Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Finanzamt Trojaner rechtzeitig von Sophos geblockt?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 07.09.2014, 19:59   #1
Pip2
 
Finanzamt Trojaner rechtzeitig von Sophos geblockt? - Standard

Finanzamt Trojaner rechtzeitig von Sophos geblockt?



Hallo Trojaner-Experten,

ich habe die sogenannte Finanzamt-E-Mail bekommen. Dort war die zip-Datei mit angehängt, die ich entpackt habe und (versucht) habe zu öffnen. Versucht deshalb, weil ich kein Word habe, sondern lediglich den Word-Viewer und Open Office und deshalb die Datei nicht zu öffnen war (Fehler: "Makros müssen aktiviert werden"). Kurz darauf kam von Sophos der Hinweis, dass ein Trojaner in die Quarantäne verschoben wurde. Jetzt würde ich gerne wissen, ob mein Computer tatsächlich dem Trojaner entgangen ist (immerhin habe ich schon alles durchgeführt) oder ob ich noch einmal Glück hatte.
Leider finde ich in meinem Sophos keine weiteren Informationen mehr über den Trojaner - ich habe aber gemäß Anleitung sämtliche Files erstellt:

Defogger:
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:15 on 07/09/2014 (Pippin)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
FRST:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2014 01
Ran by Pippin (administrator) on PIP on 07-09-2014 19:25:34
Running from C:\Users\Pippin\Downloads
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
() C:\Windows\System32\DptfParticipantProcessorService.exe
() C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Dropbox, Inc.) C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavMain.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [21888 2012-07-30] ()
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-24] (ASUS)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-28] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [900160 2012-07-06] (Sophos Limited)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-242285392-2585440693-653752246-1002\...\Policies\Explorer: [NoDrives] 0x00000000
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs: ,C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll [218696 2014-07-29] (Sophos Limited)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: ,C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [222280 2014-07-29] (Sophos Limited)
Startup: C:\Users\Pippin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: AsusWSShellExt_U -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Pippin\AppData\Roaming\Mozilla\Firefox\Profiles\63282fnp.default
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: https://www.google.de/
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files (x86)\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files (x86)\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\sweet-page.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Pippin\AppData\Roaming\Mozilla\Firefox\Profiles\63282fnp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-02-23]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome: 
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2369720 2014-08-01] (Microsoft Corporation)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [29056 2012-07-30] ()
R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [30592 2012-07-30] ()
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-26] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-26] (Microsoft Corporation)
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [215848 2014-04-14] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [139048 2014-04-14] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [232512 2012-07-06] (Sophos Limited)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-26] (Microsoft Corporation)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2869824 2012-11-12] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [1998400 2012-11-12] (Sophos Limited)
S4 TuneUp.Defrag; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe [607040 2013-02-22] (TuneUp Software)
S4 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [1403200 2011-11-21] (TuneUp Software)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [107328 2012-07-13] (Intel Corporation)
R3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [42816 2012-07-13] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [64832 2012-07-13] (Intel Corporation)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [96064 2012-07-13] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [228672 2012-07-13] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [361792 2012-07-13] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [144672 2012-04-24] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\system32\DRIVERS\SophosBootDriver.sys [25608 2011-08-25] (Sophos Plc)
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [11856 2010-02-24] (TuneUp Software)
U0 msahci; No ImagePath
U3 fxloapow; \??\C:\Users\Pippin\AppData\Local\Temp\fxloapow.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-07 19:24 - 2014-09-07 19:25 - 00009936 _____ () C:\Users\Pippin\Downloads\Addition.txt
2014-09-07 19:23 - 2014-09-07 19:25 - 00016775 _____ () C:\Users\Pippin\Downloads\FRST.txt
2014-09-07 19:23 - 2014-09-07 19:23 - 00380416 _____ () C:\Users\Pippin\Downloads\jyff14mu.exe
2014-09-07 19:22 - 2014-09-07 19:25 - 00000000 ____D () C:\FRST
2014-09-07 19:19 - 2014-09-07 19:19 - 02105344 _____ (Farbar) C:\Users\Pippin\Downloads\FRST64.exe
2014-09-07 19:15 - 2014-09-07 19:15 - 00000474 _____ () C:\Users\Pippin\Downloads\defogger_disable.log
2014-09-07 19:15 - 2014-09-07 19:15 - 00000000 _____ () C:\Users\Pippin\defogger_reenable
2014-09-07 19:13 - 2014-09-07 19:13 - 00050477 _____ () C:\Users\Pippin\Downloads\Defogger.exe
2014-09-04 20:07 - 2014-09-04 20:10 - 00000000 ____D () C:\Users\Pippin\Downloads\Steuerbericht09201417
2014-09-03 21:27 - 2014-09-03 21:27 - 00017309 _____ () C:\Users\Pippin\Desktop\Picknick.odt
2014-08-27 22:46 - 2014-08-23 08:47 - 04036096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-20 22:22 - 2014-08-27 22:51 - 00449272 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-13 09:40 - 2014-07-16 00:51 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-08-13 09:36 - 2014-06-11 00:44 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 09:36 - 2014-06-11 00:43 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 09:33 - 2014-07-24 14:11 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-13 09:33 - 2014-07-24 14:10 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 09:33 - 2014-07-24 14:10 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 09:33 - 2014-07-24 14:10 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-08-13 09:33 - 2014-07-24 14:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-08-13 09:33 - 2014-07-24 14:09 - 19279872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 09:33 - 2014-07-24 14:09 - 15399936 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 09:33 - 2014-07-24 14:09 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 09:33 - 2014-07-24 14:09 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 09:33 - 2014-07-24 14:09 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 09:33 - 2014-07-24 14:09 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-13 09:33 - 2014-07-24 14:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 09:33 - 2014-07-24 14:09 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 09:33 - 2014-07-24 14:09 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 09:33 - 2014-07-24 14:09 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-13 09:33 - 2014-07-24 14:09 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-13 09:33 - 2014-07-24 14:09 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-08-13 09:33 - 2014-07-24 14:09 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 09:33 - 2014-07-24 14:09 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-13 09:33 - 2014-07-24 14:09 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 09:33 - 2014-07-24 14:09 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-13 09:33 - 2014-07-24 12:52 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-13 09:33 - 2014-07-24 12:52 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-13 09:33 - 2014-07-24 12:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-08-13 09:33 - 2014-07-24 12:51 - 14371328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-13 09:33 - 2014-07-24 12:51 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-13 09:33 - 2014-07-24 12:51 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-13 09:33 - 2014-07-24 12:51 - 02054656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-13 09:33 - 2014-07-24 12:51 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-13 09:33 - 2014-07-24 12:51 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-13 09:33 - 2014-07-24 12:51 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-13 09:33 - 2014-07-24 12:51 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-13 09:33 - 2014-07-24 12:51 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-13 09:33 - 2014-07-24 12:51 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-13 09:33 - 2014-07-24 12:51 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-13 09:33 - 2014-07-24 12:51 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-08-13 09:33 - 2014-07-24 12:51 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-13 09:33 - 2014-07-24 12:51 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-13 09:33 - 2014-07-24 12:51 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-13 09:33 - 2014-07-24 12:51 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-13 09:33 - 2014-07-24 12:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 09:33 - 2014-07-24 12:29 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-13 09:33 - 2014-07-24 10:03 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-08-13 09:33 - 2014-07-16 01:03 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-13 09:33 - 2014-07-12 04:36 - 01023488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-13 09:33 - 2014-06-13 03:57 - 01453400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 09:33 - 2014-06-13 03:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-13 09:31 - 2014-06-20 01:35 - 01312768 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 09:31 - 2014-06-20 00:24 - 00694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-13 09:31 - 2014-06-05 19:56 - 00112984 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 09:31 - 2014-06-05 19:30 - 10116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-08-13 09:31 - 2014-06-05 19:29 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 09:31 - 2014-06-05 19:29 - 00393216 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 09:31 - 2014-06-05 19:28 - 02306560 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 09:31 - 2014-06-05 19:28 - 02146304 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-08-13 09:31 - 2014-06-05 15:12 - 08857600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-08-13 09:31 - 2014-06-05 15:11 - 02416128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-13 09:31 - 2014-06-05 15:11 - 00295424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-13 09:31 - 2014-06-05 15:10 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-13 09:31 - 2014-06-05 15:10 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-08-13 09:31 - 2014-05-29 06:04 - 00094552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2014-08-13 09:31 - 2014-05-08 03:34 - 00328024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-08-13 09:31 - 2014-05-03 08:34 - 06974808 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-08-13 09:31 - 2014-05-03 08:33 - 01824808 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-08-13 09:31 - 2014-05-03 06:51 - 01408976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-08-13 09:31 - 2014-05-02 00:37 - 01023488 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-08-13 09:31 - 2014-04-30 00:32 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe
2014-08-13 09:31 - 2014-04-30 00:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2014-08-13 09:31 - 2014-04-24 01:51 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-08-13 09:31 - 2014-04-24 01:51 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-08-13 09:31 - 2014-04-24 01:38 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-08-13 09:31 - 2014-04-24 01:38 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-08-11 20:41 - 2014-09-04 21:53 - 00144038 _____ () C:\Users\Pippin\Desktop\FFT 2013_fertig.mcf
2014-08-11 20:41 - 2014-09-04 21:53 - 00000000 ____D () C:\Users\Pippin\Desktop\FFT 2013_fertig_mcf-Dateien
2014-08-11 20:41 - 2014-08-11 20:41 - 00143468 _____ () C:\Users\Pippin\Desktop\FFT 2013_fertig.mcf~
2014-08-10 21:15 - 2014-08-10 21:15 - 00002616 _____ () C:\Windows\PFRO.log
2014-08-09 21:36 - 2014-08-09 21:36 - 00001865 _____ () C:\Users\Pippin\Downloads\URLLink(22).acsm
2014-08-09 21:35 - 2014-08-09 21:35 - 00001797 _____ () C:\Users\Pippin\Downloads\URLLink(21).acsm

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-07 19:25 - 2014-09-07 19:24 - 00009936 _____ () C:\Users\Pippin\Downloads\Addition.txt
2014-09-07 19:25 - 2014-09-07 19:23 - 00016775 _____ () C:\Users\Pippin\Downloads\FRST.txt
2014-09-07 19:25 - 2014-09-07 19:22 - 00000000 ____D () C:\FRST
2014-09-07 19:23 - 2014-09-07 19:23 - 00380416 _____ () C:\Users\Pippin\Downloads\jyff14mu.exe
2014-09-07 19:19 - 2014-09-07 19:19 - 02105344 _____ (Farbar) C:\Users\Pippin\Downloads\FRST64.exe
2014-09-07 19:15 - 2014-09-07 19:15 - 00000474 _____ () C:\Users\Pippin\Downloads\defogger_disable.log
2014-09-07 19:15 - 2014-09-07 19:15 - 00000000 _____ () C:\Users\Pippin\defogger_reenable
2014-09-07 19:15 - 2013-02-20 07:06 - 00000000 ____D () C:\Users\Pippin
2014-09-07 19:14 - 2012-11-02 13:43 - 01883270 _____ () C:\Windows\WindowsUpdate.log
2014-09-07 19:13 - 2014-09-07 19:13 - 00050477 _____ () C:\Users\Pippin\Downloads\Defogger.exe
2014-09-07 19:13 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-09-07 19:12 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-09-07 19:10 - 2013-09-02 19:47 - 00000000 ___RD () C:\Users\Pippin\Dropbox
2014-09-07 19:10 - 2013-09-02 19:43 - 00000000 ____D () C:\Users\Pippin\AppData\Roaming\Dropbox
2014-09-07 19:10 - 2013-02-20 07:10 - 00000507 _____ () C:\Users\Pippin\AppData\Roaming\sp_data.sys
2014-09-04 21:53 - 2014-08-11 20:41 - 00144038 _____ () C:\Users\Pippin\Desktop\FFT 2013_fertig.mcf
2014-09-04 21:53 - 2014-08-11 20:41 - 00000000 ____D () C:\Users\Pippin\Desktop\FFT 2013_fertig_mcf-Dateien
2014-09-04 21:53 - 2013-12-20 18:07 - 00000000 ____D () C:\ProgramData\tmp
2014-09-04 20:10 - 2014-09-04 20:07 - 00000000 ____D () C:\Users\Pippin\Downloads\Steuerbericht09201417
2014-09-03 21:48 - 2013-03-03 19:48 - 00000099 _____ () C:\Users\Public\LMDebug.log
2014-09-03 21:27 - 2014-09-03 21:27 - 00017309 _____ () C:\Users\Pippin\Desktop\Picknick.odt
2014-08-29 20:20 - 2013-10-23 22:00 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-27 23:00 - 2012-08-03 01:02 - 00760560 _____ () C:\Windows\system32\perfh007.dat
2014-08-27 23:00 - 2012-08-03 01:02 - 00158770 _____ () C:\Windows\system32\perfc007.dat
2014-08-27 23:00 - 2012-07-26 09:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-27 22:52 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-27 22:51 - 2014-08-20 22:22 - 00449272 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-27 22:50 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-08-27 22:49 - 2012-07-26 09:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-08-27 22:21 - 2013-07-10 21:54 - 00000000 _____ () C:\Windows\system32\vireng.log
2014-08-27 22:14 - 2013-02-21 23:27 - 00000000 ____D () C:\Users\Pippin\AppData\Roaming\Skype
2014-08-23 08:47 - 2014-08-27 22:46 - 04036096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-20 22:17 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData
2014-08-20 22:17 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore
2014-08-14 20:25 - 2013-09-15 22:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-14 20:22 - 2013-02-23 17:19 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-12 22:31 - 2013-09-02 19:47 - 00000984 _____ () C:\Users\Pippin\Desktop\Dropbox.lnk
2014-08-12 22:31 - 2013-09-02 19:44 - 00000000 ____D () C:\Users\Pippin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-12 22:28 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-08-11 20:41 - 2014-08-11 20:41 - 00143468 _____ () C:\Users\Pippin\Desktop\FFT 2013_fertig.mcf~
2014-08-10 21:15 - 2014-08-10 21:15 - 00002616 _____ () C:\Windows\PFRO.log
2014-08-10 21:15 - 2013-02-21 06:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-10 21:13 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-08-10 21:13 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-08-10 21:12 - 2012-07-26 11:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-08-09 21:36 - 2014-08-09 21:36 - 00001865 _____ () C:\Users\Pippin\Downloads\URLLink(22).acsm
2014-08-09 21:36 - 2014-01-13 22:54 - 00000000 ____D () C:\Users\Pippin\Documents\My Digital Editions
2014-08-09 21:35 - 2014-08-09 21:35 - 00001797 _____ () C:\Users\Pippin\Downloads\URLLink(21).acsm

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe


Some content of TEMP:
====================
C:\Users\Pippin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpezhkey.dll
C:\Users\Pippin\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-27 22:22

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Addition:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-09-2014 01
Ran by Pippin at 2014-09-07 19:25:59
Running from C:\Users\Pippin\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Sophos Anti-Virus (Enabled - Up to date) {6BABF8F7-3EB6-BD1D-9167-8C5ECA060A29}
AS: Sophos Anti-Virus (Enabled - Up to date) {D0CA1913-188C-B293-ABD7-B72CB1814094}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.2 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.8 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.4 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.35 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0004 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.7 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.4 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.9.120 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.309 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0022 - ASUS)
calibre (HKLM-x32\...\{3091A8EB-386B-46D7-8E19-4139424261DD}) (Version: 1.24.0 - Kovid Goyal)
Canon G.726 WMP-Decoder (HKLM-x32\...\Canon G.726 WMP-Decoder) (Version: 1.1.0.4 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.5.0.3 - Canon Inc.)
Canon Internet Library for ZoomBrowser EX (HKLM-x32\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.1.6 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 2.6.0.4 - Canon Inc.)
Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\RAW Image Task) (Version: 0.9.3.9 - Canon Inc.)
Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.1.0.2 - Canon Inc.)
Canon Utilities CameraWindow DC (HKLM-x32\...\CameraWindowDC) (Version: 7.1.0.7 - Canon Inc.)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.4.2.16 - Canon Inc.)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 6.4.0.5 - Canon Inc.)
Canon Utilities MyCamera DC (HKLM-x32\...\MyCameraDC) (Version: 7.0.1.8 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.21.45 - Canon Inc.)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.7.1.9 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.1.0.20 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.1.0.8 - Canon Inc.)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
D-Fend Reloaded 1.3.3 (deinstallieren) (HKLM-x32\...\D-Fend Reloaded) (Version: 1.3.3 - Alexander Herzog)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.27 - Dropbox, Inc.)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.2.13992 - Landesfinanzdirektion Thüringen)
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 6.0.5.1080 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2828 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java 8 Update 5 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218005FF}) (Version: 8.0.50 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.05.13 - Oracle, Inc.) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 3.5.0 - Kobo Inc.)
Mein CEWE FOTOBUCH (HKLM-x32\...\Mein CEWE FOTOBUCH) (Version: 5.1.2 - CEWE COLOR AG u Co. OHG)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4641.1003 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyDriveConnect 3.3.0.1502 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1502 - TomTom)
NVIDIA Grafiktreiber 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 306.97 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.85.551 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.10.8 (Version: 1.10.8 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.0613 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
NVIDIA Systemsteuerung 306.97 (Version: 306.97 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6699 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.27023 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Sophos Anti-Virus (HKLM-x32\...\{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}) (Version: 10.0.12 - Sophos Limited)
Sophos AutoUpdate (HKLM-x32\...\{15C418EB-7675-42be-B2B3-281952DA014D}) (Version: 2.7.4.317 - Sophos Limited)
Spellforce 2 Gold (HKLM-x32\...\{746F49C9-3789-4F8E-AF3A-3A4B42ACFAF8}) (Version: 1.00.0000 - JoWooD Productions Software AG)
SpellForce 2 Patch (x32 Version: 1.0.0 - JoWood) Hidden
TomTom HOME (HKLM-x32\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.6 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TuneUp Utilities (HKLM-x32\...\TuneUp Utilities) (Version: 9.0.6030.1 - TuneUp Software)
TuneUp Utilities (x32 Version: 9.0.6030.1 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 9.0.6030.1 - TuneUp Software) Hidden
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows-Treiberpaket - ASUS (ATP) Mouse  (10/29/2012 1.0.0.148) (HKLM\...\C01F56FBD9B141017E63E2A1A141E59934D4DC67) (Version: 10/29/2012 1.0.0.148 - ASUS)
WinRAR 5.01 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Zip Motion Block Video codec (Remove Only) (HKLM-x32\...\ZMBV) (Version:  - DOSBox Team)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-242285392-2585440693-653752246-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-242285392-2585440693-653752246-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pippin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-242285392-2585440693-653752246-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pippin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-242285392-2585440693-653752246-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pippin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-242285392-2585440693-653752246-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pippin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-242285392-2585440693-653752246-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pippin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-242285392-2585440693-653752246-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pippin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-242285392-2585440693-653752246-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pippin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-242285392-2585440693-653752246-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pippin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

15-06-2014 17:55:50 Geplanter Prüfpunkt
06-07-2014 18:19:04 Windows Update
17-07-2014 18:16:12 Geplanter Prüfpunkt
30-07-2014 20:08:01 Windows Update
13-08-2014 07:33:59 Windows Update
27-08-2014 20:46:14 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {157FE703-085E-42B4-8226-FA60C8803A12} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-10-31] (AsusTek)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1C90A4CE-7715-40BF-AD27-57F85AD216EB} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2012-09-27] ()
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {38FD6AC5-0A95-4B51-9B6D-A81689FB8135} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-12-21] (Adobe Systems Incorporated)
Task: {4B4C7FC8-5693-4386-8779-AFBCACA13E74} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {8EBD91EF-B474-4FA7-9594-CDFEB186531C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-08-14] (Microsoft Corporation)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {B36BC086-5809-4F2D-9D71-F02DE2CAC57D} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-01-31] (Microsoft Corporation)
Task: {B8512B0D-B80B-4958-AEB1-1DBDE3804D92} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-24] (ASUSTek Computer Inc.)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {D5327D3B-00E9-48D8-8987-C7E61DBF7AA8} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-07-25] (ASUSTeK Computer Inc.)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F179B12B-EA30-43EB-9CF8-A460B65185BB} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-01] (Microsoft Corporation)
Task: {FEFF0835-7777-4C44-8F95-2A90E87027B8} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-08-29] (Microsoft Corporation)

==================== Loaded Modules (whitelisted) =============

2011-04-14 03:41 - 2011-04-14 03:41 - 00034304 _____ () C:\Windows\System32\ssb3ml6.dll
2011-04-14 03:40 - 2011-04-14 03:40 - 00968192 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\ssb3mdu.dll
2012-09-07 06:41 - 2012-07-30 13:26 - 00029056 _____ () C:\Windows\system32\DptfParticipantProcessorService.exe
2012-09-07 06:41 - 2012-07-30 13:27 - 00030592 _____ () C:\Windows\system32\DptfPolicyConfigTDPService.exe
2014-03-19 22:46 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-08-24 19:26 - 2012-08-24 19:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2012-09-07 06:39 - 2012-08-15 19:52 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll
2012-11-02 13:31 - 2012-06-25 12:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2012-08-24 19:17 - 2012-08-24 19:17 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2014-09-07 19:10 - 2014-09-07 19:10 - 00043008 _____ () c:\users\pippin\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpezhkey.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Pippin\AppData\Roaming\Dropbox\bin\libcef.dll
2014-07-31 20:30 - 2014-07-31 20:31 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:48862C37

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TomTomHOMEService => 2
MSCONFIG\Services: TuneUp.Defrag => 3
MSCONFIG\Services: TuneUp.UtilitiesSvc => 2
MSCONFIG\Services: UxTuneUp => 2

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/07/2014 07:20:01 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (09/07/2014 07:10:20 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperWinMain:  CreateSharedMemory() failed.

