...\{8B0A956F-9BE6-495B-AF80-7B5B42061D79}) (Version: 2.1.6.19758 - pdfforge GmbH)
PDF Architect 2 View Module (HKLM-x32\...\{D691E998-CF53-4F6C-AC20-E4284660E0E7}) (Version: 2.1.6.19758 - pdfforge GmbH)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.309.0 - Tracker Software Products Ltd)
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.9 - )
pidgin-otr 4.0.0-1 (HKLM-x32\...\pidgin-otr) (Version: 4.0.0-1 - Cypherpunks CA)
Project 64 version 2.1.0.1 (HKLM-x32\...\Project 64_is1) (Version: 2.1.0.1 - )
Project Nomads (HKLM-x32\...\Project Nomads) (Version: - )
Python 2.7.9 (HKLM-x32\...\{79F081BF-7454-43DB-BD8F-9EE596813232}) (Version: 2.7.9150 - Python Software Foundation)
RCT3 Soaked (HKLM-x32\...\{EA926717-CE5A-4CB4-AB21-9E6E9565A458}) (Version: 1.00.000 - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.86.508.2014 - Realtek)
Reason 5.0 (HKLM-x32\...\Reason5_is1) (Version: 5.0 - Propellerhead Software AB)
RollerCoaster Tycoon 2 (HKLM-x32\...\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}) (Version: - )
RollerCoaster Tycoon® 3 (HKLM-x32\...\{907B4640-266B-4A21-92FB-CD1A86CD0F63}) (Version: 1.00.000 - )
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Satti's Texturpatch 1.5 (HKLM-x32\...\Sattis_Texturpatch) (Version: - )
Schein version 1.0.7 (HKLM-x32\...\{E17A3A24-0365-40AB-9D0C-9FB11E2035DF}_is1) (Version: 1.0.7 - Zeppelin Studio)
Sins of a Solar Empire Trinity (HKLM-x32\...\Sins of a Solar Empire Trinity_is1) (Version: - Stardock Entertainment)
Skype™ 6.22 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.104 - Skype Technologies S.A.)
Soldat 1.6.8 (HKLM-x32\...\Soldat_is1) (Version: 1.6.8 - Michal Marcinkowski)
Stream What You Hear (SWYH) Version 1.4 (HKLM-x32\...\{5FBEA9D3-668E-4B88-BF6C-E1BCF441ECFD}_is1) (Version: 1.4 - Sebastien.warin.fr)
Stronghold Crusader Extreme (HKLM-x32\...\{8C3727F2-8E37-49E4-820C-03B1677F53B6}) (Version: 1.20.0000 - Firefly Studios)
Stronghold HD (HKLM-x32\...\GOGPACKSTRONGHOLDHD_is1) (Version: 2.0.0.3 - GOG.com)
System Explorer 7.0.0 (HKLM-x32\...\{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1) (Version: - Mister Group)
TAP-Windows 9.21.1 (HKLM\...\TAP-Windows) (Version: 9.21.1 - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeXnicCenter Version 2.02 Stable (HKLM\...\TeXnicCenter_is1) (Version: 2.02 Stable - The TeXnicCenter Team)
The Forest v0.05 (HKLM-x32\...\The Forest v0.050.05) (Version: 0.05 - Friends in War)
ThielHater's Texturepatch v1.0.2 (HKLM-x32\...\ThielHater's Texturepatch_is1) (Version: 1.0 - ThielHater © 2007-2009)
Tropico (HKLM-x32\...\{818FB39B-1A57-4F1B-A54D-391C33D6C586}) (Version: - )
Tropico: Paradise Island (HKLM-x32\...\{2BAE6A53-E241-11D5-873A-0050DABC2539}) (Version: - )
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Viscosity 1.5.10 (1385) (HKLM\...\{CC85567E-DC83-4BB5-AD77-D84514C0D059}_is1) (Version: 1.5.10.1385 - SparkLabs)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.5-3 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
Wrye Bash (HKLM-x32\...\Wrye Bash) (Version: 0.3.0.6 - Wrye & Wrye Bash Development Team)
XnView 2.31 (HKLM-x32\...\XnView_is1) (Version: 2.31 - Gougelet Pierre-e)
Zip Motion Block Video codec (Remove Only) (HKLM-x32\...\ZMBV) (Version: - DOSBox Team)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\BUN\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2977046599-1652667645-1297689053-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\BUN\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
==================== Restore Points =========================
ATTENTION: System Restore is disabled
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2015-12-14 17:53 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {03AB49A5-CC1F-4044-AF72-91F3E69A8FDA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-08] (Adobe Systems Incorporated)
Task: {16C1E1F5-F59B-4E1C-8CA2-FBB7FB12C859} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-07] (Google Inc.)
Task: {18D48FFE-AE2F-4642-BB8F-CF15C47F81D7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-07] (Google Inc.)
Task: {1EC69B59-7666-4A24-AF6C-637CE27473C2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {22FE4F64-F1D4-4A30-AF8B-F9001CF20BDF} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-12-14] (AVAST Software)
Task: {355CFB12-189B-493A-ADB5-9B96C9D74F01} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2015-12-03] (AVAST Software)
Task: {4CB05B81-66DC-417A-871C-8CECCCCF3CED} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2977046599-1652667645-1297689053-1000UA => C:\Users\BUN\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17] (Dropbox, Inc.)
Task: {5B0E87F9-6BD5-4E02-B5CC-69999C239466} - System32\Tasks\FRAPS => C:\Program Files\Fraps\fraps.exe [2013-02-26] (Beepa P/L)
Task: {7E35BD39-3E00-4443-B3FA-F04EF93AF19C} - System32\Tasks\AdobeAAMUpdater-1.0-BUN-BUN => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {AFBF4D9E-87F2-4624-98B9-A3F9FBC369B9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {ECCA614C-87DE-40E3-88BA-DD2934C9A974} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2977046599-1652667645-1297689053-1000Core => C:\Users\BUN\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17] (Dropbox, Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2977046599-1652667645-1297689053-1000Core.job => C:\Users\BUN\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2977046599-1652667645-1297689053-1000UA.job => C:\Users\BUN\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2014-10-09 15:36 - 2009-11-30 18:54 - 00089088 _____ () C:\Windows\SYSTEM32\CmdRtr64.DLL
2014-10-09 15:36 - 2009-12-08 15:52 - 00230912 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2011-10-07 10:39 - 2011-10-07 10:39 - 01304856 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2015-02-17 14:39 - 2014-08-19 20:12 - 01356568 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2014-04-17 21:29 - 2014-04-17 21:29 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2015-12-14 17:50 - 2015-12-14 17:50 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-12-14 17:50 - 2015-12-14 17:50 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-12-14 17:47 - 2015-12-14 17:47 - 02803712 _____ () C:\Program Files\AVAST Software\Avast\defs\15121400\algo.dll
2015-12-14 17:50 - 2015-12-14 17:50 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2015-12-14 17:50 - 2015-12-14 17:50 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2977046599-1652667645-1297689053-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\BUN\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1 - 192.168.0.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Users^BUN^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenVPN GUI.lnk => C:\Windows\pss\OpenVPN GUI.lnk.Startup
MSCONFIG\startupreg: ACSW17DE => "C:\Program Files (x86)\ACD Systems\ACDSee\17.0\acdIDInTouch2.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5.5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: AppEx Accelerator UI => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe -h
MSCONFIG\startupreg: HydraVisionDesktopManager => "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: Start WingMan Profiler => C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
MSCONFIG\startupreg: Viscosity => C:\Program Files\Viscosity\Viscosity.exe