Error: (09/07/2014 07:10:20 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperCreateSharedMemory:  CreateFileMapping() failed.Last error = [0x00000005]

Error: (09/04/2014 08:08:30 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (09/04/2014 07:58:48 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperWinMain:  CreateSharedMemory() failed.

Error: (09/04/2014 07:58:48 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperCreateSharedMemory:  CreateFileMapping() failed.Last error = [0x00000005]

Error: (09/03/2014 08:40:19 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (09/03/2014 08:30:40 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperWinMain:  CreateSharedMemory() failed.

Error: (09/03/2014 08:30:40 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperCreateSharedMemory:  CreateFileMapping() failed.Last error = [0x00000005]

Error: (09/01/2014 09:42:35 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161


System errors:
=============
Error: (08/09/2014 10:00:08 PM) (Source: DCOM) (EventID: 10010) (User: Pip)
Description: {46986115-84D6-459C-8F95-52DD653E532E}

Error: (08/09/2014 03:58:32 PM) (Source: DCOM) (EventID: 10005) (User: NT-AUTORITÄT)
Description: 1053defragsvcNicht verfügbar{D20A3293-3341-4AE8-9AAF-8E397CB63C34}

Error: (08/09/2014 03:58:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Laufwerke optimieren" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (08/09/2014 03:58:23 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Laufwerke optimieren erreicht.

Error: (08/09/2014 03:16:44 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Erkennung interaktiver Dienste" wurde mit folgendem Fehler beendet: 
%%1

Error: (08/02/2014 07:13:54 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.

Error: (08/02/2014 07:13:34 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.

Error: (08/02/2014 07:13:14 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.

Error: (08/02/2014 07:12:54 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.

Error: (08/02/2014 07:12:33 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.


Microsoft Office Sessions:
=========================
Error: (09/07/2014 07:20:01 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (09/07/2014 07:10:20 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperWinMain:  CreateSharedMemory() failed.

Error: (09/07/2014 07:10:20 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperCreateSharedMemory:  CreateFileMapping() failed.Last error = [0x00000005]

Error: (09/04/2014 08:08:30 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (09/04/2014 07:58:48 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperWinMain:  CreateSharedMemory() failed.

Error: (09/04/2014 07:58:48 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperCreateSharedMemory:  CreateFileMapping() failed.Last error = [0x00000005]

Error: (09/03/2014 08:40:19 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (09/03/2014 08:30:40 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperWinMain:  CreateSharedMemory() failed.

Error: (09/03/2014 08:30:40 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperCreateSharedMemory:  CreateFileMapping() failed.Last error = [0x00000005]

Error: (09/01/2014 09:42:35 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-3217U CPU @ 1.80GHz
Percentage of memory in use: 44%
Total physical RAM: 3981.52 MB
Available physical RAM: 2196.08 MB
Total Pagefile: 4685.52 MB
Available Pagefile: 2858.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:112.87 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:258.44 GB) (Free:236.99 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: B19F8D36)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
GMER:
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-09-07 19:42:52
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000041 Hitachi_HTS545050A7E380 rev.GG2OA6C0 465,76GB
Running: jyff14mu.exe; Driver: C:\Users\Pippin\AppData\Local\Temp\fxloapow.sys


---- User code sections - GMER 2.1 ----

.text    C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[4888] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                                                 000007fe234f177a 4 bytes [4F, 23, FE, 07]
.text    C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[4888] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                                                 000007fe234f1782 4 bytes [4F, 23, FE, 07]
.text    C:\Windows\system32\wbem\WmiApSrv.exe[4536] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                                                                               000007fe234f177a 4 bytes [4F, 23, FE, 07]
.text    C:\Windows\system32\wbem\WmiApSrv.exe[4536] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                                                                               000007fe234f1782 4 bytes [4F, 23, FE, 07]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4388] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                                                                      000007fe1f121532 4 bytes [12, 1F, FE, 07]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4388] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                                                                      000007fe1f12153a 4 bytes [12, 1F, FE, 07]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4388] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                                                                    000007fe1f12165a 4 bytes [12, 1F, FE, 07]
.text    C:\Windows\system32\nvvsvc.exe[328] C:\Windows\system32\MSIMG32.dll!GradientFill + 690                                                                                                                                 000007fe1f121532 4 bytes [12, 1F, FE, 07]
.text    C:\Windows\system32\nvvsvc.exe[328] C:\Windows\system32\MSIMG32.dll!GradientFill + 698                                                                                                                                 000007fe1f12153a 4 bytes [12, 1F, FE, 07]
.text    C:\Windows\system32\nvvsvc.exe[328] C:\Windows\system32\MSIMG32.dll!TransparentBlt + 246                                                                                                                               000007fe1f12165a 4 bytes [12, 1F, FE, 07]
.text    C:\Windows\system32\nvvsvc.exe[328] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                                                                                       000007fe234f177a 4 bytes [4F, 23, FE, 07]
.text    C:\Windows\system32\nvvsvc.exe[328] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                                                                                       000007fe234f1782 4 bytes [4F, 23, FE, 07]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3688] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                                                                        000007fe1f121532 4 bytes [12, 1F, FE, 07]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3688] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                                                                        000007fe1f12153a 4 bytes [12, 1F, FE, 07]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3688] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                                                                      000007fe1f12165a 4 bytes [12, 1F, FE, 07]
.text    C:\Windows\system32\igfxpers.exe[4632] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                                                                                    000007fe234f177a 4 bytes [4F, 23, FE, 07]
.text    C:\Windows\system32\igfxpers.exe[4632] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                                                                                    000007fe234f1782 4 bytes [4F, 23, FE, 07]

---- Threads - GMER 2.1 ----

Thread   C:\Windows\system32\csrss.exe [3748:4668]                                                                                                                                                                              fffff9600063a5e8
---- Processes - GMER 2.1 ----

Process  C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe (*** suspicious ***) @ C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2828] (FILE NOT FOUND)                                                         0000000000400000
Library  C:\Users\Pippin\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2828](2014-07-30 00:20:20)                                                0000000003bc0000
Library  c:\users\pippin\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpezhkey.dll (*** suspicious ***) @ C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2828](2014-09-07 17:10:42)  0000000004790000
Library  C:\Users\Pippin\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2828](2013-08-23 19:01:44)                                                      0000000068fa0000
Library  C:\Users\Pippin\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2828] (ICU Data DLL/The ICU Project)(2013-08-23 19:01:42)                        000000006d2f0000

---- Disk sectors - GMER 2.1 ----

Disk     \Device\Harddisk0\DR0                                                                                                                                                                                                  unknown MBR code

---- EOF - GMER 2.1 ----
         
Bei GMER kamen zwei Fehlermeldungen, dass auf einige Dateien nicht zugegriffen werden konnte, weil sie von einem anderen Programm verwendet werden.
Da das (zum Glück) mein erster Post hier ist, bin ich mir nicht ganz sicher, wie viel Informationen benötigt werden. Falls ich das falsch mache, dann entschuldigt das bitte.

Vielen Dank schon einmal für die Hilfe.

Geändert von Pip2 (07.09.2014 um 20:09 Uhr)

Alt 07.09.2014, 21:39   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Finanzamt Trojaner rechtzeitig von Sophos geblockt? - Standard

Finanzamt Trojaner rechtzeitig von Sophos geblockt?



hi,

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________

__________________

Alt 07.09.2014, 22:26   #3
Pip2
 
Finanzamt Trojaner rechtzeitig von Sophos geblockt? - Standard

Finanzamt Trojaner rechtzeitig von Sophos geblockt?



Hallo,

vielen Dank für die schnelle Hilfe. Ich weiß nicht, ob das Zufall war, aber während des mbar-Scans hat auch mein Sophos ein Objekt in die Quarantäne geschoben. Kann sein, dass deswegen bei keinem der beiden ein Fund angezeigt wurde. Hier die Logs:
Malwarebytes:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org

Database version: v2014.09.07.07

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.17054
Pippin :: PIP [administrator]