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{4327D6D5-A0F2-410D-8092-0B32E2349286}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{6E43EBFD-2560-4FEF-A575-C172FEFD0FAC}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{C2E665DF-38FD-41E4-BD98-CEB3F55A99B6}] => (Block) %ProgramFiles% (x86)\Common Files\Adobe\OOBE\PDApp\core\PDapp.exe
FirewallRules: [{25417818-D42D-4AB6-81B1-2078D02AB5FA}] => (Block) J:\Programme\Illustrator\Adobe Illustrator CC 2014\Support Files\Contents\Windows\Illustrator.exe
FirewallRules: [{078CD343-B791-4933-B62D-BF2ABEC304B3}] => (Block) J:\Programme\Illustrator\Adobe Illustrator CC 2014\Support Files\Contents\Windows\Illustrator.exe
FirewallRules: [{619C0ABF-F05E-44B7-AAE2-6B2BFB039F4A}] => (Block) %ProgramFiles% (x86)\Common Files\Adobe\OOBE\PDApp\core\PDapp.exe
FirewallRules: [TCP Query User{52E2E571-C4CC-4A58-9349-BAE17064D706}J:\desktop\games\siedler2multiplayer\s25rttr_20140724\s25client.exe] => (Allow) J:\desktop\games\siedler2multiplayer\s25rttr_20140724\s25client.exe
FirewallRules: [UDP Query User{38E98AB5-A5BD-468E-A07D-48B6A2771D35}J:\desktop\games\siedler2multiplayer\s25rttr_20140724\s25client.exe] => (Allow) J:\desktop\games\siedler2multiplayer\s25rttr_20140724\s25client.exe
FirewallRules: [{22E67D42-71EE-4BDE-9261-281F551E1BD5}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{3E1DBFE8-6B1B-4A79-B719-F1430E5172D4}C:\games\outland eng\outland.exe] => (Block) C:\games\outland eng\outland.exe
FirewallRules: [UDP Query User{3F06E140-9AD6-4DB2-BBD3-4B0188A7972B}C:\games\outland eng\outland.exe] => (Block) C:\games\outland eng\outland.exe
FirewallRules: [TCP Query User{18D630E8-A374-47FD-83F3-383588B5CBB3}J:\games\garrys.mod.13.v163\garry's mod\hl2.exe] => (Block) J:\games\garrys.mod.13.v163\garry's mod\hl2.exe
FirewallRules: [UDP Query User{65202322-CCB5-43B3-B4D0-2A6D1767CC3E}J:\games\garrys.mod.13.v163\garry's mod\hl2.exe] => (Block) J:\games\garrys.mod.13.v163\garry's mod\hl2.exe
FirewallRules: [TCP Query User{537719F0-A846-4346-9A67-C19B7B9FD9F7}J:\games\heroesofae\data\engine.exe] => (Allow) J:\games\heroesofae\data\engine.exe
FirewallRules: [UDP Query User{75AC2AFB-A714-4403-ACBB-447B4CC671CE}J:\games\heroesofae\data\engine.exe] => (Allow) J:\games\heroesofae\data\engine.exe
FirewallRules: [{BA15CB80-96D2-41AB-A811-55B932BF5F48}] => (Allow) C:\Windows\SysWOW64\dplaysvr.exe
FirewallRules: [{4F983578-EF26-4942-8D89-490BF9AEF57F}] => (Allow) C:\Windows\SysWOW64\dplaysvr.exe
FirewallRules: [{9FEC3CA9-AD7F-41EC-9D0F-4C56FFF6ED6D}] => (Allow) J:\games\AOE2\age2_x1\age2_x2.exe
FirewallRules: [{9EBCD385-8CC3-4362-B87B-DAF725E28EBF}] => (Allow) J:\games\AOE2\age2_x1\age2_x2.exe
FirewallRules: [TCP Query User{27784A5F-3E3B-43C0-BE2C-6E05190658FB}J:\games\stronghold crusaders x\stronghold crusader.exe] => (Allow) J:\games\stronghold crusaders x\stronghold crusader.exe
FirewallRules: [UDP Query User{74FADE77-0C55-4603-A78A-5DCC7E6F0732}J:\games\stronghold crusaders x\stronghold crusader.exe] => (Allow) J:\games\stronghold crusaders x\stronghold crusader.exe
FirewallRules: [TCP Query User{DBE7E813-D991-4F5B-A41A-383C60F013F5}J:\games\aoe2\age2_x1\age2_x2.exe] => (Allow) J:\games\aoe2\age2_x1\age2_x2.exe
FirewallRules: [UDP Query User{1F39176F-3A26-409D-A0C5-459FBAB31039}J:\games\aoe2\age2_x1\age2_x2.exe] => (Allow) J:\games\aoe2\age2_x1\age2_x2.exe
FirewallRules: [TCP Query User{39313C56-680C-4C38-B249-0CDF7B5543DE}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{A3436D77-AB29-439D-8A3F-5DB744675782}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{AB501570-EFCB-44EB-B8D2-51A84C29D8DF}J:\games\anno 1503\1503startup.exe] => (Allow) J:\games\anno 1503\1503startup.exe