07.09.2014 21:49:39
mbar-log-2014-09-07 (21-49-39).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 340190
Time elapsed: 20 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
TDSSKiller:
Code:
ATTFilter
22:19:33.0704 0x0ef8  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
22:19:33.0704 0x0ef8  UEFI system
22:19:36.0267 0x0ef8  ============================================================
22:19:36.0267 0x0ef8  Current date / time: 2014/09/07 22:19:36.0267
22:19:36.0267 0x0ef8  SystemInfo:
22:19:36.0267 0x0ef8  
22:19:36.0267 0x0ef8  OS Version: 6.2.9200 ServicePack: 0.0
22:19:36.0267 0x0ef8  Product type: Workstation
22:19:36.0267 0x0ef8  ComputerName: PIP
22:19:36.0267 0x0ef8  UserName: Pippin
22:19:36.0267 0x0ef8  Windows directory: C:\Windows
22:19:36.0267 0x0ef8  System windows directory: C:\Windows
22:19:36.0267 0x0ef8  Running under WOW64
22:19:36.0267 0x0ef8  Processor architecture: Intel x64
22:19:36.0267 0x0ef8  Number of processors: 4
22:19:36.0267 0x0ef8  Page size: 0x1000
22:19:36.0267 0x0ef8  Boot type: Normal boot
22:19:36.0267 0x0ef8  ============================================================
22:19:36.0517 0x0ef8  System UUID: {40495AC8-2A7D-4EC2-D1F1-10FD9DEDB8FF}
22:19:37.0564 0x0ef8  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:19:37.0579 0x0ef8  ============================================================
22:19:37.0579 0x0ef8  \Device\Harddisk0\DR0:
22:19:37.0579 0x0ef8  GPT partitions:
22:19:37.0579 0x0ef8  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {5A60FFF2-384A-4168-AD7B-7BA25C03C910}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x96000
22:19:37.0579 0x0ef8  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {5DA02B32-607A-4C63-88EF-00499BD6E05C}, Name: Basic data partition, StartLBA 0x96800, BlocksNum 0x12C000
22:19:37.0579 0x0ef8  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {6C501A91-71A5-45D8-A9EE-2E2A1C427258}, Name: Microsoft reserved partition, StartLBA 0x1C2800, BlocksNum 0x40000
22:19:37.0579 0x0ef8  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {6E182189-B0E3-479A-AC74-8E69452D7C66}, Name: Basic data partition, StartLBA 0x202800, BlocksNum 0x1749C000
22:19:37.0579 0x0ef8  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {BE7E04AC-FB01-44FD-9571-E0B001652322}, Name: Basic data partition, StartLBA 0x1769E800, BlocksNum 0x204E2800
22:19:37.0579 0x0ef8  \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {4D42C26D-2C85-4EBF-88EC-7A83A4814A61}, Name: Basic data partition, StartLBA 0x37B81000, BlocksNum 0x2805000
22:19:37.0579 0x0ef8  MBR partitions:
22:19:37.0579 0x0ef8  ============================================================
22:19:37.0579 0x0ef8  C: <-> \Device\Harddisk0\DR0\Partition4
22:19:37.0611 0x0ef8  D: <-> \Device\Harddisk0\DR0\Partition5
22:19:37.0611 0x0ef8  ============================================================
22:19:37.0611 0x0ef8  Initialize success
22:19:37.0626 0x0ef8  ============================================================
22:19:44.0763 0x0480  ============================================================
22:19:44.0763 0x0480  Scan started
22:19:44.0763 0x0480  Mode: Manual; SigCheck; TDLFS; 
22:19:44.0763 0x0480  ============================================================
22:19:44.0763 0x0480  KSN ping started
22:19:47.0122 0x0480  KSN ping finished: true
22:19:48.0076 0x0480  ================ Scan system memory ========================
22:19:48.0076 0x0480  System memory - ok
22:19:48.0076 0x0480  ================ Scan services =============================
22:19:48.0216 0x0480  [ E890C46E4754F0DF51BAFCC8D2E07498, E620D03030F3B65442E0A5CB8B59016A6E8DB3BCA52741977B8897B34438E902 ] 1394ohci        C:\Windows\System32\drivers\1394ohci.sys
22:19:48.0372 0x0480  1394ohci - ok
22:19:48.0404 0x0480  [ 4F18D4C7EA14F11A7211F60D553C03DB, 09AB6D2D8E9B7B6D6A97708551C0E4B34538947A15EA2A69C11764D7BC0BB7F6 ] 3ware           C:\Windows\system32\drivers\3ware.sys
22:19:48.0451 0x0480  3ware - ok
22:19:48.0513 0x0480  [ 975AABEB243B800C23626D6B652C5A9C, FB02336F26AF10BA2A0D1B97C33CB1D78BB90CA51EF008A613A0274779798FAD ] ACPI            C:\Windows\system32\drivers\ACPI.sys
22:19:48.0576 0x0480  ACPI - ok
22:19:48.0607 0x0480  [ DC968C37822117E576B933F34A2D130C, 4C94E00ADC242296D7CBBFC7346D5F9AE5FE1B0C616ECA3BDE10A7B34FD2040B ] acpiex          C:\Windows\system32\Drivers\acpiex.sys
22:19:48.0654 0x0480  acpiex - ok
22:19:48.0669 0x0480  [ 0CA9F7C3A78227C21A0A7854E245CFB2, D54147C9C1EE2F0098B863B0852E027DB89D6FA67F6B7FD54F609D9715A11442 ] acpipagr        C:\Windows\System32\drivers\acpipagr.sys
22:19:48.0732 0x0480  acpipagr - ok
22:19:48.0747 0x0480  [ 8EB8DA03B142D3DD1EB9ED8107A76C43, 24B9B24F9A5BDF3AAD13C4EE0638497D9CA4A100096C6EAE403E0215EA89C439 ] AcpiPmi         C:\Windows\System32\drivers\acpipmi.sys
22:19:48.0794 0x0480  AcpiPmi - ok
22:19:48.0826 0x0480  [ CBCE725C5D86ABA7D2604E22951AA9B8, DE0440F0E943F057EBCD01DB4B1E12DBC241FBF03C42021306D322AB88FF8F21 ] acpitime        C:\Windows\System32\drivers\acpitime.sys
22:19:48.0904 0x0480  acpitime - ok
22:19:48.0966 0x0480  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:19:49.0060 0x0480  AdobeARMservice - ok
22:19:49.0107 0x0480  [ 93C6388592B99925C1D1576E465BC80F, 4C48BE5471DA4788357D71E90DFEA20FE320C7AAE1F4C55AFBE2E46FEA5CF8FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
22:19:49.0185 0x0480  adp94xx - ok
22:19:49.0232 0x0480  [ D27763E0247292654E7F7D16444C7C72, 0314C713D31E2B34F215B52F804F014D876E6ED92DC656CC3E27920CCD36CF0E ] adpahci         C:\Windows\system32\drivers\adpahci.sys
22:19:49.0294 0x0480  adpahci - ok
22:19:49.0310 0x0480  [ 67B90070FF48F794AF19F9FCF0080D75, 5D0D352606D58D2CA0814F38EF7B1774C030BE44353DF5910CBFAAF4FDE64ED6 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
22:19:49.0357 0x0480  adpu320 - ok
22:19:49.0404 0x0480  [ 974AE60BF5B90E31412D93596C968E5B, 092B59C2B67C4618E7B1800615D1DF7199482F60D0D27BD91763F7F8D7FC883F ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
22:19:49.0482 0x0480  AeLookupSvc - ok
22:19:49.0551 0x0480  [ FE7FB9612D354EB41DF4F0FF5D6FB259, 98D5BD9C1300195C49CB0717A831A06D99F7AE631D5EA065E10BFE7C2FA57A18 ] AFD             C:\Windows\system32\drivers\afd.sys
22:19:49.0644 0x0480  AFD - ok
22:19:49.0754 0x0480  [ 98022774D9930ECBB292E70DB7601DF6, BE64A40B9BE997D73C0FC14D97E204C9D886EDA07EC4C9391A70CE477084E5F1 ] AgereSoftModem  C:\Windows\system32\DRIVERS\agrsm64.sys
22:19:49.0863 0x0480  AgereSoftModem - ok
22:19:49.0894 0x0480  [ 01590377A5AB19E792528C628A2A68F9, F3A4B6CA4E8D4436E44E36D7F7EEF3DC861D1EE50D41F4273226C4ED95674B84 ] agp440          C:\Windows\system32\drivers\agp440.sys
22:19:49.0941 0x0480  agp440 - ok
22:19:49.0973 0x0480  [ 16F6F6B7903B913AB41AB848C8BB5658, 7304257048CB42E5274B3F6400F4A053A38E3B70A157662FE9D2B7C5979DE851 ] AiCharger       C:\Windows\system32\DRIVERS\AiCharger.sys
22:19:50.0019 0x0480  AiCharger - ok
22:19:50.0051 0x0480  [ D1BE8E6E5B3AF23A4393AF1BF867977A, B3AE97D35A9304198715D76F6C3F0545AA176FDEBA6C2055782558B11DFA14EB ] ALG             C:\Windows\System32\alg.exe
22:19:50.0129 0x0480  ALG - ok
22:19:50.0160 0x0480  [ 025E8C755BE293E50854D26D1BBE5133, 4373639689306A3D8FE0F862072711BAD5DBAA45E105CD3129586439A90EE070 ] AllUserInstallAgent C:\Windows\system32\AUInstallAgent.dll
22:19:50.0207 0x0480  AllUserInstallAgent - ok
22:19:50.0238 0x0480  [ 5A81054B824004B1ECC04F0034A1CDF9, 73A1986A4B346C425157216EBF16CC90EFFC642EDF6109E6364CF0552E3388FD ] AmdK8           C:\Windows\System32\drivers\amdk8.sys
22:19:50.0301 0x0480  AmdK8 - ok
22:19:50.0332 0x0480  [ B849D453E644FAB9BC8EF6DC8CA9C4C6, B803CDA478D3385937C44CBB05A0E65ABACEFEBA682975787C44E2904FB89D2D ] AmdPPM          C:\Windows\System32\drivers\amdppm.sys
22:19:50.0410 0x0480  AmdPPM - ok
22:19:50.0441 0x0480  [ 35A0EB5AECB0FA3C41A2FB514A562304, 737783ABF348288471AC7051D4DC6CB336D686C94EC7B8938DCA74AFE9BECB1C ] amdsata         C:\Windows\system32\drivers\amdsata.sys
22:19:50.0473 0x0480  amdsata - ok
22:19:50.0519 0x0480  [ 00452671904F5EE94B50BF0219C97164, 99F9B86D3DB3E10B014120A63CD43CBAAB22C8E38851090ABE37D89ABD61F7B6 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
22:19:50.0566 0x0480  amdsbs - ok
22:19:50.0598 0x0480  [ EA3FFE53E92E59C87E3ECA9BEB20D9B7, DC0B8B798720F5F75F8AFD3383CF69194282AEEE84DCACB97382F4C86E1D3E49 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
22:19:50.0629 0x0480  amdxata - ok
22:19:50.0644 0x0480  [ 83B3682CE922FB0F415734B26D9D6233, 9102E8B410BB1AE426770896B6AB584D1F02830337FBB2DEC182F3F19832F35F ] AppID           C:\Windows\system32\drivers\appid.sys
22:19:50.0738 0x0480  AppID - ok
22:19:50.0769 0x0480  [ CE2BEAD7F31816FF0AC490D048C969F9, 7D24C5A9E8F7C21CC6D8BF2CA29A8B79DDE7EEDE2F37D36B9071ECE1CF61371F ] AppIDSvc        C:\Windows\System32\appidsvc.dll
22:19:50.0832 0x0480  AppIDSvc - ok
22:19:50.0879 0x0480  [ 4F750B7EFCB6520AE01E01D082D7D476, AD2A67D727A1D4DD0BBACC6B4BB432FA9A14D50D8BA292B95A4747CEC9F85728 ] Appinfo         C:\Windows\System32\appinfo.dll
22:19:50.0926 0x0480  Appinfo - ok
22:19:50.0957 0x0480  [ E933401B392387F4BE34DE8BAF1722A7, 57CC6DE31E2C82D2B12509F0A5EC9EC70DD2EF6A1F31A66ADF62DC6AE0A67323 ] arc             C:\Windows\system32\drivers\arc.sys
22:19:51.0004 0x0480  arc - ok
22:19:51.0035 0x0480  [ 07CA323EF2E8247A568AB0F3662AD644, 1224B41193F0E9B164732BA5BF707A13427C82C1D8C3EDC2AAE5C5C75454B9F6 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
22:19:51.0066 0x0480  arcsas - ok
22:19:51.0129 0x0480  [ FA713019412C061385F09BD373BF747A, 83ED108FEE95BA7CBE87C845154F97FCB4597F9D9BEC1F802B92D8994BD5931D ] ASLDRService    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
22:19:51.0316 0x0480  ASLDRService - ok
22:19:51.0332 0x0480  [ 4C016FD76ED5C05E84CA8CAB77993961, 025E7BE9FCEFD6A83F4471BBA0C11F1C11BD5047047D26626DA24EE9A419CDC4 ] ASMMAP64        C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
22:19:51.0363 0x0480  ASMMAP64 - ok
22:19:51.0410 0x0480  [ 6A122B4F0E5293CACFA8A5F2CBA9B356, 9D69076B697BEE8742E32EBEF1802D829DEA6B1D93AF485D11CC89A08CA4D809 ] ASUS InstantOn  C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
22:19:51.0488 0x0480  ASUS InstantOn - ok
22:19:51.0504 0x0480  [ 74DBAEC35366C4EE7670428808715A6A, 3B3A7A81CD8038C4750560B94A9247C4409410780B312BA71EDF2E393DCA7474 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
22:19:51.0566 0x0480  AsyncMac - ok
22:19:51.0598 0x0480  [ A721FF570C2387E383BDDEA9632863C9, 45DD7787F44A2C742560FEB03AB66910C2F0002D95BB02C55EEDE973AA92AD24 ] atapi           C:\Windows\system32\drivers\atapi.sys
22:19:51.0629 0x0480  atapi - ok
22:19:51.0863 0x0480  [ D55EBCD80CA519020338F75E420FDF3F, C78AEA2C30177121C61231D33512287767E899DB8B75B6A889D14A703485D5E4 ] athr            C:\Windows\system32\DRIVERS\athw8x.sys
22:19:52.0191 0x0480  athr - ok
22:19:52.0238 0x0480  [ DBC598E47E7A382E60E2A4745D41FEF9, A810AC197CA456B0285E2CAE6986D38B31F4ADA32BEB47EC7A48A2B2196BA639 ] ATKGFNEXSrv     C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
22:19:52.0363 0x0480  ATKGFNEXSrv - ok
22:19:52.0379 0x0480  [ 41CEAFFCF3550785E59E3EC9BEE8D97A, 89FE604088B65B82AA794E1DA8429033CD2F05FFB2D7EFAAC7B967C7A83D1B1E ] ATKWMIACPIIO    C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
22:19:52.0410 0x0480  ATKWMIACPIIO - ok
22:19:52.0426 0x0480  [ 437EB91CB20144375DDE145149778405, 5E76CDE2B3C852755F6E54AF774E9BECDF472103D83B815899333DE268536B98 ] ATP             C:\Windows\System32\drivers\AsusTP.sys
22:19:52.0473 0x0480  ATP - ok
22:19:52.0520 0x0480  [ BCD7A47EF587DC00DD61D12D9C2D1E44, 95BC9AC8BA8A86DB5C7A6317002BD9872F193B401A0C58DF252DCF3D4A7541E2 ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
22:19:52.0598 0x0480  AudioEndpointBuilder - ok
22:19:52.0676 0x0480  [ 599B3F685A263A114FFAF3BE29C49C75, 579E9561BA8537888E061E303F3F89E2E6F8B8DED74369C3767DB10B35CD45E8 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
22:19:52.0785 0x0480  Audiosrv - ok
22:19:52.0832 0x0480  [ 89491EF71D5EA011127832C588002853, 05620E4235956D8446FB9604F930738C8AA97E3A74C907E37F7CC08B8EDA0461 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
22:19:52.0879 0x0480  AxInstSV - ok
22:19:52.0957 0x0480  [ 87AB5BB072A3F128541D5B815F82FFDD, 186AF33D3DE90638C3E165CAC3DA17295E8A80CDB523F9BE4AF7D38CA6954905 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
22:19:53.0035 0x0480  b06bdrv - ok
22:19:53.0066 0x0480  [ 81703BC5D68DEDBB086C2368FBE7B334, CFD4A55C8045C482F8D410514F3211AEFA00097AB395F5A04BFE983ED6254F6B ] BasicDisplay    C:\Windows\System32\drivers\BasicDisplay.sys
22:19:53.0129 0x0480  BasicDisplay - ok
22:19:53.0145 0x0480  [ 5EC68164E14D25675C98BBB5F09E8606, 1D7EDB21C87039FC5F39F46460AD852BC4EC6B179B1C205D189DD3C397343435 ] BasicRender     C:\Windows\System32\drivers\BasicRender.sys
22:19:53.0191 0x0480  BasicRender - ok
22:19:53.0238 0x0480  [ 89143A7BA7850F5C7E61B43BB44B6418, 00BB781DF87D4FF1BAFD318AFE237296B4F5925023BA4486405EC0A384C88D8F ] BDESVC          C:\Windows\System32\bdesvc.dll
22:19:53.0301 0x0480  BDESVC - ok
22:19:53.0332 0x0480  [ 9E7AEA59776D904607985AFFE7E5E183, C3DB745A9F4DA7CB9628A7913DD52B2444B14FEB9D588FF6558CF52CEB8955EB ] Beep            C:\Windows\system32\drivers\Beep.sys
22:19:53.0395 0x0480  Beep - ok
22:19:53.0457 0x0480  [ 53AA55632B94622F2DC3695E86EF9363, 9B5BB8EDA48A37AE97BCD42D83B25A6D10AA6231EABE745DCCE6D60E19094A6F ] BFE             C:\Windows\System32\bfe.dll
22:19:53.0566 0x0480  BFE - ok
22:19:53.0645 0x0480  [ D598C44A7072D3108D8D8102EC5E07F7, D7472E9BAAB7B6E1D30F4E153412E2A16EE5C08DE2BF8BFF4D65089825226FE0 ] BITS            C:\Windows\System32\qmgr.dll
22:19:53.0770 0x0480  BITS - ok
22:19:53.0801 0x0480  [ B17AC10B47C7FCB44D22A1F06415840E, 990D6F629D93F4F913D218ACE5187A26DCB762BAFB2BB279CCE8CAF2755D85A5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
22:19:53.0863 0x0480  bowser - ok
22:19:53.0895 0x0480  [ 038FA1B55531E7020DB705B42FCCE373, 023E87E3204D64890D6FEA78E762E5BC5BD0A59325EBC264834727779EEEDBC5 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
22:19:53.0957 0x0480  BrokerInfrastructure - ok
22:19:54.0004 0x0480  [ 310068BDA80B1D55C36580FD8A873FAF, A75412FF1F483461F526E9A359DCEECA5E683441514464D5ED82D1A9740D583E ] Browser         C:\Windows\System32\browser.dll
22:19:54.0066 0x0480  Browser - ok
22:19:54.0098 0x0480  [ 6695200F455E251F0BCC9CE4D0978D59, 4DB2F967E449581A9330EF43E794B45B93581564B20C5B991FC1EC665A640D69 ] BthAvrcpTg      C:\Windows\System32\drivers\BthAvrcpTg.sys
22:19:54.0160 0x0480  BthAvrcpTg - ok
22:19:54.0192 0x0480  [ A8B20D852B07AE19A13B5D47EC4E4C3B, 86571C9E2BA15BB169CAB2D24C4D0598154C02FD173638CAFC685A7F6B09472D ] BthEnum         C:\Windows\System32\drivers\BthEnum.sys
22:19:54.0254 0x0480  BthEnum - ok
22:19:54.0285 0x0480  [ 616EB8748C988AEE98D93DA141C3D3B4, 15A055B0496BDB29CBCF6EEBF112D4BA1C7A2FF39124728830D0FD1FD7A404CB ] BthHFEnum       C:\Windows\System32\drivers\bthhfenum.sys
22:19:54.0363 0x0480  BthHFEnum - ok
22:19:54.0395 0x0480  [ DCB4EBD928A6FB368BE6CAE522412DE1, 9E1345F29467054689B9F48B5CCB567760D36610A4EA9AF41B829EAD60347269 ] bthhfhid        C:\Windows\System32\drivers\BthHFHid.sys
22:19:54.0442 0x0480  bthhfhid - ok
22:19:54.0473 0x0480  [ 033916CE8784A848B9A3D686B7F66D97, B4D0514D59646CF6B70D4FA488CF95C38EA38CC5C509329CC8753E897C640AFA ] BTHMODEM        C:\Windows\System32\drivers\bthmodem.sys
22:19:54.0551 0x0480  BTHMODEM - ok
22:19:54.0567 0x0480  [ 091BB978E9504D0AD14586929431A957, ACED02B879026A228E35F40847C210BC30A5AFC948FFE922DB21663E4A8DFF1D ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
22:19:54.0629 0x0480  BthPan - ok
22:19:54.0723 0x0480  [ 13795CAA34239D97A7211E7F9D96E012, C4F3402B063A7CFCE386D1AE9255975A199164BA9E7DCDB6129725213A0642B1 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
22:19:54.0832 0x0480  BTHPORT - ok
22:19:54.0879 0x0480  [ A4387C3D271959313E2577DB7BE8BA7A, C71474802102102EBE04DF036EEB2F5FB3380BE288E3842F19F234EFAE977D70 ] bthserv         C:\Windows\system32\bthserv.dll
22:19:54.0942 0x0480  bthserv - ok
22:19:54.0973 0x0480  [ 1F715957F5236D30B6020A19A4271F6A, C06B637C2C6919E2DE1055AE249AE3EAF7B4890799F22BF5757CC10CEF145043 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
22:19:55.0020 0x0480  BTHUSB - ok
22:19:55.0051 0x0480  [ 990B1BABE6E81FB18E65A87EBEFB1772, 1820D4AC57E1D4B7FB5AA89C277B16910ED73712878D2B43FE542CE16DFE16C3 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
22:19:55.0113 0x0480  cdfs - ok
22:19:55.0145 0x0480  [ 339BFF85D788268752DA8C9644B188EE, C2279F1A39AED39865A5027D2FD087F8E82F3ED8C94BA4D922855B98E792AFC5 ] cdrom           C:\Windows\System32\drivers\cdrom.sys
22:19:55.0192 0x0480  cdrom - ok
22:19:55.0238 0x0480  [ BAF8F0F55BC300E5F882E521F054E345, FB228DB18F2FA55D8BA35A7E6778EE5D2EB0C29D384F1A0A868F90AE706188D7 ] CertPropSvc     C:\Windows\System32\certprop.dll
22:19:55.0317 0x0480  CertPropSvc - ok
22:19:55.0348 0x0480  [ F64B7D1A37CC1D5F421D5359EEC81E2E, 2B4879DD32B2C20B94847755E22B1BCBE2B567B3989C57A9BA2DD783307EFFDB ] circlass        C:\Windows\System32\drivers\circlass.sys
22:19:55.0442 0x0480  circlass - ok
22:19:55.0488 0x0480  [ 9905168708DB68849B879B5548F68AB3, B7A495E57B9398704988DC472126CBC5B8D76761A34F51732FBF6CC88E3AB79A ] CLFS            C:\Windows\system32\drivers\CLFS.sys
22:19:55.0567 0x0480  CLFS - ok
22:19:55.0785 0x0480  [ FE0CFEDA0CFC71F1FF0F77E85CA1FE1F, D067024F9110CEEF573152275DAB100943B59A36E58B342B5CC764FC3C917834 ] ClickToRunSvc   C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
22:19:56.0035 0x0480  ClickToRunSvc - ok
22:19:56.0082 0x0480  [ 2DC8538A2260647484A6C921CA837313, 094059DD66B0C50A1CAE288F920107B0B6AD1AA5758284E35B92C131EDEA30EA ] CmBatt          C:\Windows\System32\drivers\CmBatt.sys
22:19:56.0129 0x0480  CmBatt - ok
22:19:56.0192 0x0480  [ DBF9E5346431557BF56F41E7F8EC0DC1, D5FA34C873DA9BE40301D53198355556506AB5145B78B14D0AA88570A0058589 ] CNG             C:\Windows\system32\Drivers\cng.sys
22:19:56.0270 0x0480  CNG - ok
22:19:56.0317 0x0480  [ 0E5B1E9E7122EDAAF1F6CE047965CA92, 803E585B92D1E2E5B6BF67BE511E88DC2629A12407C3E30F7AEFB544D390A9B8 ] CompositeBus    C:\Windows\System32\drivers\CompositeBus.sys
22:19:56.0410 0x0480  CompositeBus - ok
22:19:56.0426 0x0480  COMSysApp - ok
22:19:56.0442 0x0480  [ D9CB0782AF819548072AA45B70F8B22D, 04796F39ABB88759A534DE3D0C51F684BF2A8DE1F4028B657CCFDBDD39A6618C ] condrv          C:\Windows\system32\drivers\condrv.sys
22:19:56.0504 0x0480  condrv - ok
22:19:56.0598 0x0480  [ 9F5AFC3EE57412798B1A559B620386A0, DD50CDCEC64EB83B86FA3720919620233E2E963B4067234AF5DB5472F8B388BA ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
22:19:56.0707 0x0480  cphs - ok
22:19:56.0739 0x0480  [ 5CE2742F063731EC10C1B2EE386A2C08, 309919BDDD4649AFB95A99DCF8AFC3BAE10F9BC1E2819C0794CFD0F80682C223 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
22:19:56.0801 0x0480  CryptSvc - ok
22:19:56.0832 0x0480  [ FAEF4C245BE832DB41B15DAAC336AFB7, 1F8C98AB0DF4327FCB01FE0356025488E19B48A45FFFA50576B49A8587FAC42B ] dam             C:\Windows\system32\drivers\dam.sys
22:19:56.0879 0x0480  dam - ok
22:19:56.0957 0x0480  [ 1EC6E533C954BDDF2A37E7851A7E58FD, C25936A7465B6A2B3D05D2FCB09D91ACC07CFE038A5E968C99CFA9D9F2967DD4 ] DcomLaunch      C:\Windows\system32\rpcss.dll
22:19:57.0067 0x0480  DcomLaunch - ok
22:19:57.0114 0x0480  [ C8650D1F61149AA546BDBC99172EBBC1, D9592ED1B6F23B6EC76A0B93635B6E38702311B0A6982F0F9DEC37FCDAF1288B ] defragsvc       C:\Windows\System32\defragsvc.dll
22:19:57.0207 0x0480  defragsvc - ok
22:19:57.0239 0x0480  [ 5EAEF67AE2AF4D2DC664B649DB7B2E16, ADAC7FD6AC12B50F4998C5EB0BD770DD4B80A94C4CC1B9376AD77648E48D012D ] DeviceAssociationService C:\Windows\system32\das.dll
22:19:57.0332 0x0480  DeviceAssociationService - ok
22:19:57.0364 0x0480  [ 799BE46D45D486704CE0F37CA5385262, BB78DEE83B9DB613B1C083D55FAA458BE3E394AED80EB91B599185A7272F33B3 ] DeviceInstall   C:\Windows\system32\umpnpmgr.dll
22:19:57.0426 0x0480  DeviceInstall - ok
22:19:57.0473 0x0480  [ 431141C6859990824D17F71C30A78728, 448B3DC20C8FDD5B66217E0E01DBCC4904F94BDA0826F109D139DDD2C2D7FBF2 ] Dfsc            C:\Windows\system32\Drivers\dfsc.sys
22:19:57.0520 0x0480  Dfsc - ok
22:19:57.0567 0x0480  [ 9E0E72222264745ADEB0E5AC680B0ED6, 576AFC8741695396A3B8E9DBDD3703E9D70370437D09D162262E47A140D101B4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
22:19:57.0660 0x0480  Dhcp - ok
22:19:57.0692 0x0480  [ 3C736FAE17BA6F91BA37594AAB139CD0, 34304A194105B19E7ADD80108DC85C3B7AA9E942C84A7EF93C475CE1D9AE4615 ] discache        C:\Windows\system32\drivers\discache.sys
22:19:57.0754 0x0480  discache - ok
22:19:57.0785 0x0480  [ AE3786294CC246A5403783E1B86A0168, 29A7B4B490CBB16DAEF5D67D0A58A2577CF3FEE8F889484DB867F6913D9D2A28 ] disk            C:\Windows\system32\drivers\disk.sys
22:19:57.0832 0x0480  disk - ok
22:19:57.0848 0x0480  [ 82A7C72593793FE1EADA7A305BD1567A, 75F432E4C75AE9EFF553BD860B3B250853BDDA85C17DBD9B7242D74593506A86 ] dmvsc           C:\Windows\System32\drivers\dmvsc.sys
22:19:57.0895 0x0480  dmvsc - ok
22:19:57.0926 0x0480  [ 066B9710B36AB550E01EEFCA52155968, DCA9F3F4856A6866D3F5A2EEE34E96A83F40198DB0B5AC6381A7568DE1F56FAB ] Dnscache        C:\Windows\System32\dnsrslvr.dll
22:19:58.0004 0x0480  Dnscache - ok
22:19:58.0035 0x0480  [ 9949AD2ABA168A618D46C799D6CC898C, DFAC86A0AEE83C9EFE1BEE9EC15C8CAF1D619D55AF3ACC3986057A5AC985D06A ] dot3svc         C:\Windows\System32\dot3svc.dll
22:19:58.0098 0x0480  dot3svc - ok
22:19:58.0129 0x0480  [ 109FC3F80BF4F4DC5A071058074F13C1, F30736F45BA1811D59E9CB1C172D8D1EA9F5A7D36DCFFBFC9E7E02448C1CF851 ] DPS             C:\Windows\system32\dps.dll
22:19:58.0207 0x0480  DPS - ok
22:19:58.0239 0x0480  [ 0EB108FDBF4662E2666DAEDF79BBFED9, AEE54F582CC1E2CF382F95FBF93FA7BF96640DD230310CE8827ED211B6F53E1D ] DptfDevDram     C:\Windows\system32\DRIVERS\DptfDevDram.sys
22:19:58.0270 0x0480  DptfDevDram - ok
22:19:58.0285 0x0480  [ 02262B2DD70E27D7C9F05D7F44135D28, F055261722729C6854193EC4EC887C39B69435AF42197005F8D060665EBFCAAD ] DptfDevFan      C:\Windows\system32\DRIVERS\DptfDevFan.sys
22:19:58.0317 0x0480  DptfDevFan - ok
22:19:58.0332 0x0480  [ 1A251FC32063972B4EEDEC43637061ED, 1D5C62FF2BF9B811586C648AD5615FD09EAAAB0D1346493B2BBA0A904B7F7AEC ] DptfDevGen      C:\Windows\system32\DRIVERS\DptfDevGen.sys
22:19:58.0364 0x0480  DptfDevGen - ok
22:19:58.0379 0x0480  [ 2986DF25D67710EB415BFDEB5EBDD486, 4378C70610B41F95714FAB9581C5AB840704FC0A6268E9394FA1B624CF108F1A ] DptfDevPch      C:\Windows\system32\DRIVERS\DptfDevPch.sys
22:19:58.0426 0x0480  DptfDevPch - ok
22:19:58.0442 0x0480  [ 6C3A9CF2037ADDFDC3AB96B04797AE12, B339F0019B690F66C76D34AE1ECD8CA315C8BB820452B3A5824829C9379CF313 ] DptfDevProc     C:\Windows\system32\DRIVERS\DptfDevProc.sys
22:19:58.0489 0x0480  DptfDevProc - ok
22:19:58.0535 0x0480  [ 593BFE1580F26864AFA2B3CDF3EEF71F, 71052F4DCCC5E1A78176599AB0A330FD3D0038C2C59DC0CC635DCF4FB3FB3630 ] DptfManager     C:\Windows\system32\DRIVERS\DptfManager.sys
22:19:58.0598 0x0480  DptfManager - ok
22:19:58.0614 0x0480  [ 3EBB900BA3BC774CABEBE2BED3200B8C, FC8D5BEA88909F7932C3F55EEF1EB95F0BCC7FFCCA820A20BAC46B894FA26264 ] DptfParticipantProcessorService C:\Windows\system32\DptfParticipantProcessorService.exe
22:19:58.0645 0x0480  DptfParticipantProcessorService - ok
22:19:58.0660 0x0480  [ 15FB795C1683ACC47989875E0CC5ED0B, 6F5D36547F87FB7D593477A01EA82B8A4069CBDF61095643A627943F558288A3 ] DptfPolicyConfigTDPService C:\Windows\system32\DptfPolicyConfigTDPService.exe
22:19:58.0692 0x0480  DptfPolicyConfigTDPService - ok
22:19:58.0723 0x0480  [ 9C7C183F937951AE17C5B8B3259CF3FF, 8ED607139F15D08B4835ACF864421BA4C08C88FE90B9AAF707F5D8514D7731B1 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
22:19:58.0785 0x0480  drmkaud - ok
22:19:58.0817 0x0480  [ F87F4AAAF6664906248D11D5E579A53B, F283932F68ED93891EEF00C18724359AB7057E922A3CDC8BC6F33F84D2B0BEE5 ] DsmSvc          C:\Windows\System32\DeviceSetupManager.dll
22:19:58.0879 0x0480  DsmSvc - ok
22:19:59.0004 0x0480  [ 2BB5627EB587FA995086C3D8C21B6D3F, 871E35BBE66180781324D38823B74263B660CF9254EE348A15421FAC5667F294 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
22:19:59.0145 0x0480  DXGKrnl - ok
22:19:59.0192 0x0480  [ 651FBD69A9713D623D456A240F96179C, 22A1F306B454EF9C84D25EF266F3ED0E1D896B1F5BE60170E79F37F2DBCA59F4 ] e1iexpress      C:\Windows\system32\DRIVERS\e1i63x64.sys
22:19:59.0301 0x0480  e1iexpress - ok
22:19:59.0332 0x0480  [ 58BA473DD88F5FC1932282BA683AA03E, B8A4407D3006D91BE88F9C5389AC1CACC73BEBF6F66433A1E5EB8E58E8836C12 ] Eaphost         C:\Windows\System32\eapsvc.dll
22:19:59.0395 0x0480  Eaphost - ok
22:19:59.0661 0x0480  [ 5AB97B3282D7D6114949D1EB5C8598E4, FB9449CC1CDC12C12AA0469BB6ACC770CB011250EDFD86E9600E754610608EFD ] ebdrv           C:\Windows\system32\drivers\evbda.sys
22:19:59.0942 0x0480  ebdrv - ok
22:19:59.0973 0x0480  [ F1DA34D64F2BA200D28A7451804E2FEE, 8BDF328F18F1EB58AC0E383ABA7985BA69EA9622B262CD524E3390FDE824DEEB ] EFS             C:\Windows\System32\lsass.exe
22:20:00.0036 0x0480  EFS - ok
22:20:00.0067 0x0480  [ 66D60BD9A4C05616ABECA2A901475098, 8111550DB03FFD72F1822F47B16F075DA92874B64F19342D7CF60B0EE648AFEF ] EhStorClass     C:\Windows\system32\drivers\EhStorClass.sys
22:20:00.0114 0x0480  EhStorClass - ok
22:20:00.0145 0x0480  [ A61D0F543024E458C0FE32352E1978E2, BDE6BC140300EAF790F16466C28897CE0BD7D94DCED13FDE20AA4AACA0F6A4FD ] EhStorTcgDrv    C:\Windows\system32\drivers\EhStorTcgDrv.sys
22:20:00.0192 0x0480  EhStorTcgDrv - ok
22:20:00.0207 0x0480  [ D790D058D67582DB9C84C2D33695FE6B, A5763D7F6D191EA4B290B3E92D842AC36FD46DF598472E70B46E45D8CCD2F912 ] ErrDev          C:\Windows\System32\drivers\errdev.sys
22:20:00.0254 0x0480  ErrDev - ok
22:20:00.0332 0x0480  [ F9E01C2D9F8BC049E04CF5DC24A5F638, CB6CCB59C77D4A59DDA846608AABEF1DFEC24C8422712AB8D59E27C13D731D2E ] EventSystem     C:\Windows\system32\es.dll
22:20:00.0426 0x0480  EventSystem - ok
22:20:00.0457 0x0480  [ 7A4D6FEB8C52B3FE855E4DCDF9107E03, 6B0146A4C9AD32DCDC2DEE8E8C5A29F687665458486449E0D37B151ED63B8ADC ] exfat           C:\Windows\system32\drivers\exfat.sys
22:20:00.0536 0x0480  exfat - ok
22:20:00.0567 0x0480  [ 60996602A7111FD2D086E803F33E4282, E62A91C90F8542990BEA4E6A5D9DD3D070F4EB23B4C13414C5DA2B0219509749 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
22:20:00.0614 0x0480  fastfat - ok
22:20:00.0692 0x0480  [ F0E7F8382ED5E138B0DFA4CB5058BCFE, 6247C7B75F975F5AB080FFB9881EF58A6F360219F7AF2DE871F38E80CAF3B62C ] Fax             C:\Windows\system32\fxssvc.exe
22:20:00.0786 0x0480  Fax - ok
22:20:00.0801 0x0480  [ 73B2D11DF0B6E03A0CB0323218ACB3E4, BA9256919BAA2E0760F6A658B557FDC389ACE8F9820D1A41FD995FC5613F5AA6 ] fdc             C:\Windows\System32\drivers\fdc.sys
22:20:00.0848 0x0480  fdc - ok
22:20:00.0864 0x0480  [ 0828E3E7BD77C89149EAD3232BFD38DB, A6A296647A4EDBFF59124E3A9C0AB48759AA1738615ACFA5A454FF6BD3C31BA2 ] fdPHost         C:\Windows\system32\fdPHost.dll
22:20:00.0926 0x0480  fdPHost - ok
22:20:00.0942 0x0480  [ 872506AAB591E8908DF4461475AF92DF, 772F2D08CB95775E438822B9EA005CBA92ED4071ADAB2C0101156A7D037D4704 ] FDResPub        C:\Windows\system32\fdrespub.dll
22:20:01.0020 0x0480  FDResPub - ok
22:20:01.0051 0x0480  [ 0588950D93A426F97C7AAADB1A9B0458, ABCB3619BD58CAC438FC032495AE45A7B6FFDD4BD33C1B3D1BC7F9F13FCB727A ] fhsvc           C:\Windows\system32\fhsvc.dll
22:20:01.0114 0x0480  fhsvc - ok
22:20:01.0145 0x0480  [ 88A9EBACD1058ABB237A6B4E96E7F397, 263D25D33B679EB01D97763701347C31B2F72E28CE2C7EC8013EA77756D98BE1 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
22:20:01.0192 0x0480  FileInfo - ok
22:20:01.0207 0x0480  [ 9E4EE3A0B00FF7D5F42A4AF9744CBA02, 1D7BFB00D74A28AC13ECBA1E0036D50EE79266AC02CEDB2632466BF9DD46F211 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
22:20:01.0270 0x0480  Filetrace - ok
22:20:01.0301 0x0480  [ B1D4C168FF7B8579E3745888658FFB1D, 1A5C13E902A0C788A8B995ADD2FBC3303005911C0AA3F3F4497D3016AA0EF583 ] flpydisk        C:\Windows\System32\drivers\flpydisk.sys
22:20:01.0348 0x0480  flpydisk - ok
22:20:01.0395 0x0480  [ B33EC133AE4E6C1881D2302D93D2467D, 77E3A16257EA3698B3FCD947D004144E8D1EEE48EF5C82DF49B1B9B2B3C61DB2 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
22:20:01.0457 0x0480  FltMgr - ok
22:20:01.0567 0x0480  [ 0BCDC0FF11B984162B0CF0FF6E9E0146, D44A3CECBA36B7A64854E244FA6B5E65047896BF9983D20B431410FBBA36697A ] FontCache       C:\Windows\system32\FntCache.dll
22:20:01.0739 0x0480  FontCache - ok
22:20:01.0817 0x0480  [ 0B56259F5611787222A04A8F254E51D4, F77AEC0ACBFAF9154E32223B84B613229DACCD953AEBC3E96C27570F9AB10FD0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:20:01.0911 0x0480  FontCache3.0.0.0 - ok
22:20:01.0942 0x0480  [ A5F7873A39E4E9FAAAE59B7E9E36B705, 32036109F5A50E9F3BEF97C5B28AE8179B3A5E22517868A83CADE4671FF90DEC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
22:20:01.0973 0x0480  FsDepends - ok
22:20:01.0989 0x0480  [ A6DD7D491F587F4BC13FB972977DC8E8, B86F97F17F6F443EC16DEF67CCA4EF78AFE56078D2877838A982FECB19557C87 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
22:20:02.0036 0x0480  Fs_Rec - ok
22:20:02.0098 0x0480  [ C1646A95EAC515F60CDB2A7A8A013C1E, F559B83C02B17265EDE95DD497C1A94E402F07EC251FC47449F789907AFFED14 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
22:20:02.0161 0x0480  fvevol - ok
22:20:02.0192 0x0480  [ A969D92973DFA895E7776B4BFE36DBB2, 7528E6983ECC59291A7A386E4E459B19D1593ABDDFFD276E2F01B0EA21693E20 ] FxPPM           C:\Windows\System32\drivers\fxppm.sys
22:20:02.0254 0x0480  FxPPM - ok
22:20:02.0286 0x0480  [ 52BC441E07A827EBAB70CDC7EAEDB28D, 8DECBD8E12EA52039742599CFBBF0D3B6610B57EF8D9DAEEEA33D202A478D286 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
22:20:02.0317 0x0480  gagp30kx - ok
22:20:02.0348 0x0480  [ 721F8EEF5E9747F32670DEFF7FB92541, E0A8EF70753E260C2C7D93D316B5EF9589DB086FDF829BDA2958C6A09CE471A6 ] gencounter      C:\Windows\System32\drivers\vmgencounter.sys
22:20:02.0395 0x0480  gencounter - ok
22:20:02.0426 0x0480  [ FC2B8B06BDBD3B6457F5A3DA9AD2410E, 4BF196E1CAC94E9265EBEB68F41C3E29F0C709ECFF9420B5B1C9C82680D5D6A8 ] GPIOClx0101     C:\Windows\system32\Drivers\msgpioclx.sys
22:20:02.0473 0x0480  GPIOClx0101 - ok
22:20:02.0583 0x0480  [ 5358678C6370F2ADC5291849F6503262, 841633D7A936C3889690C67E189BAD4C6B294C196FFFE5B564FCECDFE46A9E52 ] gpsvc           C:\Windows\System32\gpsvc.dll
22:20:02.0739 0x0480  gpsvc - ok
22:20:02.0801 0x0480  [ 630555943E5A3FE21010CE91EC7FC84F, 20D7247A4363EE9E851501D89A466564ADCAEC304DE42280E4E09AD8499436A9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:20:02.0879 0x0480  HdAudAddService - ok
22:20:02.0911 0x0480  [ 58CC013EFA9893057160EDA018D8ADCE, BE8AA220CFBD90202C1B130DF349C3198E3447F3C2DC7BC5FC8816F57F78BA00 ] HDAudBus        C:\Windows\System32\drivers\HDAudBus.sys
22:20:02.0973 0x0480  HDAudBus - ok
22:20:03.0004 0x0480  [ 3F76BBA53D65E85A7F53E7A71082082C, D1E18815BB19CD11007C4A66162C76F55D4FE6B09B34ED45969C7ECC29D394AD ] HidBatt         C:\Windows\System32\drivers\HidBatt.sys
22:20:03.0051 0x0480  HidBatt - ok
22:20:03.0083 0x0480  [ 085F150D002B7F0153D3C06DDF33A143, 41847FD02608ECFE3A6B4B38CBDE8416B0EF17491868511FD704B0BCC280338E ] HidBth          C:\Windows\System32\drivers\hidbth.sys
22:20:03.0145 0x0480  HidBth - ok
22:20:03.0161 0x0480  [ CC4A07E51D89575CAB6F4EB590D87CD4, DFB4EAF0923EF9FF6C42EDD1EA5E4025F243C9BE2D03D5423FE8A897DC01D657 ] hidi2c          C:\Windows\System32\drivers\hidi2c.sys
22:20:03.0223 0x0480  hidi2c - ok
22:20:03.0270 0x0480  [ DC96F7DACB777CDEAEF9958A50BFDA06, 7CE79F32D5EE65C0178CFF56523825D3EE01095B2CE8C67634A6604A821A9086 ] HidIr           C:\Windows\System32\drivers\hidir.sys
22:20:03.0348 0x0480  HidIr - ok
22:20:03.0364 0x0480  [ FAC37D7B3D6354A5A5E19A45B50B4008, 2962B552A1DA545DFDEF0886582E82596FE8A3A19AAF989B025AFDA84D16D4EC ] hidserv         C:\Windows\system32\hidserv.dll
22:20:03.0426 0x0480  hidserv - ok
22:20:03.0442 0x0480  [ A9F2301B8D28BB4D887F5AEBB55ACB3A, 886B04224CA0A90B4FD0B9F8D243EED4FBA367D078FB1CAF99EE671FE1FCEC27 ] HIDSwitch       C:\Windows\System32\drivers\AsHIDSwitch64.sys
22:20:03.0473 0x0480  HIDSwitch - ok
22:20:03.0504 0x0480  [ 012C354B4AB48E9A7A657DF39E3A2073, B15D0089CE509FF1CF73DFE095425C1C99FC3971622DCAAD9CAEB989A12A4FDB ] HidUsb          C:\Windows\System32\drivers\hidusb.sys
22:20:03.0551 0x0480  HidUsb - ok
22:20:03.0598 0x0480  [ 43F884B61A24377567CD0FEB35236334, B3BA36B527C8D6D83DE2FBCD8D503B87FD2611BF15B07A7BC138DC8BAE6A50C1 ] hkmsvc          C:\Windows\system32\kmsvc.dll
22:20:03.0661 0x0480  hkmsvc - ok
22:20:03.0692 0x0480  [ 33DFC14DFDCCFA7AA10E392F6A8EC1CF, E6967F3F465C6E903221BC0FCBAE7D05FD18C0BF110D929335F5935364B3C1BC ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:20:03.0770 0x0480  HomeGroupListener - ok
22:20:03.0817 0x0480  [ E0D9F6FE18FA7F53ADD29AF719CE2B7E, B965DCC72625188F3B896CB447B7696F22687266EAFC5AA270E2AD53DD9F324D ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:20:03.0895 0x0480  HomeGroupProvider - ok
22:20:03.0926 0x0480  [ 64DB7A8D97CA53DCCF93D0A1E08342CF, 02CAB7F28D3830C482683425C60044239C6F1562556688A274CA2C237C846E76 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
22:20:03.0973 0x0480  HpSAMD - ok