FirewallRules: [UDP Query User{B665B328-90E8-4F22-8974-468701054A43}J:\games\anno 1503\1503startup.exe] => (Allow) J:\games\anno 1503\1503startup.exe
FirewallRules: [{0C748F88-96D3-4631-A252-5DFAC2CF4265}] => (Block) J:\games\anno 1503\1503startup.exe
FirewallRules: [{3986A006-7B64-4EB9-82D0-2B7CBA1778EE}] => (Block) J:\games\anno 1503\1503startup.exe
FirewallRules: [{6597CB7D-5614-43F9-B8CC-1E989F84F28D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1F55D85C-969E-4A71-9571-2525BE4D0F6E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{39B04C3D-B012-4BA9-B249-BF9C052F07FF}J:\games\stronghold hd\stronghold.exe] => (Allow) J:\games\stronghold hd\stronghold.exe
FirewallRules: [UDP Query User{99DC6BEF-EBC2-4F02-948D-891EA13CB20F}J:\games\stronghold hd\stronghold.exe] => (Allow) J:\games\stronghold hd\stronghold.exe
FirewallRules: [TCP Query User{89D9A7B2-1B2A-4B1B-B25C-124924554789}J:\games\soldat\soldat.exe] => (Allow) J:\games\soldat\soldat.exe
FirewallRules: [UDP Query User{C6DEFDBE-C5FE-4C96-8B2A-803F791791BB}J:\games\soldat\soldat.exe] => (Allow) J:\games\soldat\soldat.exe
FirewallRules: [TCP Query User{3B31FE70-4F11-4EC0-ADBF-6723B7F7CCDA}J:\desktop\games\siedler ii\s25rttr_0.8.1\s25client.exe] => (Block) J:\desktop\games\siedler ii\s25rttr_0.8.1\s25client.exe
FirewallRules: [UDP Query User{B1489B47-8F54-4E87-8D94-11300E95C709}J:\desktop\games\siedler ii\s25rttr_0.8.1\s25client.exe] => (Block) J:\desktop\games\siedler ii\s25rttr_0.8.1\s25client.exe
FirewallRules: [{9FDA6E54-35FC-4E44-B4E9-B7357557D800}] => (Allow) C:\Users\BUN\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{E030201E-52A2-4155-BB93-120C274AE149}] => (Allow) C:\Users\BUN\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{7DF2FD8E-2CD7-44EA-A926-A1DD6B667C94}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{1004B879-BDBA-429F-94EC-36776180B139}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{A32517CE-437D-4C91-A1D2-9B26F8B6897B}] => (Allow) J:\Programme\µtorrent\uTorrent.exe
FirewallRules: [{546D825C-C0DA-4240-96B3-841F31867E16}] => (Allow) J:\Programme\µtorrent\uTorrent.exe
FirewallRules: [TCP Query User{AF8067F2-79B7-4FE7-9D9E-234D2643086F}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [UDP Query User{9370C4F1-2BAE-486D-B6B5-0BD74FAD06E4}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [TCP Query User{13A66C83-22C9-4655-8BBD-C0E55544D488}C:\users\bun\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\bun\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{37F18C06-305C-431C-88A3-0FC3EC339B9D}C:\users\bun\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\bun\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{2C43D41B-DE77-488C-BBFF-F3BC0D77E8DF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4D137316-6008-4188-B6A4-8A19EEFD02F4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{C31164FF-670C-4421-88F6-A1FD2122674A}C:\program files (x86)\stream what you hear\swyh.exe] => (Allow) C:\program files (x86)\stream what you hear\swyh.exe
FirewallRules: [UDP Query User{43EE5955-2A2F-4D90-B876-039C4A95C95A}C:\program files (x86)\stream what you hear\swyh.exe] => (Allow) C:\program files (x86)\stream what you hear\swyh.exe
FirewallRules: [TCP Query User{761F2BF1-A38E-4F2E-AEB8-1FEBE45155D5}C:\windows\syswow64\dpnsvr.exe] => (Allow) C:\windows\syswow64\dpnsvr.exe