22:20:04.0051 0x0480  [ F4A91D985EB9D1D2717D538F3424603C, 454AD2FF3A7963B9835AEF300F6672F92D0CCF59593BA2CCC83F0EC1446BB659 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
22:20:04.0145 0x0480  HTTP - ok
22:20:04.0176 0x0480  [ 2A98301068801700906C06649860FE94, 664394A52326289DCA0828B0041A105653F4FEF3E3DCCC3787AAE0F6FDC73A14 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
22:20:04.0223 0x0480  hwpolicy - ok
22:20:04.0239 0x0480  [ DC76901D82097C9E297F20C287CB9A27, 01A412D0D8A65050BE4250A7C4B9F98A4C43FD891827761E0C830369A5F9F09C ] hyperkbd        C:\Windows\System32\drivers\hyperkbd.sys
22:20:04.0301 0x0480  hyperkbd - ok
22:20:04.0333 0x0480  [ 716413AB3CA12DE0A7222D28C1C9352C, B82B586BD9DBD70DDA19A02504E8CB00DA53677703AB848B53387601C5BAD3D3 ] HyperVideo      C:\Windows\system32\DRIVERS\HyperVideo.sys
22:20:04.0380 0x0480  HyperVideo - ok
22:20:04.0411 0x0480  [ C9E9CBF73AFFBFE3E801EFB516787BA3, 1A850D614BDA6AA4195CC657702BC6242BA51B90131717743182AA160F65E72C ] i8042prt        C:\Windows\System32\drivers\i8042prt.sys
22:20:04.0473 0x0480  i8042prt - ok
22:20:04.0551 0x0480  [ 0FE66A51D81A25AACEAAE4C26308121D, C5553F7ABA74A8EB71A4ED0E8F2A6AA2892F871D164F2D4FADB035BE7D1A8C44 ] iaStorA         C:\Windows\system32\drivers\iaStorA.sys
22:20:04.0630 0x0480  iaStorA - ok
22:20:04.0692 0x0480  [ 5E394EBD26FD68AA9300332C46BEDD62, 56A5DA7CE08C07B519E55D0A46AA9D10B640349808EFE02B3278267B75B5F603 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
22:20:04.0755 0x0480  iaStorV - ok
22:20:05.0364 0x0480  [ 11A31FC2481BFE69B0507ED8C80215F4, 8A1E90611F749E8F04B6D86E835E981CAC16D0841305CADB19E58682DA006698 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
22:20:05.0989 0x0480  igfx - ok
22:20:06.0051 0x0480  [ 24847A06B84339FEEDE5CABF3D27D320, 7727B1DAD0D4A1D474FBBEFCEBDF36A1F07D1AA300869AE57A24ED91BF84B6B4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
22:20:06.0083 0x0480  iirsp - ok
22:20:06.0176 0x0480  [ E455C83E029121270BED73CDAC381F37, 433D525C19DBF26FAC28853C606C872D973104842B0EF1B2BF2EAC85457E2953 ] IKEEXT          C:\Windows\System32\ikeext.dll
22:20:06.0286 0x0480  IKEEXT - ok
22:20:06.0567 0x0480  [ 8524178B895E4BC04776B319DA3A70EC, A635EADF6E8BD985B730F2737E8DA36AC71E8FEB759787ECB24D955176622AD2 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:20:06.0911 0x0480  IntcAzAudAddService - ok
22:20:06.0973 0x0480  [ F5495B38BFB9149925F54F65AB40EFBF, 7CBB72C41E2343DACBFB967A39CA04788561EDECB289C41BC2D6A06B80882AC4 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
22:20:07.0036 0x0480  IntcDAud - ok
22:20:07.0130 0x0480  [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC, F791EE101EEF8B9F48102B6C63A89B78F7C0041C750C4F4C0D16D54B583B7B5C ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
22:20:07.0208 0x0480  Intel(R) Capability Licensing Service Interface - ok
22:20:07.0302 0x0480  [ 9656F8E29F6C3161A3E99BCD3A472FF9, 30AD00B53CCB2E4121508729F3471D3C0568F1C32324C398382C97E8BC43ECF0 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
22:20:07.0395 0x0480  Intel(R) ME Service - ok
22:20:07.0411 0x0480  [ 4F37726CF764CA18A8A84F85EF3A7F24, 6212B23917526E127CE641A11A58DA93651FFE70829C4079FE465DBDC81CF470 ] intelide        C:\Windows\system32\drivers\intelide.sys
22:20:07.0458 0x0480  intelide - ok
22:20:07.0489 0x0480  [ E15CDF68DD73423F15D4AC404793AF0D, E2D0136AF68D1A73EB3A63C83284B4661222CB0A4AFACCF276CB57CBD4850287 ] intelppm        C:\Windows\System32\drivers\intelppm.sys
22:20:07.0552 0x0480  intelppm - ok
22:20:07.0583 0x0480  [ 8FCA66234A0933D796BB780B7953BAB9, 7DD677F5EE09A8D7A75C9E475B5E6B3DCA49D1E846C7D160B839D7029B1C5B6D ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:20:07.0645 0x0480  IpFilterDriver - ok
22:20:07.0755 0x0480  [ C217B8D2E58C57A319B16125C3D4B69C, 905BB858E1782BD08FF080A4A604CE662440A15601B178FBD30269C306C04CCF ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
22:20:07.0848 0x0480  iphlpsvc - ok
22:20:07.0895 0x0480  [ A4071DA3AE419F9694BFCB267C7DB8D7, 392DEE1DA51606C29418A98D2861F115E9F67C688B4281C53E87BA73A98809FB ] IPMIDRV         C:\Windows\System32\drivers\IPMIDrv.sys
22:20:07.0942 0x0480  IPMIDRV - ok
22:20:07.0989 0x0480  [ 3969B9C218DD3FAA9F4ED2FFC3651C02, 93447F124CC55FB17055126432194153E1BB8F0FD95A47608494B6834A5F7089 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
22:20:08.0067 0x0480  IPNAT - ok
22:20:08.0083 0x0480  [ 25CD7C4BB2863FFC2B0B311F0AEBF77C, 4099BAA2DB4ADB93B878D71E241B7D9EB7E0EE7ED0FE2450CCB9E4718B3726EB ] IRENUM          C:\Windows\system32\drivers\irenum.sys
22:20:08.0130 0x0480  IRENUM - ok
22:20:08.0145 0x0480  [ D940C5BB9DC92E588533C19ABCC3D2C2, D1442854CEDE86F2C187A35851E74C873D34B772C60BC118FA1577F79C03364D ] isapnp          C:\Windows\system32\drivers\isapnp.sys
22:20:08.0177 0x0480  isapnp - ok
22:20:08.0255 0x0480  [ E6530FD4F61B40F338BF4355A21B9A09, FE9BF039B9901BEC260A69F7C49ACFA9881AD470DCCBA70C7EC36F518DA71702 ] iScsiPrt        C:\Windows\System32\drivers\msiscsi.sys
22:20:08.0317 0x0480  iScsiPrt - ok
22:20:08.0364 0x0480  [ 78ABBE558F57144047F10A0F50FE4B2F, 6BE608F7697D83FD6C7E6EA422AC5637933BDC96B1044C12DE9A419CE7D6F6CE ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
22:20:08.0473 0x0480  jhi_service - ok
22:20:08.0520 0x0480  [ 8FBD94B69D6423E20ABCD59D86368B21, 218EF992095E365EC917413749856A64D55D8129D77098E24D670843233377F4 ] kbdclass        C:\Windows\System32\drivers\kbdclass.sys
22:20:08.0552 0x0480  kbdclass - ok
22:20:08.0583 0x0480  [ E88C932ABDF8185A62C8F2FC7B051FB6, 67F9AF58237A11F0BF3D15AA5B32E5CE66B7AA039B999D938F7F6E63DCEA7A6E ] kbdhid          C:\Windows\System32\drivers\kbdhid.sys
22:20:08.0630 0x0480  kbdhid - ok
22:20:08.0645 0x0480  [ A8080BEBCDB7A16495CE1205921DCAC5, D4B0EF97B75BF75934A0BEEE48CACD20E8F505600C3A07243DF7627680EE8552 ] kbfiltr         C:\Windows\System32\drivers\kbfiltr.sys
22:20:08.0677 0x0480  kbfiltr - ok
22:20:08.0692 0x0480  [ FB6C185092E18011EF49989425C2AA87, 043524409E0A764201DD221C48B7DEEA0D161945EB37D4B88313BAB2299949DF ] kdnic           C:\Windows\system32\DRIVERS\kdnic.sys
22:20:08.0739 0x0480  kdnic - ok
22:20:08.0755 0x0480  [ F1DA34D64F2BA200D28A7451804E2FEE, 8BDF328F18F1EB58AC0E383ABA7985BA69EA9622B262CD524E3390FDE824DEEB ] KeyIso          C:\Windows\system32\lsass.exe
22:20:08.0802 0x0480  KeyIso - ok
22:20:08.0833 0x0480  [ 8B3EB6372436195B8EA8AE09A184BCE2, 9AFB7A9D6AEEBF5994C85B355155024768116E2D537C9FA169BC3F4594ECD35C ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
22:20:08.0895 0x0480  KSecDD - ok
22:20:08.0911 0x0480  [ 3DD9C86EA88E8B5A51904AD87E1F2E78, F9EC9A571212117C01934CD29057EB1B3FA095F670294244AF7D9387D3F6E555 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
22:20:08.0958 0x0480  KSecPkg - ok
22:20:08.0989 0x0480  [ 81492FEEBF2F26455B00EE8DBAE8A1B0, E33AA2DFB2D3BB30B02CDADA2EC290F86329DA3198327A653F39A843D86390B9 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
22:20:09.0036 0x0480  ksthunk - ok
22:20:09.0099 0x0480  [ 5825DBACEDC3812B5CF8D40B997BF210, 1C2997BCC707C1029B21876E093038CE3BBF6E6694B4CCF7EEDD47172ED9A541 ] KtmRm           C:\Windows\system32\msdtckrm.dll
22:20:09.0177 0x0480  KtmRm - ok
22:20:09.0224 0x0480  [ 256EE31588257E8A555DBFAA13F1908E, B6817F632EDEA483E35BF26846DCDD4E95E860620959179B2A5D8AD7EEDDB126 ] LanmanServer    C:\Windows\system32\srvsvc.dll
22:20:09.0302 0x0480  LanmanServer - ok
22:20:09.0333 0x0480  [ 16650912BE5A94B40E0B3B4C39652B56, 908C2C9367AE0AC9AECB5D91514BB33ACD746D99F19C1A8DD6A9550E9CAD9E00 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:20:09.0411 0x0480  LanmanWorkstation - ok
22:20:09.0458 0x0480  [ CEEFD29FC551F289810B0B9381B321DC, 900F206B487B2190D9363F28AA4BA0CD7DCFE1D005BE05A48AF74B1B81194691 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
22:20:09.0505 0x0480  lltdio - ok
22:20:09.0552 0x0480  [ BCF53485E0A94722CDE3C4A93CD8EB8C, D24E1066EB102245A89A5D17D608DB9DF6B71C99F1C77E070B95EFD17D268141 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
22:20:09.0614 0x0480  lltdsvc - ok
22:20:09.0645 0x0480  [ 5A2F7F1CBC2E631A497DAD16164E06D2, 35274FC6C386380B01B5E8F467E71A2C4E2FB2AD701554F9B1A9B036B0340142 ] lmhosts         C:\Windows\System32\lmhsvc.dll
22:20:09.0692 0x0480  lmhosts - ok
22:20:09.0739 0x0480  [ 2C24DC448DBE8DB9BE1441B824C57E79, DA2257EEC964A47D03C2BB13317FD788E51D4685E2395B303ED7B2575FEF3B19 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
22:20:10.0349 0x0480  LMS - ok
22:20:10.0380 0x0480  [ 022CDD12161B063D7852B1075BF3FFF2, E21267243AF2FC208D27E67827B1264A762C99AECEDB7AD2C48A04F421A6B2F0 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
22:20:10.0442 0x0480  LSI_SAS - ok
22:20:10.0458 0x0480  [ 07AD59D669B996F29F91817F0ECFA34F, 026F332F862D142BFFC9D169CCD17A35BFB6B301EEC72AA13E16369B3520919C ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
22:20:10.0505 0x0480  LSI_SAS2 - ok
22:20:10.0536 0x0480  [ 216FB796AA4E252ACCE93B1BCB80B5EC, 5B1E49B5F7B9C7A778198D27F8EE500FE35DC32D40B22A3D6ED67560BEB04212 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
22:20:10.0583 0x0480  LSI_SCSI - ok
22:20:10.0599 0x0480  [ 5E80530AF37102488EE980B4A92AF99F, 364E18EAD9AC22F8A306B24C6C43E58224F6BE2744EFEAA2484696B8D9880851 ] LSI_SSS         C:\Windows\system32\drivers\lsi_sss.sys
22:20:10.0661 0x0480  LSI_SSS - ok
22:20:10.0724 0x0480  [ 1DC9B701F8EB7D67774035AC9C3104F6, 77371267CDA605F78674BF8FA14B134B22299CD96EADA60A68762207595F0B46 ] LSM             C:\Windows\System32\lsm.dll
22:20:10.0802 0x0480  LSM - ok
22:20:10.0833 0x0480  [ 2BDC5D711FA61307CE6190D47C956368, 6BCDC6CBB9783F1ABE8957BDA94AF977DFB2A310BB6D19085EFC8609C97FD180 ] luafv           C:\Windows\system32\drivers\luafv.sys
22:20:10.0911 0x0480  luafv - ok
22:20:10.0942 0x0480  [ 9B0D829C3BE4E7472DB9DD2B79908E3C, ACED5806FFF39E84007B5A3DCB16315329DC53007F46B1BEEDC391CC659F7DD3 ] megasas         C:\Windows\system32\drivers\megasas.sys
22:20:10.0974 0x0480  megasas - ok
22:20:11.0020 0x0480  [ ECC3F54C7AFC318271C4F0B4606D8DB0, FD1ACB18B8C912C7A57DABCD5460800DD0721A82E09C8D79C47B3392D61CBEA6 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
22:20:11.0083 0x0480  MegaSR - ok
22:20:11.0114 0x0480  [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64          C:\Windows\System32\drivers\HECIx64.sys
22:20:11.0145 0x0480  MEIx64 - ok
22:20:11.0177 0x0480  [ EEE908BE7143FCA48CF0CB87214E2AB8, 4F9BD299F559DD36DBD93489CFAA753F236FBB70946E034D2E2260059AE20962 ] MMCSS           C:\Windows\system32\mmcss.dll
22:20:11.0239 0x0480  MMCSS - ok
22:20:11.0271 0x0480  [ 780098AD5DA8A4822E2563984C85EF7B, 29312970774E944B5ED388316CF3D350DCABF721F9695737B0AC56BE878B0446 ] Modem           C:\Windows\system32\drivers\modem.sys
22:20:11.0333 0x0480  Modem - ok
22:20:11.0364 0x0480  [ EA8EAD3F5B762F889CC7F3966625B48B, B701A42E5E08B7BC6601560446146803182E5DC631AB73E9408F19CB6432F121 ] monitor         C:\Windows\System32\drivers\monitor.sys
22:20:11.0411 0x0480  monitor - ok
22:20:11.0427 0x0480  [ 618446B98C79776654340CE27C73485E, EFE7169FDD545933B5949DA2D09266971C0C3E6894E7BD8AFE29E41567C72B16 ] mouclass        C:\Windows\System32\drivers\mouclass.sys
22:20:11.0474 0x0480  mouclass - ok
22:20:11.0505 0x0480  [ C0ADEBED913295803B579ED288936CBB, 58F71541166D1DA07C18FBD27458D55E3F8AD7291CB7496B3A2F01372A5B0CAE ] mouhid          C:\Windows\System32\drivers\mouhid.sys
22:20:11.0552 0x0480  mouhid - ok
22:20:11.0583 0x0480  [ E7E9DBFDD3F25ED0C05B99AE9FA18BDE, 6D0204BA271FD3262DAE6E6BF9C12C0D49E3C9AF40EB1E072BD5CA5E2B8598D5 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
22:20:11.0630 0x0480  mountmgr - ok
22:20:11.0677 0x0480  [ 4E9D8041D352A33332FD6F59A3A78B03, D4E6229B07EF9866993EEE4F6223DC7F1FF1108273FE14A3DC74E65C181DE56A ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:20:11.0755 0x0480  MozillaMaintenance - ok
22:20:11.0771 0x0480  [ 4CCBBD4944777CA100B9A6C2F149A46F, 7FC172FAF8266BFBBBBAD94FD67EA3C1872F5927DC3900A9A54DB2DFE34E7415 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
22:20:11.0833 0x0480  mpsdrv - ok
22:20:11.0911 0x0480  [ 9DE3341BD4E14BC5FADFCAD3019F2D0D, 37E0531EADABC6D4BCC496826651D4D14CF0D10156FF13C11BDE466084B44FF4 ] MpsSvc          C:\Windows\system32\mpssvc.dll
22:20:12.0021 0x0480  MpsSvc - ok
22:20:12.0067 0x0480  [ 3D70147F55F1EC84EB9139ED7FFE48BC, 12429C2FDDDA13815F0E18F9009011AA5360955759A23A38175543F480CB92EF ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
22:20:12.0130 0x0480  MRxDAV - ok
22:20:12.0177 0x0480  [ 7A761AEE58658378BBA45D360F874CB0, 31972E63D93E07D92EF69571B7ED1E69B1358DCA5BEED62A9372F6411B4DFDB3 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
22:20:12.0255 0x0480  mrxsmb - ok
22:20:12.0286 0x0480  [ 06D5F2FA3C61E8EA91648EA8E9F99FD3, C665B7896501D42C73955F4EAF4FA3C6B2C9286957D6023C235AFBF9BFB761C6 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:20:12.0349 0x0480  mrxsmb10 - ok
22:20:12.0380 0x0480  [ 697B78CE3925E4FBFC544232A5E9E2EB, 2D03425513572F6098BAAF82C0EDB49EBAB88438971D349CA1917DA0BDB76334 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:20:12.0442 0x0480  mrxsmb20 - ok
22:20:12.0489 0x0480  [ 98487487D6B3797CA927E9D7B030AE13, 05840AF0DD2E3CB596DA768DBD0728B52210EC05B55AB5921E697AD8956938DD ] MsBridge        C:\Windows\system32\DRIVERS\bridge.sys
22:20:12.0552 0x0480  MsBridge - ok
22:20:12.0567 0x0480  [ 4A07458EB4F17573BD39F22029A991C1, 74D7A1882EA4D19B8F090C2813489E5D3F759BF4AF2D88AE852EC6510C405B5E ] MSDTC           C:\Windows\System32\msdtc.exe
22:20:12.0646 0x0480  MSDTC - ok
22:20:12.0661 0x0480  [ 3886F1F2A4D2900ABAA7E4486BEEE6A2, ECCA22985838A914EDC866C491DEB64B9FF5110EFA9BEE541F634AC5EC3081F9 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
22:20:12.0724 0x0480  Msfs - ok
22:20:12.0755 0x0480  [ C32A7A39B960A42BA9D4FBE47213CA03, 4DA48587138972DA5E95AEDBBBE73BA8CCADC8172C6654427ABEAC8047B27E95 ] msgpiowin32     C:\Windows\System32\drivers\msgpiowin32.sys
22:20:12.0802 0x0480  msgpiowin32 - ok
22:20:12.0833 0x0480  [ D3857A767B91A061B408CCAB02DA4F40, A4D780772086AD8717EE6DC2B6189F796939FB5E5AA08FD9D1984101998FBECF ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
22:20:12.0864 0x0480  mshidkmdf - ok
22:20:12.0880 0x0480  [ 839B48910FB1E887635C48F3EC11A05E, F8CFD99911500CC1B6A90C8E2A1697BD5A6E5776A62A62FE5B342FE204C936B1 ] mshidumdf       C:\Windows\System32\drivers\mshidumdf.sys
22:20:12.0927 0x0480  mshidumdf - ok
22:20:12.0942 0x0480  [ 55C0DB741E3AB7463242B185B1C2997C, D2E2A5B48A64EA0EC2A6566C08E65A38D11CEA64BCA7B57793BA0D009E4D974A ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
22:20:12.0989 0x0480  msisadrv - ok
22:20:13.0036 0x0480  [ 216C6B035A4BA5560E1255BD8E5BB89F, A14E038604B9A5506DB145A4D9F51E2751AC825240D2744924F39C332B5DE00B ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
22:20:13.0083 0x0480  MSiSCSI - ok
22:20:13.0099 0x0480  msiserver - ok
22:20:13.0114 0x0480  [ 509809566E49F4411055864EA8D437CD, 70F37BF9C759E8BCA1C6AC8FB9805950925E1C648ED37E8561A0F7A407DFDC28 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
22:20:13.0161 0x0480  MSKSSRV - ok
22:20:13.0192 0x0480  [ 63145201D6458E4958E572E7D6FC2604, EDD4A8A3BBE94B983554B1117734E66A2647B867269C5F0567C47EDE6F3FACCB ] MsLldp          C:\Windows\system32\DRIVERS\mslldp.sys
22:20:13.0239 0x0480  MsLldp - ok
22:20:13.0255 0x0480  [ 99D526E803DB6D7FF290FD98B6204641, 4AFAA3B1186621AEAD19E12D3DBE104DD8FCD5C106F9EC3ADA4AD1BC7093E61F ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
22:20:13.0302 0x0480  MSPCLOCK - ok
22:20:13.0317 0x0480  [ 06FA77C3E2A491ADCD704C5E73006269, 465A7EE5387E6C11398A554F73437278F5BF110356E7F49F315905C1F2459278 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
22:20:13.0364 0x0480  MSPQM - ok
22:20:13.0411 0x0480  [ E134EC4DE11CF78CB01432D180710D84, BB111F97AEEFDCA5866B157E9957599CD7A4952B5BCCA0B0BCA9EDFCD17E61FE ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
22:20:13.0474 0x0480  MsRPC - ok
22:20:13.0505 0x0480  [ B5AECF12F09DEE97C9FCAA5BA016CE1E, F5305C4CE6C93A3A3481BD13BE0C23FE26571E11029ACFFE75FB78913681FCFC ] mssmbios        C:\Windows\System32\drivers\mssmbios.sys
22:20:13.0536 0x0480  mssmbios - ok
22:20:13.0567 0x0480  [ 72D66A05E0F99F2528F6C6204FD22AA1, B14D433BC5795F1DC4C672302285E665DC012693E75574F60664AAD8874DE562 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
22:20:13.0599 0x0480  MSTEE - ok
22:20:13.0614 0x0480  [ 8AAAE399FC255FA105D4158CBA289001, 2F55C02605B4A3406B289FF9D46C76260B9138E3DE96AFAEA0E0522E5A2A746C ] MTConfig        C:\Windows\System32\drivers\MTConfig.sys
22:20:13.0677 0x0480  MTConfig - ok