FirewallRules: [UDP Query User{5434C314-0EAA-4BD3-B9C0-C5A8D45A464B}C:\windows\syswow64\dpnsvr.exe] => (Allow) C:\windows\syswow64\dpnsvr.exe
FirewallRules: [TCP Query User{EBF03F23-7F9D-417C-9CEB-CB529D40D876}J:\games\counter strike 1.6\counter strike 1.6\hl.exe] => (Allow) J:\games\counter strike 1.6\counter strike 1.6\hl.exe
FirewallRules: [UDP Query User{905A5DA8-0E46-4A52-A5E4-F2D46928A3D8}J:\games\counter strike 1.6\counter strike 1.6\hl.exe] => (Allow) J:\games\counter strike 1.6\counter strike 1.6\hl.exe
FirewallRules: [TCP Query User{2B0E7919-0DAA-43A9-A20F-77BC1A0A7BBD}J:\games\downhill pakoon! 2.many unlimited 2009\pakoon2.exe] => (Allow) J:\games\downhill pakoon! 2.many unlimited 2009\pakoon2.exe
FirewallRules: [UDP Query User{B953840D-07ED-44F8-85CD-DF6636A0EB81}J:\games\downhill pakoon! 2.many unlimited 2009\pakoon2.exe] => (Allow) J:\games\downhill pakoon! 2.many unlimited 2009\pakoon2.exe
FirewallRules: [TCP Query User{7BD3957B-7ADF-4616-8403-2D19A8F1C3C9}J:\games\unreal tournament\unrealtournament\system\unrealtournament.exe] => (Allow) J:\games\unreal tournament\unrealtournament\system\unrealtournament.exe
FirewallRules: [UDP Query User{91E617AF-F8CD-437D-8A55-4F0FE007FBC4}J:\games\unreal tournament\unrealtournament\system\unrealtournament.exe] => (Allow) J:\games\unreal tournament\unrealtournament\system\unrealtournament.exe
FirewallRules: [TCP Query User{14350D9D-6781-41CB-9D25-EA45044F0350}J:\games\cossacks anthology\cossacks - european wars\dmcr.exe] => (Allow) J:\games\cossacks anthology\cossacks - european wars\dmcr.exe
FirewallRules: [UDP Query User{02EFACF4-1698-48AD-8BFE-051CEAA7DB5A}J:\games\cossacks anthology\cossacks - european wars\dmcr.exe] => (Allow) J:\games\cossacks anthology\cossacks - european wars\dmcr.exe
FirewallRules: [TCP Query User{BF062D11-48F7-49CA-8F0A-DD34762A7BB0}J:\games\cossacks anthology\cossacks - art of war\dmcr.exe] => (Allow) J:\games\cossacks anthology\cossacks - art of war\dmcr.exe
FirewallRules: [UDP Query User{30FD45FB-77E7-42F9-9DC3-AC05D87F4176}J:\games\cossacks anthology\cossacks - art of war\dmcr.exe] => (Allow) J:\games\cossacks anthology\cossacks - art of war\dmcr.exe
==================== Faulty Device Manager Devices =============
Name: TAP-Windows Adapter V9
Description: TAP-Windows Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: tap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Viscosity Virtual Adapter V9.1
Description: Viscosity Virtual Adapter V9.1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: SparkLabs VPN
Service: visctap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (12/14/2015 07:42:10 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: Fehler beim Lizenzaktivierungsplaner (sppuinotify.dll). Fehlercode:
0x80070005
Error: (12/14/2015 07:40:50 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (12/14/2015 06:42:10 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: Fehler beim Lizenzaktivierungsplaner (sppuinotify.dll). Fehlercode:
0x80070005
Error: (12/14/2015 06:01:12 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (12/14/2015 06:01:10 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (12/14/2015 06:01:07 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (12/14/2015 05:54:17 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.
Error: (12/14/2015 05:51:05 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.
Error: (12/14/2015 05:45:33 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.