22:20:13.0692 0x0480  [ 3BCB702F3E6CC622DCAFCAA45D7CDE0A, 00D33A4AB3E7C5F65F59C63F8E2FD27EF38D5484595F785D5632E9414E29352C ] Mup             C:\Windows\system32\Drivers\mup.sys
22:20:13.0755 0x0480  Mup - ok
22:20:13.0771 0x0480  [ 3A1E095277BBD406CEA8EA6B76950664, 47838F307A6354E77C19A7B1F3F3E22726EF60403B611F358AD6FFE81D7214E7 ] mvumis          C:\Windows\system32\drivers\mvumis.sys
22:20:13.0818 0x0480  mvumis - ok
22:20:13.0864 0x0480  [ 4B18840511D720BA118D3017E8165875, 724458A69269A5AE57E8DAB74FF3C198A79B6F7A9602BF38A70B4A40543ED167 ] napagent        C:\Windows\system32\qagentRT.dll
22:20:13.0943 0x0480  napagent - ok
22:20:13.0989 0x0480  [ 43D7388A90A4C6EA346A4D6FF0377479, DFDCFA448B49C8A577056070AF516F08CD2E452706A3CF9173195ABA4256F35D ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
22:20:14.0083 0x0480  NativeWifiP - ok
22:20:14.0114 0x0480  [ 6A0C3996DA7DAE6D6939676D786EEEC4, 6E8A4C6234FD3040BC889E92016A4D5AC7BCAF5059521E50C733966163A546A0 ] NcaSvc          C:\Windows\System32\ncasvc.dll
22:20:14.0177 0x0480  NcaSvc - ok
22:20:14.0193 0x0480  [ C982FE4CC91DECE2259F494FCEB4030F, 4C285407E6F9FBBA92180F4063AEFB736ED142D802F0151002F0CC20AB7BB4E5 ] NcdAutoSetup    C:\Windows\System32\NcdAutoSetup.dll
22:20:14.0255 0x0480  NcdAutoSetup - ok
22:20:14.0349 0x0480  [ A10E176F3B2BF83EDE7B5C4658C93B66, 42F2FAEB4A29BBC6727D7E159D3E7E2E66D33785E5C98496EEB44D281601A23E ] NDIS            C:\Windows\system32\drivers\ndis.sys
22:20:14.0458 0x0480  NDIS - ok
22:20:14.0489 0x0480  [ 39C8A1D9D46F5E83A016BCAB72455284, 80DBED610E0818C2C7122FBC5BC8C15BCE981538AE48DC48F464A86389AF3F68 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
22:20:14.0568 0x0480  NdisCap - ok
22:20:14.0599 0x0480  [ 762941932B7E4C588E48A577BA9D6440, 71FA1870E398CB848D8294FEF6C60E0499CAB9A16EC3F487564C41072590E4F3 ] NdisImPlatform  C:\Windows\system32\DRIVERS\NdisImPlatform.sys
22:20:14.0677 0x0480  NdisImPlatform - ok
22:20:14.0708 0x0480  [ 7A6F8A6D0E01432EBA294EF29CDD0FA7, D902AE15194A9F8A2198914FC76184FE7E2B589747275952A04A52853128FDB8 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
22:20:14.0771 0x0480  NdisTapi - ok
22:20:14.0802 0x0480  [ 79AB68BB3FFF974AD4F41FA559F4EC67, 1745EC6520B48E325C56D98A1F4DB9CE135FE3E097B3D66E6598791132CAD7BD ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
22:20:14.0880 0x0480  Ndisuio - ok
22:20:14.0911 0x0480  [ 62C7DBF4F9301F76CF87D4B9D8F57BF8, D51FEF198F74FDF583826E259E4736F51CD49908194104677889FD135EEC2EBC ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
22:20:15.0005 0x0480  NdisWan - ok
22:20:15.0021 0x0480  [ 62C7DBF4F9301F76CF87D4B9D8F57BF8, D51FEF198F74FDF583826E259E4736F51CD49908194104677889FD135EEC2EBC ] NDISWANLEGACY   C:\Windows\system32\DRIVERS\ndiswan.sys
22:20:15.0068 0x0480  NDISWANLEGACY - ok
22:20:15.0114 0x0480  [ 3730942D7DB2F8BB5F84542B7FF6F650, 89C9D7D7305205BDB304CE6DA7D1A57EDE86A9D77429698802A39D75EB78CAAB ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
22:20:15.0177 0x0480  NDProxy - ok
22:20:15.0208 0x0480  [ D3F60A4345FCA9C1BE68AD7D0D6DE770, 214AF09F4B021C2F8655FBC8AC8C801E89CD9115CDE690FAEBDA69D63D660EDD ] Ndu             C:\Windows\system32\drivers\Ndu.sys
22:20:15.0255 0x0480  Ndu - ok
22:20:15.0286 0x0480  [ 7C203A76394F9AE68F69EEE5F9612C4A, 2222654915913BDC9367A2075714906A10CF22C047A7494CD59CB71834ED1B62 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
22:20:15.0349 0x0480  NetBIOS - ok
22:20:15.0380 0x0480  [ 7CEC25C682D319D484630B3952C31A11, 025C46B367E0570E9E3F9DF1564C3E47B1524E9E9A180BBDF0E9C684838F5E42 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
22:20:15.0474 0x0480  NetBT - ok
22:20:15.0489 0x0480  [ F1DA34D64F2BA200D28A7451804E2FEE, 8BDF328F18F1EB58AC0E383ABA7985BA69EA9622B262CD524E3390FDE824DEEB ] Netlogon        C:\Windows\system32\lsass.exe
22:20:15.0536 0x0480  Netlogon - ok
22:20:15.0568 0x0480  [ 89519D29CBEC2121CA65CC29C4D345E0, F3BA7BCAFEC8DD8B29837458D1B2B1DEE748AEAAAE0575FD3AAE65CFC72A04CD ] Netman          C:\Windows\System32\netman.dll
22:20:15.0646 0x0480  Netman - ok
22:20:15.0693 0x0480  [ 79FA9393C67EBBF92A56923592CF7A7C, A8AB8A6346B97B68810CC632F425085BE9E63ACAED0F119A7BFD03F2DA4AA5F6 ] netprofm        C:\Windows\System32\netprofmsvc.dll
22:20:15.0786 0x0480  netprofm - ok
22:20:15.0849 0x0480  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:20:16.0068 0x0480  NetTcpPortSharing - ok
22:20:16.0599 0x0480  [ 57B9C04D673F236D41FAB03842C8640B, 898DCBBBF94875059CD328B0FC75BE36A4E3DD471C6E28BFAE064BCF84349518 ] NETwNs64        C:\Windows\system32\DRIVERS\NETwNs64.sys
22:20:17.0318 0x0480  NETwNs64 - ok
22:20:17.0365 0x0480  [ 12DD2800E4EEA37DC9AE256AD62423B4, 34740469EEA8740CBACD881CB232C9ABB9AB180DE5F45336BC6DBE154259F29B ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
22:20:17.0411 0x0480  nfrd960 - ok
22:20:17.0458 0x0480  [ 80ABCD4C2DE9FD832477303AE0CA3BE5, 98F3958E650CEB1006D92980503E1B176D2CA55D2A6742C1C27CDE829D137DA9 ] NlaSvc          C:\Windows\System32\nlasvc.dll
22:20:17.0521 0x0480  NlaSvc - ok
22:20:17.0536 0x0480  [ 17E19A742FB30C002F8B43575451DBE1, 59D226A4A5B5281C399BE96C694915E38EEAF335D31F346B0C65D8F469D7C9C3 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
22:20:17.0615 0x0480  Npfs - ok
22:20:17.0630 0x0480  [ 8ED299C30792544264E558BEA79F0947, 8A03FDA9AADB79ECBCBCDC988B7D8CF0672689C9DF673A2ECFE0D2D88A9C6A6B ] npsvctrig       C:\Windows\System32\drivers\npsvctrig.sys
22:20:17.0724 0x0480  npsvctrig - ok
22:20:17.0740 0x0480  [ 832B5FDF0B5577713FD7F2465FCD0ACE, 4A551CDBACED47DD781EC59F8B59A13D66EFD85DCF636BCFCBACFE5972A78E93 ] nsi             C:\Windows\system32\nsisvc.dll
22:20:17.0802 0x0480  nsi - ok
22:20:17.0833 0x0480  [ 689B3B1E95C70ABF7AFF29F9406EF1E0, 8B62D8AE53E1B3218158FADC0075682AB06D18998CF5DE82C920A9CD91C0652F ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
22:20:17.0880 0x0480  nsiproxy - ok
22:20:18.0021 0x0480  [ 7BE3EDFFA3216F989A6BDCB14795DD08, 19A2D0120C46CA9BCFBC16DC3E65687ACDDCBA33B79128188652BA2AFAA2EE2F ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
22:20:18.0208 0x0480  Ntfs - ok
22:20:18.0255 0x0480  [ 4163ADE07DB51843AE31F65B94F5398D, 4349E7EF1EE1E71E1F436BA42F5B58871D82B987D513BA2D6E1CEB8A21BD1B20 ] Null            C:\Windows\system32\drivers\Null.sys
22:20:18.0302 0x0480  Null - ok
22:20:19.0115 0x0480  [ 5104BAC2DA2A5BDD86AC6B0708B00F06, A02501514F8517CB5A6CFE4352A3D0F864153470015589428A6B14477E791514 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:20:20.0630 0x0480  nvlddmkm - ok
22:20:20.0693 0x0480  [ 918841B2454F4F2BD94479692079490B, 16667315DE4EB5543E176273362791B157223E775ED1CF285330CC8195E0F1BB ] nvpciflt        C:\Windows\system32\DRIVERS\nvpciflt.sys
22:20:20.0724 0x0480  nvpciflt - ok
22:20:20.0771 0x0480  [ D6D34118263412D3AAA8348A9572B7F2, 66106A25BC5A4CA7697A23ED67CEDB5C0BF678EA70FD967A405D2DF76F4CA3A4 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
22:20:20.0849 0x0480  nvraid - ok
22:20:20.0865 0x0480  [ 27AFC428D1D32ABD04A86763A4EDDEA9, 0920866013A8C8CFEE00E6AECDD41736F5501C49837E2D785998734F087F6B98 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
22:20:20.0927 0x0480  nvstor - ok
22:20:21.0021 0x0480  [ DDFAFCE89A5C93D04712B86F94E9FCBA, 377303D4CAC9E3AD5B58894CF7AECDA4FCD3D721568BE8BACC0A897A0956919A ] nvsvc           C:\Windows\system32\nvvsvc.exe
22:20:21.0130 0x0480  nvsvc - ok
22:20:21.0240 0x0480  [ CBF57D045F325D790D061B97F69E75D6, 18E38A1941F9B7B0A897BBA2A01B4EE15159C08105B5319EDD5D49AF067086FF ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
22:20:22.0724 0x0480  nvUpdatusService - ok
22:20:22.0771 0x0480  [ 051CFB5107BAAE510419BDC41F8C4036, 9990906F17A3886EF301D2AA6556263B52A1C0554C6BD18331AF44ECECAEE4B5 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
22:20:22.0834 0x0480  nv_agp - ok
22:20:22.0880 0x0480  [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:20:23.0099 0x0480  ose - ok
22:20:23.0146 0x0480  [ AB76700D764A342D7475FB8F47CAB18C, ECDF705D3E69EF6E7044C98A462A7281D0E7D0D85769C0815555D934B0B69C8D ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
22:20:23.0255 0x0480  p2pimsvc - ok
22:20:23.0318 0x0480  [ 4319FD931DCD796435ECB5DB4A04FBA5, 20185B2F359EEC202B37019A4E4F5B914ADCF78B97AF0CBD91EECED2259FC6DE ] p2psvc          C:\Windows\system32\p2psvc.dll
22:20:23.0427 0x0480  p2psvc - ok
22:20:23.0474 0x0480  [ 4563DAF8C6A740AD7F501E219BD10766, 7A1212DDAE2D66A9C2041262796904E36036CDC4C5B75C2F66B8DF9D89F7C25D ] Parport         C:\Windows\System32\drivers\parport.sys
22:20:23.0552 0x0480  Parport - ok
22:20:23.0584 0x0480  [ D6ACCF9F2EEEEA711C14EFD976E573F3, 60D2A81832A8D24F91C3EF134440D5026354917F59462BACBCE7A01D84767D91 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
22:20:23.0631 0x0480  partmgr - ok
22:20:23.0677 0x0480  [ 19E41F140A6ADBD38943710DA7FF0E38, AF9FDBEB0E519B7EA034C76077E514FE27138204E9874F4DDEA0B1CB26A45BA0 ] PcaSvc          C:\Windows\System32\pcasvc.dll
22:20:23.0771 0x0480  PcaSvc - ok
22:20:23.0818 0x0480  [ 4A003E8F718C1E6A2050CA98CD53E3E2, BCC3BE1EC3FA4967353371D85094D096940A7B5944A6FFCA31E8FBE83D92CC6C ] pci             C:\Windows\system32\drivers\pci.sys
22:20:23.0865 0x0480  pci - ok
22:20:23.0896 0x0480  [ F9908D274D458220F91E89B54D78D837, 1E89ABFA6B375383E0297CEE5AF66E37F90E16DD21ABA5C91777A86CDF013B4D ] pciide          C:\Windows\system32\drivers\pciide.sys
22:20:23.0943 0x0480  pciide - ok
22:20:23.0974 0x0480  [ 84D19CB6102627932DCB5DFDF89FE269, 2F9C47E076645B35877D9ACA77968EFFCDA8794D76265CD9A4AAA239C4B33C5F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
22:20:24.0068 0x0480  pcmcia - ok
22:20:24.0084 0x0480  [ CEBBAD5391C2644560C55628A40BFD27, 8AAA6EBD8D89FC91AECCCF1452F53C5650A1A17027FF4E64D224371404CE4C8B ] pcw             C:\Windows\system32\drivers\pcw.sys
22:20:24.0131 0x0480  pcw - ok
22:20:24.0162 0x0480  [ 0698DEDEAD6A00AD0D468C687D830FBF, B9DCA1A61F2EF80DB26380F390F2E9A17114D33129D61CF465B949B6A7916CAA ] pdc             C:\Windows\system32\drivers\pdc.sys
22:20:24.0193 0x0480  pdc - ok
22:20:24.0271 0x0480  [ 61FE70659CD43E07F94DA4DC31DEC493, 3739B6670B440173FD81DE3D47B0B90FAF296802AD4F57C05BF5CF191BF16022 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
22:20:24.0381 0x0480  PEAUTH - ok
22:20:24.0443 0x0480  [ EB88FA19F0EA05DD04BE9C5FFEEFFE1A, 459CF99D5243C4ACAA38C7B426ADC52F1044C759D06A925D475DF6213AEB85CD ] PerfHost        C:\Windows\SysWow64\perfhost.exe
22:20:24.0552 0x0480  PerfHost - ok
22:20:24.0693 0x0480  [ 6E84BFF58F7643499277F29DFA2F8C8D, 401CCF137F35D9690C7B56B2BFEDB2DB72709EBE38626D787904B67640EF6F14 ] pla             C:\Windows\system32\pla.dll
22:20:24.0896 0x0480  pla - ok
22:20:24.0927 0x0480  [ 799BE46D45D486704CE0F37CA5385262, BB78DEE83B9DB613B1C083D55FAA458BE3E394AED80EB91B599185A7272F33B3 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
22:20:24.0974 0x0480  PlugPlay - ok
22:20:25.0006 0x0480  [ 8E2414E818C26C4A9C70CB2B8567F04F, A16B22AE143BA070C562FBE5DEF32F7E228F50B302B66E46B46C44C0F50A4461 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
22:20:25.0068 0x0480  PNRPAutoReg - ok
22:20:25.0115 0x0480  [ AB76700D764A342D7475FB8F47CAB18C, ECDF705D3E69EF6E7044C98A462A7281D0E7D0D85769C0815555D934B0B69C8D ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
22:20:25.0177 0x0480  PNRPsvc - ok
22:20:25.0224 0x0480  [ 0108C8E5176D590F242701EF5A62CC26, 3A72F5D4402663B7445F6B3C55F01E83A619B6192F7D3CC2DE3C57F9F50D5A2D ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
22:20:25.0334 0x0480  PolicyAgent - ok
22:20:25.0365 0x0480  [ F1E067F56373F11EA4B785CAE823740A, 69BD30E64DA17595FF29C9C9FF9AD4F2F4BE29B688FBAC9DABB2FA9D13A47FF0 ] Power           C:\Windows\system32\umpo.dll
22:20:25.0427 0x0480  Power - ok
22:20:25.0459 0x0480  [ 362D47E5B4D67270DE4B8606036F4ADD, 716E229C68D91AEA5B5629F60133D5CBDC0C95ABA54D9DC6264E923CAF4DC6C0 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
22:20:25.0521 0x0480  PptpMiniport - ok
22:20:25.0740 0x0480  [ C2D3B3D0060619D5E03E696BD56FF59F, 155954F16B6F9B51BA16F43F1AE6F977B1EC4DE77862C6F6C722293189BE0DD2 ] PrintNotify     C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
22:20:26.0006 0x0480  PrintNotify - ok
22:20:26.0053 0x0480  [ DD979EB6A7212F60E4AFBE96EDC7AE6D, BC681D64C5B8F08FD4613D71111853FCD5B05E4BD127D2C6258BAED7627105BE ] Processor       C:\Windows\System32\drivers\processr.sys
22:20:26.0146 0x0480  Processor - ok
22:20:26.0178 0x0480  [ 429E8502AD2227CF88F8840FC5BD590D, A186DA46C083580ACEDE9C7E3156865034302CD803140EEEC8E1DE16DA4BC99B ] ProfSvc         C:\Windows\system32\profsvc.dll
22:20:26.0256 0x0480  ProfSvc - ok
22:20:26.0287 0x0480  [ EB8034147D4820CD31BFCB11A2A652DF, B10B5E16B7A05D2DB2D5D1945B6146DE15EEDE2C778772A59F104706B5145E46 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
22:20:26.0381 0x0480  Psched - ok
22:20:26.0428 0x0480  [ 0AFBF333B6F87A2F598EAB379AF100B8, D11F3A4D7E4463B62E2DBDE5FC61425B1FDFB07DD1A19BC001D479CA1F554510 ] QWAVE           C:\Windows\system32\qwave.dll
22:20:26.0521 0x0480  QWAVE - ok
22:20:26.0553 0x0480  [ 13D47BB0CCA2FC51BD15F8E85C6A078E, EA832A9511007C9E8599C3066E1FA66BE869E8A27886D9A9AC590BD4DFBD1A15 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
22:20:26.0615 0x0480  QWAVEdrv - ok
22:20:26.0646 0x0480  [ 873C60F8178100557740A832FCE10B5F, 400EF60CB2C98E2AFE122AF3D01CCE56A1548AF865345EE2194AB74DBCBF4C48 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
22:20:26.0709 0x0480  RasAcd - ok
22:20:26.0740 0x0480  [ 69B93F623B130976243ECA3D84CC99CA, F27617E651EADFAEE479619AAB01CDAA98111BA63E204D5C44A1256732CB0100 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
22:20:26.0803 0x0480  RasAgileVpn - ok
22:20:26.0849 0x0480  [ 005F6E54C4A2DA4EBF68FB0392CE8BB0, 2F3C90A04964D4D906238BD557D90F7AC05DF86FE9729C4378B39431F54DDAE3 ] RasAuto         C:\Windows\System32\rasauto.dll
22:20:26.0943 0x0480  RasAuto - ok
22:20:26.0959 0x0480  [ A14D625C5AEE5FFE0F47D1A1D419FAAE, 1229B81C23340AD5B436B1FD227876EB41715CE6BD270BA367F18879D26B8F04 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
22:20:27.0037 0x0480  Rasl2tp - ok
22:20:27.0084 0x0480  [ C923C785A2DE0B396AD6D13ACAFF2DE9, 4F950DA776FBABEC7D546983D6F3018733F61268A4BF95C01D4836AD000BD073 ] RasMan          C:\Windows\System32\rasmans.dll
22:20:27.0178 0x0480  RasMan - ok
22:20:27.0209 0x0480  [ 00695B9C2DB6111064499C529E90C042, 3CD4DF4D8001C2BBF52EEEB1F0D587209878BEAC339D268892477AD840D490F1 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
22:20:27.0287 0x0480  RasPppoe - ok
22:20:27.0303 0x0480  [ A7F24D8CD1956B0A1FDCB86CC5114DE4, 30489D235362DF62B105378597168B13F4BAC74A8EDDBDA25237E3C017B69FEE ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
22:20:27.0381 0x0480  RasSstp - ok
22:20:27.0428 0x0480  [ CA03D642ACE58E1BA54E4B383F91CD69, 39BB942603801CF11FBEA28E24F8C8D1EF2AF615D1FABF951683A015D6A6EF37 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
22:20:27.0521 0x0480  rdbss - ok
22:20:27.0568 0x0480  [ CA7DF5EC95D8DE0DD24BE7FF97369F68, 153E6F716CA935DBCACB8FF1BB8DE5F5551CE3D18878225470E45893CA69BDB8 ] rdpbus          C:\Windows\System32\drivers\rdpbus.sys
22:20:27.0631 0x0480  rdpbus - ok
22:20:27.0662 0x0480  [ B2A3AD74FF2E2FFA73AF2567108231B3, DF8CEA6215F75C634D56F6B8AE11ECCEEB5F8CBC091AC3D6D9F7DE214B00A439 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
22:20:27.0740 0x0480  RDPDR - ok
22:20:27.0787 0x0480  [ 57F4787E4602A3FCA719C0A33137C6DA, D03AE59A184EB5D126F8EAB9D36EE406ABB8B9ED834F2D2496DDB1349FF56F89 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
22:20:27.0834 0x0480  RdpVideoMiniport - ok
22:20:27.0865 0x0480  [ B3CB0721E81E30419CE7D837EF4EA151, EC9410818661BF77E4A19694E3A3030E1D983B36F49C72E27F92A1424E0729C2 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
22:20:27.0943 0x0480  RDPWD - ok
22:20:27.0974 0x0480  [ 62C1F8A0685FE07E998AA296C4F697C4, C636AB2D0F139003A6AD7A12E9DC13EE4485A62F30DA59AF842FF02FE07442EE ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
22:20:28.0037 0x0480  rdyboost - ok
22:20:28.0068 0x0480  [ 3663CCF243EE0C04E9F6F91ED1737273, 31D06445996F99A7F6B32004D1BA63A21C61DE125373F860BA9A9DE5278E8293 ] RemoteAccess    C:\Windows\System32\mprdim.dll
22:20:28.0162 0x0480  RemoteAccess - ok
22:20:28.0193 0x0480  [ E80DD61E52EDFFF9DA1ED7260A68855B, 97909F42AE35E28B8F98C01A1D8BAD80A949CDCA0C88FB4ACF0A655DC7C10E45 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
22:20:28.0303 0x0480  RemoteRegistry - ok
22:20:28.0350 0x0480  [ CCBFCABDFE2BC22F0645CEAADDB36004, 279EA9075079F91165027CEFD4FBC61A213CA602EE7DE106F7D2D243468706AA ] RFCOMM          C:\Windows\System32\drivers\rfcomm.sys
22:20:28.0412 0x0480  RFCOMM - ok
22:20:28.0443 0x0480  [ 73F2E030B5C24E4E41401B5F0D59E6FD, FAA8B5E3159684E0836900C6EAF63857B445F7F180169B56D5790F097EDAA38B ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
22:20:28.0537 0x0480  RpcEptMapper - ok
22:20:28.0568 0x0480  [ 10B21284B3D964AB3DC45490E57D422E, 12D5E3A7785F21C99C5EAD14A88EB7A86A058E26C091991339356D99D196CC13 ] RpcLocator      C:\Windows\system32\locator.exe
22:20:28.0631 0x0480  RpcLocator - ok
22:20:28.0709 0x0480  [ 1EC6E533C954BDDF2A37E7851A7E58FD, C25936A7465B6A2B3D05D2FCB09D91ACC07CFE038A5E968C99CFA9D9F2967DD4 ] RpcSs           C:\Windows\system32\rpcss.dll
22:20:28.0803 0x0480  RpcSs - ok
22:20:28.0850 0x0480  [ 7B386B880EDAD12C5102B448E2A3127C, 9B7906AA6F043533B8665012445D63733C703DB77EAAEFB5985C32437A03D56F ] RSBASTOR        C:\Windows\system32\DRIVERS\RtsBaStor.sys
22:20:28.0928 0x0480  RSBASTOR - ok
22:20:28.0959 0x0480  [ E04E770DD198B9399640717145E79EBF, 2F9BECB7E4B0A522C6370FD39CFD7DFD3FB5D0A779AECCED2EE855629FA3C952 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
22:20:29.0021 0x0480  rspndr - ok
22:20:29.0084 0x0480  [ 34DA0D14F5C3F1883A331AFB975AB434, BB5D580C1DCAE59CC1DB75C411A5A4DDF435931469E7EBFF5DFDADBFE07ADEBF ] RTL8168         C:\Windows\system32\DRIVERS\Rt630x64.sys
22:20:29.0209 0x0480  RTL8168 - ok
22:20:29.0240 0x0480  [ 752EC7DCD2F96871A3857EEE6AFE965A, 1D0640966B9147A06ED0E733711773E6B4AB8AC6D962D5B369ECB04170D18AD8 ] s3cap           C:\Windows\System32\drivers\vms3cap.sys
22:20:29.0287 0x0480  s3cap - ok
22:20:29.0318 0x0480  [ F1DA34D64F2BA200D28A7451804E2FEE, 8BDF328F18F1EB58AC0E383ABA7985BA69EA9622B262CD524E3390FDE824DEEB ] SamSs           C:\Windows\system32\lsass.exe
22:20:29.0365 0x0480  SamSs - ok
22:20:29.0428 0x0480  [ 987704F962C0C4FD00A6A46492F5F26A, 9967F9A8776047EA8222A16291234AC3D8FC3D3EA2998BC1E2F7D2E8FCD104E8 ] SAVAdminService C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
22:20:29.0537 0x0480  SAVAdminService - ok
22:20:29.0553 0x0480  [ 2192AE4D310ADB821B38595150F5A384, 6302713E974BDEEECF047E7D7EF1B19F5D8937A728F6F19B14A77C025F42B43B ] SAVOnAccess     C:\Windows\system32\DRIVERS\savonaccess.sys
22:20:29.0615 0x0480  SAVOnAccess - ok
22:20:29.0646 0x0480  [ 1B7CD145B1760EC6FA0D7F07FF44C612, CC62258627911EDFE9DA8611B59DB12EF5DB2B3CE38791CD81F8A8EAFE8F6A29 ] SAVService      C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
22:20:29.0740 0x0480  SAVService - ok
22:20:29.0771 0x0480  [ 9C7B28CE0D136DB226E24DB3BC817F92, E9DE55D6432ADD08EC75F99F2B5D2BD1F553F4EE55991B1767B1578351EE0BF2 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
22:20:29.0850 0x0480  sbp2port - ok
22:20:29.0881 0x0480  [ 14316954FCE79C9DE5A0AFF9D42C83AA, B60FB1FAC0299F9560761411711E86EDFA2F8D27B58230E2E4BB37736FAB2287 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
22:20:29.0975 0x0480  SCardSvr - ok
22:20:30.0006 0x0480  [ 5D7733A12756B267FCA021672B26BC9E, 01CE5B5F49914B9E099BD909A66296F3A40644AE47BA1D5EBFFB30CD33C70A4A ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
22:20:30.0068 0x0480  scfilter - ok
22:20:30.0178 0x0480  [ ED40ED9A65F3E79A8C43DD50C5FDADBF, 2323BFAB1BC3D661A376650B7AC14C7780C92BA575DA048F3C7611CDB3F7F04A ] Schedule        C:\Windows\system32\schedsvc.dll
22:20:30.0334 0x0480  Schedule - ok
22:20:30.0365 0x0480  [ BAF8F0F55BC300E5F882E521F054E345, FB228DB18F2FA55D8BA35A7E6778EE5D2EB0C29D384F1A0A868F90AE706188D7 ] SCPolicySvc     C:\Windows\System32\certprop.dll
22:20:30.0428 0x0480  SCPolicySvc - ok
22:20:30.0475 0x0480  [ F58B030A0664385C707B8C1C63682041, E46AADAA2CD687B9A4B564DC5B002493C8480542588E660BC3DF89EAF9DB0427 ] sdbus           C:\Windows\System32\drivers\sdbus.sys
22:20:30.0537 0x0480  sdbus - ok
22:20:30.0584 0x0480  [ 92968277ED491E4B3DDA361E3952361E, 71C50853BB2126A34C7CD014EE44D4B8B39F589E2E8E8E8F4C982E07498E3899 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
22:20:30.0662 0x0480  SDRSVC - ok
22:20:30.0693 0x0480  [ BB107AA9980B0DA4E19A3A90C3BD4460, BCB4CF0FFF1FD57302557B68044A88C8EEAAE57C2FEAE8EAD1F410F960298B6D ] sdstor          C:\Windows\System32\drivers\sdstor.sys
22:20:30.0740 0x0480  sdstor - ok
22:20:30.0772 0x0480  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
22:20:30.0850 0x0480  secdrv - ok
22:20:30.0881 0x0480  [ CD282626738B6BC92B6E7CD0AAE95B63, 1A56567C781786C85C63E24E79186EE5C82D3EB2679061B21BA0571A3A6CB7F5 ] seclogon        C:\Windows\system32\seclogon.dll
22:20:30.0943 0x0480  seclogon - ok
22:20:30.0959 0x0480  [ 9C51620998F0763039DFA6BF68E475ED, 9E496ADE7CE9A446BE8A2C2FC61B462D966778A94A4C147AABBD25C4821C2BCE ] SENS            C:\Windows\System32\sens.dll
22:20:31.0022 0x0480  SENS - ok
22:20:31.0068 0x0480  [ 0D50B4B860DAB65241628D04CD33ACAE, 2AA897C3F9ED076AB9244A32745D18489B076F3ED28A35B868C472131C5B5B46 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
22:20:31.0147 0x0480  SensrSvc - ok
22:20:31.0162 0x0480  [ 87C46B239A7EEF30FDFDD5E9BD46130C, F36FB5B20AC58FBD31F7E636059D2D865B751E178E51A03B94ABE0BBD1AB1EC9 ] SerCx           C:\Windows\system32\drivers\SerCx.sys
22:20:31.0240 0x0480  SerCx - ok
22:20:31.0256 0x0480  [ 7A1F9347C85FD55E39B8A76B3A25C5AD, 03AF3B23285278A38F4CBEAB7FD326A48FA1EC7F8D044C059CE5403C6D225639 ] Serenum         C:\Windows\System32\drivers\serenum.sys
22:20:31.0303 0x0480  Serenum - ok
22:20:31.0334 0x0480  [ F640A0A218BBF857F1D04A15D7D939F6, 948C13886281FE7947E10FB7B34D5CCFE512FB632F1132B6062AC85149F79950 ] Serial          C:\Windows\System32\drivers\serial.sys
22:20:31.0397 0x0480  Serial - ok
22:20:31.0412 0x0480  [ F1A5F56B2620B862CC28FF96A0A6DAAB, E5367212B2CADF3820D657CFC27CD961547E28DAB950C68E1380CF97FB68F3F4 ] sermouse        C:\Windows\System32\drivers\sermouse.sys
22:20:31.0475 0x0480  sermouse - ok
22:20:31.0522 0x0480  [ CB60A60340788C8D6DE2A269D28086AB, 2D8948E59BB9B00E16D20E425F80E7B862957DBAC9A4D1484E5191FAF333B60D ] SessionEnv      C:\Windows\system32\sessenv.dll
22:20:31.0615 0x0480  SessionEnv - ok
22:20:31.0647 0x0480  [ 7EE65419B29302C795714FF8073969A1, E28D89A5423E3A5062030EB2418E9435DD5D8B9D16570046E782D3FCFDA2E79A ] sfloppy         C:\Windows\System32\drivers\sfloppy.sys
22:20:31.0709 0x0480  sfloppy - ok
22:20:31.0756 0x0480  [ 090AE16F79C8EAD04E6031F863DA85F3, 3F27BE46DF602B53940414A6E9FEB23B36CFFB8E9A7F41440C3315B8E27D0029 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
22:20:31.0865 0x0480  SharedAccess - ok
22:20:31.0928 0x0480  [ A77F3ABE13FCC698511E5DEC7ACEBD5F, 78A43FDA9F770FD8BA107605DB44BC71D8B89D7E75560DA783AA6356C1873C15 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:20:32.0053 0x0480  ShellHWDetection - ok
22:20:32.0100 0x0480  [ 2560721D6F16D5B611C36A3A9D28C1B2, 15C30404902654ABA5DB5367FC5BD31343B12A3FC22B4BC5A26B09016447B5ED ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
22:20:32.0147 0x0480  SiSRaid2 - ok
22:20:32.0178 0x0480  [ 3AA8FDE1DBF65BB8B88B053529554A0D, 8060D946344D043D336F4735363C23C37C91A6DB3F81E575C267B2EC2BECB0EC ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
22:20:32.0225 0x0480  SiSRaid4 - ok
22:20:32.0272 0x0480  [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
22:20:33.0475 0x0480  SkypeUpdate - ok
22:20:33.0553 0x0480  [ E660156A4588A84305CB772FD2C0DB21, 9492EB6578D4A689945E1FC2440EFA77D461049CDB2D00A645969A71B7DA68E1 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
22:20:33.0615 0x0480  SNMPTRAP - ok
22:20:33.0662 0x0480  [ 8A12AB5DE877B8F97D5EE70E16A5C9B2, F9321B8EE9564E2D7E48EE77DB4122EEC2C7B1B2277CB0AA01258CDEED348199 ] Sophos AutoUpdate Service C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
22:20:33.0756 0x0480  Sophos AutoUpdate Service - ok
22:20:33.0803 0x0480  [ 69FBE35A8165ADBC313AA7F64B868CA1, 33C1EDACC7D804091ADD1BFF3FE916DF065A1BF038F344EF2A11FE01DE749510 ] SophosBootDriver C:\Windows\system32\DRIVERS\SophosBootDriver.sys
22:20:33.0850 0x0480  SophosBootDriver - ok
22:20:33.0912 0x0480  [ 9110193D93960E38B8692E4519C75D72, 789381B4CCC056EE431E78E2339AC9802264A1CE4B378DDA9769649664C9A7A0 ] spaceport       C:\Windows\system32\drivers\spaceport.sys
22:20:33.0990 0x0480  spaceport - ok
22:20:34.0022 0x0480  [ 3D8679C8DF52EB26EB7583A4E0A29202, DCD9B69299275857712AB200C014AE820C8A9F7E53C4A335A84518FBE4BB56BB ] SpbCx           C:\Windows\system32\drivers\SpbCx.sys
22:20:34.0069 0x0480  SpbCx - ok
22:20:34.0131 0x0480  [ 3F215BF2D4D8D6756298B25B579772C2, 744192D1635E5D296BFD399E870B70592202CEAF95C31C2D2B226A868D33A3FD ] Spooler         C:\Windows\System32\spoolsv.exe
22:20:34.0240 0x0480  Spooler - ok
22:20:34.0569 0x0480  [ 061A977C920FBE4BF71FF47C966DDDCA, 746516396B72E4ADB05D978C819CD45FE44EE194756F6DA50121D755439CA590 ] sppsvc          C:\Windows\system32\sppsvc.exe
22:20:35.0037 0x0480  sppsvc - ok
22:20:35.0115 0x0480  [ 0F1FCD575A03ABDE13FCA9D0ADE4DDA6, 61EEB1349489CB85204F1B4E398BE24EDC01FB914120C9DD0487F8EE1EDA055E ] srv             C:\Windows\system32\DRIVERS\srv.sys
22:20:35.0209 0x0480  srv - ok
22:20:35.0272 0x0480  [ 8504ADDE9C146C6295B16D13A0007560, 715E3752AE4A276FA8DAFA3B52B699C45D97E747CB25FE4AE307241D206319B7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
22:20:35.0397 0x0480  srv2 - ok
22:20:35.0444 0x0480  [ BB0F9E19C5CE4DC765B263E2A5561DE1, F7DBC96E049625E4312D8F588FCF2B4AC6318C04D04758982FE9B51DABEC2DAE ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
22:20:35.0522 0x0480  srvnet - ok
22:20:35.0569 0x0480  [ 7A20882D76D4A78240A5AC9F2C2EBA21, ACA05211EE542999A118BBD2CD051038A7DC8C40C4B8971DC6514BA90E90EC61 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
22:20:35.0647 0x0480  SSDPSRV - ok
22:20:35.0678 0x0480  [ 0211AB46B73A2623B86C1CFCB30579AB, 7CC9BA2DF7B9EA6BB17EE342898EDD7F54703B93B6DED6A819E83A7EE9F938B4 ] SSPORT          C:\Windows\system32\Drivers\SSPORT.sys
22:20:35.0725 0x0480  SSPORT - ok
22:20:35.0756 0x0480  [ D233B16999A8E626F6004BD7814C57EC, 5BBFE5DDF1269617ABD1BDBED85A79D99BB52EA29C2BB3A8F4A1827BFAA1A747 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
22:20:35.0834 0x0480  SstpSvc - ok
22:20:35.0866 0x0480  [ 4E85355B94CFCB67C135F6521A4895A7, AC4FC65C1E62A54B3834E7FE0A2B1ECC48A2AA563AE5BD508326EE68FFFBBEEE ] stexstor        C:\Windows\system32\drivers\stexstor.sys
22:20:35.0912 0x0480  stexstor - ok
22:20:35.0979 0x0480  [ BAC8A721736AECC55A4F71523AEAB65F, B52E1303B13A961A5FC190829E55B6F28ACA409A6EEF44B358D1D210558FE1D8 ] stisvc          C:\Windows\System32\wiaservc.dll
22:20:36.0057 0x0480  stisvc - ok
22:20:36.0104 0x0480  [ B240874B2CA0CD02E8CD11E140B14C57, 0FDBEE3DB644175A30065CAF020F375703ADC45A33221788C010F3111707FC25 ] storahci        C:\Windows\system32\drivers\storahci.sys
22:20:36.0167 0x0480  storahci - ok
22:20:36.0182 0x0480  [ F74DBC95A57B1EE866D3732EB5F79BE2, E4FE9D5CD0A385ACB60D5D5E8D969F26C3A6BC0C08FF0838DBE9CA106229C8DE ] storflt         C:\Windows\system32\DRIVERS\vmstorfl.sys
22:20:36.0245 0x0480  storflt - ok
22:20:36.0260 0x0480  [ 5337E138B49ED1F44CCBA4073BC35C20, 2B296973215E3865A56C46DC3D27F1460D96BC321558CE7A911B05B0E7BF397F ] StorSvc         C:\Windows\system32\storsvc.dll
22:20:36.0323 0x0480  StorSvc - ok
22:20:36.0354 0x0480  [ 543CD3CC0E05B8D8815E0D4F040B6F59, 4B57C9534E94A0A67FC82DBD4FAECACA180BEC281FB477550A37C0A04777E09E ] storvsc         C:\Windows\system32\drivers\storvsc.sys
22:20:36.0417 0x0480  storvsc - ok
22:20:36.0432 0x0480  [ 8BC1C1ED6EF9C985A3FAA6A72F41679A, 82CC77030D23013572B4A64A64B6156789F253BF56268B790093CE3D345410A0 ] svsvc           C:\Windows\system32\svsvc.dll
22:20:36.0528 0x0480  svsvc - ok
22:20:36.0544 0x0480  [ 4AFD66AAE74FFB5986BC240744DC5FC9, 0C9347614E3FD3B4D3B29FA4A5DA23FF6EE4CD9A1FFC378B855B8DE61B2876CF ] swenum          C:\Windows\System32\drivers\swenum.sys
22:20:36.0606 0x0480  swenum - ok
22:20:36.0809 0x0480  [ B3379659D773BFDD3B631F5FEE2FF2B3, AA53EE515BE2821CC30B35BFC18283627E7B8CEE4CDB2C33209B06AA75DA74A6 ] swi_service     C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
22:20:37.0762 0x0480  swi_service - ok
22:20:37.0997 0x0480  [ F6A5E474ED27BA7938A1D0CA19F7008B, ED82F6F67BAF823B979F078035981BBC4A44E81565284C52FCED2CFC3D94D358 ] swi_update_64   C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe
22:20:38.0263 0x0480  swi_update_64 - ok
22:20:38.0309 0x0480  [ 502F9488540051F3E6C39889ECFA76BB, 22ABD681BE4CF8A1F484C6363C1334B1EF7A6C074D837B0121DE1896887B84C6 ] swprv           C:\Windows\System32\swprv.dll
22:20:38.0434 0x0480  swprv - ok
22:20:38.0528 0x0480  [ A06CB9269D29EE3D0F3F5630ABB660B8, 519A01FC7D9414B26CCBC23E7FB1CEAF1C91CD173B4F4A4025F8316B7460C584 ] SysMain         C:\Windows\system32\sysmain.dll
22:20:38.0669 0x0480  SysMain - ok
22:20:38.0716 0x0480  [ 6FB88606C4A71E1BFAF97D63A676C673, D72F93A482E989ACA50F9647B7AD699A4656AEAACF377BB2B8CEBB094B748852 ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
22:20:38.0778 0x0480  SystemEventsBroker - ok
22:20:38.0809 0x0480  [ A6C06C45C44AD06C70AF8899AEC15BDC, AC2CCCDBA6B94BA85A6D41B47343193D175786D4ECF71AE9C7766ADD63A1273F ] TabletInputService C:\Windows\System32\TabSvc.dll
22:20:38.0888 0x0480  TabletInputService - ok
22:20:38.0934 0x0480  [ 88B7721AB551C4325036B25A34A2BF7B, 2817CC6294542524EC373A674535F913440736BEBE81233CA91D5ECD93620B02 ] TapiSrv         C:\Windows\System32\tapisrv.dll
22:20:39.0028 0x0480  TapiSrv - ok
22:20:39.0185 0x0480  [ 0E0C16EE82E2F4EBC2FBCA24C8F00D9E, F8B2A0257442E00C5D7C5A15BBD84194D0F0C071424656CA4B8EC850B6898D10 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
22:20:39.0404 0x0480  Tcpip - ok
22:20:39.0529 0x0480  [ 0E0C16EE82E2F4EBC2FBCA24C8F00D9E, F8B2A0257442E00C5D7C5A15BBD84194D0F0C071424656CA4B8EC850B6898D10 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
22:20:39.0748 0x0480  TCPIP6 - ok
22:20:39.0794 0x0480  [ 8F2A13A5DF99D72FDDE87F502A66F989, 2228C62ACDB4CBBFDD2BE705E604E0B9A8AEA7146F65F2D8B9B2A2FB49ACFAE1 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
22:20:39.0857 0x0480  tcpipreg - ok
22:20:39.0904 0x0480  [ 73DC722CE5DF26D7638CE2446F2655C7, 9B8E6F6DEA5E0C2AEAC24A31897D2E73F86EF44F1C25FEF82D2C860353793817 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
22:20:39.0982 0x0480  tdx - ok
22:20:40.0013 0x0480  [ F7C8AB5D8AFFAA318D6A21093D139BF4, 0A35052EF7DC8615783A23897358D8C579BE694363615C9563FF629E7B719991 ] terminpt        C:\Windows\System32\drivers\terminpt.sys
22:20:40.0076 0x0480  terminpt - ok
22:20:40.0138 0x0480  [ 541EE228D0DEF392F7B2DFD885DD021B, 594D6538FA4DB5EF4D130007D7C29051EC2EDCA39EBB119695B58E9CBB0EB728 ] TermService     C:\Windows\System32\termsrv.dll
22:20:40.0294 0x0480  TermService - ok
22:20:40.0326 0x0480  [ 519A6F672FFF56B7D8EE8C730CEC8ECD, 2B36F10C0AE16A261DC0887B1050808BA1F0568F3879E4ABC3D370F08C3FADB7 ] Themes          C:\Windows\system32\themeservice.dll
22:20:40.0404 0x0480  Themes - ok
22:20:40.0435 0x0480  [ EEE908BE7143FCA48CF0CB87214E2AB8, 4F9BD299F559DD36DBD93489CFAA753F236FBB70946E034D2E2260059AE20962 ] THREADORDER     C:\Windows\system32\mmcss.dll
22:20:40.0482 0x0480  THREADORDER - ok
22:20:40.0513 0x0480  [ 4515B9E4140F04FB3907692DF89FCA87, F68EC56524BDA877646E987BE7414C1D622BD9FF05A5AEADCA39030FDC2B0115 ] TimeBroker      C:\Windows\System32\TimeBrokerServer.dll
22:20:40.0576 0x0480  TimeBroker - ok
22:20:40.0623 0x0480  [ 9512B0ED87A530A786B4DDB97D22DB17, 79E9BBFCFDA31BE3CCEF5A76A65CBDAF3DDDFEAE6F9DC51079A64BE5DE48A2DB ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
22:20:40.0826 0x0480  TomTomHOMEService - ok
22:20:40.0857 0x0480  [ E94F7A7B48C7638D1F3F8089344C97B7, 276CDE59614D563A52529BCC4BFC726E5F5BE131C9C4142558A644D79328C810 ] TPM             C:\Windows\system32\drivers\tpm.sys
22:20:40.0920 0x0480  TPM - ok
22:20:40.0952 0x0480  [ 8C8CF3041B27E7657ADD0EE17F6DBFCA, A6846478B9E7B0A509E5A28C6C7B66ED39F0247F9AFF01E3C3CADC0DBEF3CA00 ] TrkWks          C:\Windows\System32\trkwks.dll
22:20:41.0014 0x0480  TrkWks - ok
22:20:41.0092 0x0480  [ 8ABBB5CE0C62E0A6D28F32F44B7F865C, 4C78FE2A4A25A758D5191C4EDB2A6FE691FF82E7C16C0F146DC96DAD87D4F64E ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:20:41.0155 0x0480  TrustedInstaller - ok
22:20:41.0186 0x0480  [ 4E7C5FB10A50435523DE0CAA37DE2BD3, D6206DF61950F2541FB754E57C4D9EF9FA0CC1EDD6F6FA4E45F02B47958493F7 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
22:20:41.0249 0x0480  TsUsbFlt - ok
22:20:41.0264 0x0480  [ 16D684A820872EE54F6370703AC0B513, 795E20484358424CE9FA766937DD99413025A8AF967D03490392E8E02A382D0B ] TsUsbGD         C:\Windows\System32\drivers\TsUsbGD.sys
22:20:41.0327 0x0480  TsUsbGD - ok
22:20:41.0405 0x0480  [ 41A3F69FBB7CA37A3FC5CD8EF424F199, E83A0E3AF39377C770DE2F2364E45C3F4B52AA2A6A14CC2C37DF7826227611E2 ] TuneUp.Defrag   C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