Error: (12/14/2015 12:30:13 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: Fehler beim Lizenzaktivierungsplaner (sppuinotify.dll). Fehlercode:
0x80070005
System errors:
=============
Error: (12/14/2015 06:42:10 PM) (Source: DCOM) (EventID: 10001) (User: )
Description: C:\Windows\System32\slui.exe -Embedding5{F87B28F1-DA9A-4F35-8EC0-800EFCF26B83}
Error: (12/14/2015 06:08:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (12/14/2015 06:08:55 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\BUN\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (12/14/2015 06:08:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (12/14/2015 06:08:54 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\BUN\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (12/14/2015 06:08:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (12/14/2015 06:08:54 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\BUN\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (12/14/2015 06:02:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (12/14/2015 06:02:52 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\BUN\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (12/14/2015 06:02:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
==================== Memory info ===========================
Processor: AMD Athlon(tm) 5350 APU with Radeon(tm) R3
Percentage of memory in use: 58%
Total physical RAM: 3522.6 MB
Available physical RAM: 1468.45 MB
Total Virtual: 9664.8 MB
Available Virtual: 7393.37 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:58.59 GB) (Free:10.4 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 4F5F4095)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=06)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 58.7 GB) (Disk ID: 55D5A24D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=58.6 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
|
|
14.12.2015, 21:06
| #12 | ||||||||
| /// TB-Ausbilder | infizierte .doc Datei geöffnet - Banking Trojaner? Infizierte .doc Datei löschen, falls noch vorhanden. Reste entfernen Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
CloseProcesses:
C:\Users\BUN\Downloads\PSDViewer32Setup.exe
C:\Users\BUN\AppData\Roaming\uTorrent\updates\3.4.2_32691.exe
Reboot:
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Die Fixlog von FRST gleich posten, da diese sonst mit DelFix (siehe weiter unten) automatisch entfernt wird! Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.  Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.  Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde:  Combofix deinstallieren
Alle Logs gepostet? Dann lade Dir bitte  DelFix herunter.
Starte Deinen Rechner anschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst... und/oder das Forum mit einer kleinen Spende  unterstützen.   Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Sofern du noch unentschieden bist, verwende ein einziges der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank:
Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional:  Adblock Plus Kann Banner, Pop-ups, Videowerbung, Tracking und Malware-Seiten blockieren. NoScript Verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.Lade Software von einem sauberen Portal wie  .Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen:
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
|
14.12.2015, 23:30
| #13 |
| | infizierte .doc Datei geöffnet - Banking Trojaner? Super vielen Dank. Anbei schonmal die Log. Ich melde mich gleich nochmal nachden alles bereinigt ist. Code:
ATTFilter Fix result of Farbar Recovery Scan Tool (x64) Version:12-12-2015 01
Ran by BUN (2015-12-14 21:20:51) Run:2
Running from C:\Users\BUN\Desktop
Loaded Profiles: BUN (Available Profiles: BUN)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CloseProcesses:
C:\Users\BUN\Downloads\PSDViewer32Setup.exe
C:\Users\BUN\AppData\Roaming\uTorrent\updates\3.4.2_32691.exe
Reboot:
end
*****************
Processes closed successfully.
C:\Users\BUN\Downloads\PSDViewer32Setup.exe => moved successfully
C:\Users\BUN\AppData\Roaming\uTorrent\updates\3.4.2_32691.exe => moved successfully
The system needed a reboot.
==== End of Fixlog 21:20:52 ====
Matthias für deine ganze Mühe Was für eine Bedrohung wurde denn nun gefunden oder war alles ok? Werden euch dann mal eine nun hoffentlich sichere Spende zukommen lassen. |
|
15.12.2015, 16:57
| #14 |
| /// TB-Ausbilder | infizierte .doc Datei geöffnet - Banking Trojaner? Nichts bedenkliches. Ich bin froh, dass wir helfen konnten  In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest: Lob, Kritik und Wünsche Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank! Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen. |
|
| Themen zu infizierte .doc Datei geöffnet - Banking Trojaner? |
| .doc invoice, antivirus, browser, defender, dnsapi.dll, downloader, fehler, firefox, flash player, google, helper, home, infizierte, mozilla, mp3, registry, rundll, scan, secur, services.exe, software, svchost.exe, temp, tower, trojaner, trojaner?, ublock, ublock origin, udp, windows |
und 
und speichere die Logdatei auf Deinem Desktop.
+ R Taste und schreibe Combofix /Uninstall in das 
Linear-Darstellung