22:20:41.0546 0x0480  TuneUp.Defrag - ok
22:20:41.0655 0x0480  [ EBA3ABFFDADA40A2B590ADEF1A24CA24, 4EB33A975C557DCC9AA818243F332E02A08350C8930D9B1B75B952DEE143D5B0 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
22:20:41.0842 0x0480  TuneUp.UtilitiesSvc - ok
22:20:41.0858 0x0480  [ DCC94C51D27C7EC0DADECA8F64C94FCF, 90C978C2284C9BDE3EFA1124616D824E0C361C388293FA22DBC8C3B70C920574 ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys
22:20:41.0905 0x0480  TuneUpUtilitiesDrv - ok
22:20:41.0952 0x0480  [ 78C9EE193AC2B4CBDBC48B620314D740, 41523E47D321BFF5778F5E453545B928C0A469C3BBA51578E74D6721D7DF9273 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
22:20:42.0030 0x0480  tunnel - ok
22:20:42.0046 0x0480  [ 6D4F67CA56ACA2085DFA2CD89EAFBC1A, AA7DA2207C0236F47859A4791F9D7301E7ADB50A59D831DC859ECC7CA70D3E1D ] uagp35          C:\Windows\system32\drivers\uagp35.sys
22:20:42.0108 0x0480  uagp35 - ok
22:20:42.0139 0x0480  [ 6FD6D03B7752C78712E5CFF29A305026, F09C5188AAFCF4C77B05BA1E604F9912782A9F1371F72F959288EBC2725407ED ] UASPStor        C:\Windows\System32\drivers\uaspstor.sys
22:20:42.0186 0x0480  UASPStor - ok
22:20:42.0233 0x0480  [ 061BA3EE0D2BE17944990544008CF190, C9236D368EC2281B545E8C008BC2801F21A9716ED3D4DAEDB0751A5008346E81 ] UCX01000        C:\Windows\System32\drivers\ucx01000.sys
22:20:42.0296 0x0480  UCX01000 - ok
22:20:42.0342 0x0480  [ 25C50F4EDF70D0A831E0566BD181CCF2, F2F9E86FB5617C16077D2073EC0AA747F76F1EB5148BA110347A84F3C3569F83 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
22:20:42.0436 0x0480  udfs - ok
22:20:42.0468 0x0480  [ FB3475FEA1CCB0DAEA1EBE44D0E3BB7D, 16DE6E0894C356A58AF12BEC2FE9B188F147DD4B16CB2414DE600CE4127F929D ] UI0Detect       C:\Windows\system32\UI0Detect.exe
22:20:42.0546 0x0480  UI0Detect - ok
22:20:42.0593 0x0480  [ 07FEBCDF24FABA0D47B635D85A0FFB7A, 452C04B14681EBCE8B1B25B75A1B7CC978722B7DDE54D624E17841B14ACCF65D ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
22:20:42.0639 0x0480  uliagpkx - ok
22:20:42.0655 0x0480  [ 02CEB3FE6152668A7BA420B93B664860, 613F27540FD1EFE2442E326F507DACD5A25691C8481937022B7E1104F3E6E9E2 ] umbus           C:\Windows\System32\drivers\umbus.sys
22:20:42.0718 0x0480  umbus - ok
22:20:42.0749 0x0480  [ 991EE6B5FC41EAEF99C8AF5B92F2CA09, 30AAD7D18FF5962CEC7180359D148EED5A1BF193DDB2B34508897FC3EBA692C3 ] UmPass          C:\Windows\System32\drivers\umpass.sys
22:20:42.0796 0x0480  UmPass - ok
22:20:42.0843 0x0480  [ 43FEFB040A0CC30F795FBF544169594D, F2A730C0F7C883321C378D4564120A40428D7F8E393F02C8D6A08934795A35C7 ] UmRdpService    C:\Windows\System32\umrdp.dll
22:20:42.0921 0x0480  UmRdpService - ok
22:20:43.0030 0x0480  [ E1A119AD21F5AFE22EB516C549306D3D, 48769D5E7A78B7A2C00F1F6798AC133CF3E0B2C76F71D3719BD741DDD8F2D229 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
22:20:43.0124 0x0480  UNS - ok
22:20:43.0186 0x0480  [ 14D22C411854AA2560AFC94CD2D5E61F, BB376734733671C02319E6DB1800D41212694446FD65465498C92D4ECBFE7458 ] upnphost        C:\Windows\System32\upnphost.dll
22:20:43.0327 0x0480  upnphost - ok
22:20:43.0374 0x0480  [ C976C4306F9AE133D6BBD47FDFC3BF92, 820413D92D6A89055A7F26523BF5CC4B668610C4A06E8B0D163FBF929B1DFA9A ] usbccgp         C:\Windows\System32\drivers\usbccgp.sys
22:20:43.0436 0x0480  usbccgp - ok
22:20:43.0452 0x0480  [ 427B6DB8C05A5A977E8C3525370A2595, C67222CA9123AE12D953995326B3B582C146CEA89594B7209DB0B1F628A0118D ] usbcir          C:\Windows\System32\drivers\usbcir.sys
22:20:43.0514 0x0480  usbcir - ok
22:20:43.0561 0x0480  [ B24FDEB1B18496F1B463782235AA3AF1, 3F5036F36987C8007D03DAFC3EC30615515BE96D9A1DF879BCD4EB0E66CD50B1 ] usbehci         C:\Windows\System32\drivers\usbehci.sys
22:20:43.0608 0x0480  usbehci - ok
22:20:43.0671 0x0480  [ F8C2A832DF9403F5EA8080CBDBDA95FB, 50E9455465672BC13EB945BEC132D2F30BA2EB25C68928D2B4C256F2DB292A83 ] usbhub          C:\Windows\System32\drivers\usbhub.sys
22:20:43.0780 0x0480  usbhub - ok
22:20:43.0827 0x0480  [ E5F7328B1D29BCE791862CD3C0DD382A, E520D75CA6E4EDB06F576D97FB6B7CFD46A3EF3A3AC881537DE3BB8C862FE8C3 ] USBHUB3         C:\Windows\System32\drivers\UsbHub3.sys
22:20:43.0921 0x0480  USBHUB3 - ok
22:20:43.0952 0x0480  [ 325F6179009B5A7F6118951A5BA422AB, 756CB2893530485E8C3ACFF5A40F4C6EB446E72B2296E8772058E407A5E066DE ] usbohci         C:\Windows\System32\drivers\usbohci.sys
22:20:44.0014 0x0480  usbohci - ok
22:20:44.0046 0x0480  [ 9FDBA6982582A6F2354144980F641E7B, 054A65412CB22C5BE970FD3A266E140110D869B614B9F9894628D553CE82C991 ] usbprint        C:\Windows\System32\drivers\usbprint.sys
22:20:44.0124 0x0480  usbprint - ok
22:20:44.0124 0x0480  [ AD91D1BBE5D3CF4501887DC1C09384FD, ED9E27CD1D52401087427EC20E389FBE2497193483C2E53E8DE5D70DACF5D928 ] usbscan         C:\Windows\System32\drivers\usbscan.sys
22:20:44.0186 0x0480  usbscan - ok
22:20:44.0233 0x0480  [ BFC7FE4AAEB61317A921871B4085EF4B, CBC3FBAEAD6C82A437CC87A97007EF807C64053AB8FA5C3233C2A0CF6FC8D019 ] USBSTOR         C:\Windows\System32\drivers\USBSTOR.SYS
22:20:44.0296 0x0480  USBSTOR - ok
22:20:44.0311 0x0480  [ 1ABF657259DB57F7E5558E4DF1357C0C, 34EAF5DEA3293CFA96BA81B036305FD90ABAE05B9CB73D4F54FB236448C1978C ] usbuhci         C:\Windows\System32\drivers\usbuhci.sys
22:20:44.0374 0x0480  usbuhci - ok
22:20:44.0421 0x0480  [ 9EF7C01D3ACCBC243B5CB1A95865B2FF, 367A7640B4992E68EB3E1BBD78D3014742F4CC4056750E389048C653251DAD33 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
22:20:44.0499 0x0480  usbvideo - ok
22:20:44.0530 0x0480  [ 8DC398D7B8E02C929A2096E74A170970, 87B3CE84D05F50C33935B28F0AFF1CB15DAA4530768BA1FB25C311609CD4B0A5 ] USBXHCI         C:\Windows\System32\drivers\USBXHCI.SYS
22:20:44.0608 0x0480  USBXHCI - ok
22:20:44.0639 0x0480  [ 9AD9560606A3049CE492E3A06FB12716, D154976648BC3F6B3E3B8E055ECF18C6BE93359B3F679D9BFC5430E4746CB52E ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
22:20:44.0686 0x0480  usb_rndisx - ok
22:20:44.0718 0x0480  [ 9AC0C072FD7EDE138842BEF7DA73B0E6, AD4E053B47111FFDF9CEE8AD183A8833E04879DB78592E59F2AF74545BD59EB7 ] UxTuneUp        C:\Windows\System32\uxtuneup.dll
22:20:44.0780 0x0480  UxTuneUp - ok
22:20:44.0796 0x0480  [ F1DA34D64F2BA200D28A7451804E2FEE, 8BDF328F18F1EB58AC0E383ABA7985BA69EA9622B262CD524E3390FDE824DEEB ] VaultSvc        C:\Windows\system32\lsass.exe
22:20:44.0843 0x0480  VaultSvc - ok
22:20:44.0858 0x0480  [ BACECBFF9C97F7627A60B0E0F1FE7EE8, DC82F767D066B93A48A090DC7146EBCCDC54B43C6CD9DF29A160E09E3A531DC8 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
22:20:44.0905 0x0480  vdrvroot - ok
22:20:44.0968 0x0480  [ 1B4488988E5E7512E6C5CD1255E9E973, B82C26E767A8895CFFD76C11D07D5C945C38E1BD32CC27D20A6C0FA7F6064FC5 ] vds             C:\Windows\System32\vds.exe
22:20:45.0077 0x0480  vds - ok
22:20:45.0108 0x0480  [ 74FA2D4368DE6F6CE14393EDF1F342BE, C5CE4164B2C3D583A7FB8687ADEADCDB08D36A5AB1965E5FC6949AEED15881C8 ] VerifierExt     C:\Windows\system32\drivers\VerifierExt.sys
22:20:45.0171 0x0480  VerifierExt - ok
22:20:45.0218 0x0480  [ 500BE6B2E49883720D0AE8BB859ED7A3, 4606B02A3E8123510676E554635EB5ECF9DC5F2B83928710C8563787C52CC102 ] vhdmp           C:\Windows\System32\drivers\vhdmp.sys
22:20:45.0311 0x0480  vhdmp - ok
22:20:45.0343 0x0480  [ F5B4A14B00E89250C50982AC762DDD1D, 581CD97DD42E74A82F06BFB827DFC82618B4A8667ACA7E93C628BB0D056CE8F0 ] viaide          C:\Windows\system32\drivers\viaide.sys
22:20:45.0390 0x0480  viaide - ok
22:20:45.0421 0x0480  [ 78DB50F7329F6D1311658DABFFFC8BE0, 8CB0C831608033C4BC1D2DA7FAA7D429333A3654E76A989F7AF85BFC5F086BE9 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
22:20:45.0483 0x0480  vmbus - ok
22:20:45.0499 0x0480  [ ECFEE2F2BA3932C7880D1A8F67D68F91, 57DCD55A518A9FBDEF72B511C643B1062C3F7BD339F4B0FC19E9D84C615B968D ] VMBusHID        C:\Windows\System32\drivers\VMBusHID.sys
22:20:45.0561 0x0480  VMBusHID - ok
22:20:45.0608 0x0480  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicheartbeat   C:\Windows\System32\ICSvc.dll
22:20:45.0686 0x0480  vmicheartbeat - ok
22:20:45.0718 0x0480  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmickvpexchange C:\Windows\System32\ICSvc.dll
22:20:45.0780 0x0480  vmickvpexchange - ok
22:20:45.0796 0x0480  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicrdv         C:\Windows\System32\ICSvc.dll
22:20:45.0858 0x0480  vmicrdv - ok
22:20:45.0890 0x0480  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicshutdown    C:\Windows\System32\ICSvc.dll
22:20:45.0952 0x0480  vmicshutdown - ok
22:20:45.0968 0x0480  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmictimesync    C:\Windows\System32\ICSvc.dll
22:20:46.0030 0x0480  vmictimesync - ok
22:20:46.0061 0x0480  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicvss         C:\Windows\System32\ICSvc.dll
22:20:46.0124 0x0480  vmicvss - ok
22:20:46.0155 0x0480  [ CB60FAAED8B49B812EBBF77EB87D9B18, ADA7C68D4C4981555ED48981E8B7ACBEEF5C39F902EB98782FC3DFF495FE0C33 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
22:20:46.0186 0x0480  volmgr - ok
22:20:46.0218 0x0480  [ A74101DA9809251BCD0E5A26BAE0F824, 15A3A7CC31A13C5882812C344D0937A8A4503D12DB07B9F7F2A8191B739CDBF7 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
22:20:46.0296 0x0480  volmgrx - ok
22:20:46.0327 0x0480  [ 78A5BBA3819FFFC62FFEC3E2220D102D, A95797B97D576374C2CDA8A09E6C51A89BADE428AAA89D5093579C85062E5874 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
22:20:46.0390 0x0480  volsnap - ok
22:20:46.0405 0x0480  [ A8DA1C1B52ECEA3726DEBED4FF1B700D, 75C024EC3858DF24FB82FE105BDD1E37900D53EFE9D72F42CDDFFD0742525586 ] vpci            C:\Windows\System32\drivers\vpci.sys
22:20:46.0483 0x0480  vpci - ok
22:20:46.0515 0x0480  [ 38A60CD9C009C55C6D3B5586F8E6A353, 7F7E2AE39F1A0A5245650911E310E0948BC22A18262A16FA76B44A042D66312D ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
22:20:46.0577 0x0480  vsmraid - ok
22:20:46.0686 0x0480  [ D0C69E44BC1E1D4AD290FD84104623D8, 4C86760EA4BD2A64FFD42D89284EC3E5048CB2F0F6F3B80D017B41C0D2456A90 ] VSS             C:\Windows\system32\vssvc.exe
22:20:46.0858 0x0480  VSS - ok
22:20:46.0905 0x0480  [ A0F6FE0FC2F647C22BBFD6BD4249DBCC, AC2F3C70EDCA0AFBB2606267DFE6D3E8E7B0772140153BAD6B0A9EDE6A1D2F29 ] VSTXRAID        C:\Windows\system32\drivers\vstxraid.sys
22:20:46.0968 0x0480  VSTXRAID - ok
22:20:47.0015 0x0480  [ 62460A45435A26A334907E3F2EA45611, FEF86E05117CC0AAB8211CA1542776EB620BD4699BD590D91F16621ED35B9824 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
22:20:47.0061 0x0480  vwifibus - ok
22:20:47.0093 0x0480  [ 095E943D27025E4D588AF0A72CC2318F, 3CE406A202F93EF8C4BC7317621A672670D734C69166393CA7256D5E5E667041 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
22:20:47.0140 0x0480  vwififlt - ok
22:20:47.0155 0x0480  [ 73FA1A41A97A5C34ADC03B3577FF1A86, CBA4BC0DA837C163587BBB4BF2AC1549C72440307C984D3CDF8995023718136C ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
22:20:47.0202 0x0480  vwifimp - ok
22:20:47.0249 0x0480  [ F690B6EEAA94576727B24376D7ED3601, A61EE96024C8FC4058481DFB1E7F0AD746565368672FA3B6BA8F9E23D0F47E4C ] W32Time         C:\Windows\system32\w32time.dll
22:20:47.0343 0x0480  W32Time - ok
22:20:47.0374 0x0480  [ 6B806E893714019969E2B50D7EF6A4D9, 38FE2B01082DC4C2A0C11A292016A727F48C3DF1293DC3A0216B2254A452263F ] WacomPen        C:\Windows\System32\drivers\wacompen.sys
22:20:47.0452 0x0480  WacomPen - ok
22:20:47.0483 0x0480  [ 61F6972FF9AC9A8D0B4D62076DC30051, 5A028036461534CA53CB2D6C1D720783D408A9F17FD77AB1ECDD75FBAD9F2381 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
22:20:47.0546 0x0480  Wanarp - ok
22:20:47.0562 0x0480  [ 61F6972FF9AC9A8D0B4D62076DC30051, 5A028036461534CA53CB2D6C1D720783D408A9F17FD77AB1ECDD75FBAD9F2381 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
22:20:47.0593 0x0480  Wanarpv6 - ok
22:20:47.0718 0x0480  [ 42DF22F8C448E7CD219F6D63743505E2, 063F4280C7BD20CE1360436B76A17DFE17FF611F75337A47373D098CC6C263BF ] wbengine        C:\Windows\system32\wbengine.exe
22:20:47.0874 0x0480  wbengine - ok
22:20:47.0921 0x0480  [ 31D37B2F6069C631EF0557D322924812, 6E18A1060F3C8F4BF220E286C44327866A8F9109E74928AA2D8C2DA9C452038B ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
22:20:47.0999 0x0480  WbioSrvc - ok
22:20:48.0062 0x0480  [ AF1349386D4C6786EF4E34FACEF15042, 6B33778409BC54C1955B92508ADDEBAFD629141961B71C94A91DC4CFE8391A13 ] Wcmsvc          C:\Windows\System32\wcmsvc.dll
22:20:48.0108 0x0480  Wcmsvc - ok
22:20:48.0171 0x0480  [ 5B5FEAB51172F5513C2CF7B39CFA6A01, 4FDAC5168E00D44781C6F5D98ECD4977A12663C5CE6FFDFF9DBC89A28D6212D8 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
22:20:48.0296 0x0480  wcncsvc - ok
22:20:48.0327 0x0480  [ E19556D414332E2BEBA1F368229006B4, AB3454EC85D7B6E62D44C4510C1547AE7F736558588E54B0E265F7B3A5810E15 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:20:48.0390 0x0480  WcsPlugInService - ok
22:20:48.0421 0x0480  [ B3A4D918DAB90505B6BC7B70632913CB, ECC19DCD7902C29D0682C70B9546CF8B82477A32147EE30EB6750D8499605B46 ] Wd              C:\Windows\system32\drivers\wd.sys
22:20:48.0468 0x0480  Wd - ok
22:20:48.0499 0x0480  [ 3772FF85F0098686B0DCD77076AE0786, 8B0221F6003C53856676FFD9CDCFF43DF29B410AB2F340C10BB858F0E6EC14CE ] WdBoot          C:\Windows\system32\drivers\WdBoot.sys
22:20:48.0562 0x0480  WdBoot - ok
22:20:48.0624 0x0480  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
22:20:48.0733 0x0480  Wdf01000 - ok
22:20:48.0765 0x0480  [ AB6F7DE8BFBF61A42F8764D9A621BD8B, DEFDC9FDC0B234403EE1339105B8D12B486D77B3BA01A703339B5DB8B95FA4D8 ] WdFilter        C:\Windows\system32\drivers\WdFilter.sys
22:20:48.0858 0x0480  WdFilter - ok
22:20:48.0905 0x0480  [ 240FC332484572227CD1DF82407F33E5, 5210549EC519DD3BCA6BBC995F01E1E3E0988580797E4BD1433F429E0CB30412 ] WdiServiceHost  C:\Windows\system32\wdi.dll
22:20:48.0983 0x0480  WdiServiceHost - ok
22:20:48.0983 0x0480  [ 240FC332484572227CD1DF82407F33E5, 5210549EC519DD3BCA6BBC995F01E1E3E0988580797E4BD1433F429E0CB30412 ] WdiSystemHost   C:\Windows\system32\wdi.dll
22:20:49.0062 0x0480  WdiSystemHost - ok
22:20:49.0093 0x0480  [ 9B1384CE8E681D2D77BB3524B8E86311, BDEF9D0A79A7C26A88088A306F91632F300E587736CDD2C64717EC54DD6E89FF ] WebClient       C:\Windows\System32\webclnt.dll
22:20:49.0202 0x0480  WebClient - ok
22:20:49.0233 0x0480  [ 35FD720943D4FCD75C3275BF062FF140, 9D8345E6DE1AE23F93AD0B52D27D1CCFD69EF7EE50654F92CA999BEC4570A773 ] Wecsvc          C:\Windows\system32\wecsvc.dll
22:20:49.0374 0x0480  Wecsvc - ok
22:20:49.0390 0x0480  [ 4D2612E3C462B68F499D840B1133263E, 4DDAEB4480AEC31A8184838588E0D3DFA31CE6D2FA6E906926860C75F52DC7B7 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
22:20:49.0515 0x0480  wercplsupport - ok
22:20:49.0562 0x0480  [ 5F70EBFC1F75B487DE79501E3CCBDB54, 2FCA57BF60A43B03BB42FBF22BBFC19AD2266FBBD818494AD114125E6E433321 ] WerSvc          C:\Windows\System32\WerSvc.dll
22:20:49.0609 0x0480  WerSvc - ok
22:20:49.0640 0x0480  [ 44BB9C31E6242C4BD1CE7C2B440C2533, E603BB001028918B687818E930340008C752679B133037367A8A8E41DA559FFE ] WFPLWFS         C:\Windows\system32\DRIVERS\wfplwfs.sys
22:20:49.0687 0x0480  WFPLWFS - ok
22:20:49.0734 0x0480  [ 60E0C220593DA4F7C289CB909D2DBAE0, 057CA7727F748600CC155043081AB9E3244763CF4913F317D13226A515F6FDB6 ] WiaRpc          C:\Windows\System32\wiarpc.dll
22:20:49.0812 0x0480  WiaRpc - ok
22:20:49.0843 0x0480  [ A3C7624A42A3447EF5EDD1ED37FE4E60, BD8BDF0A571873FA8277878AF7AED11196CFF1B4DF1EA6BA13BD4887D7B63B94 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
22:20:49.0890 0x0480  WIMMount - ok
22:20:49.0921 0x0480  WinDefend - ok
22:20:49.0999 0x0480  [ 7911470B6018059A880469A63B65700A, 4B6131491A028FBCA54AC261112D183EFD42E98160545C8E8DFBDA01C87B3FB5 ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
22:20:50.0109 0x0480  WinHttpAutoProxySvc - ok
22:20:50.0171 0x0480  [ 3D6B518B71C75C8FA4115A33615C107A, ED7A266013D29D3B1A462464735C3632BEA121D1B32553907AEAA0B00595C3DF ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
22:20:50.0249 0x0480  Winmgmt - ok
22:20:50.0452 0x0480  [ 8E212A627F33F6FC3B5F3BB47212F66E, 9BBFE26ABFA14F346FE3711D13D959523EEA23608A33C16F3D750D66CA511911 ] WinRM           C:\Windows\system32\WsmSvc.dll
22:20:50.0796 0x0480  WinRM - ok
22:20:50.0827 0x0480  [ BB20956C424531003F7FA6CD36F11D5D, 2C55F1C7553A527A7C4C34E730BE943269AE23928731C64D3DC945E07AE1771E ] WinUsb          C:\Windows\system32\DRIVERS\WinUSB.sys
22:20:50.0905 0x0480  WinUsb - ok
22:20:51.0030 0x0480  [ 6351724B8FA0255C2DBD970297F00B93, A02F274479F9F32E30C75A5BD991B008B3CCB47D380D5870563EF918DAC5730E ] WlanSvc         C:\Windows\System32\wlansvc.dll
22:20:51.0202 0x0480  WlanSvc - ok
22:20:51.0343 0x0480  [ B330CE47FB74A6BE9A3FFFF4B3F64D9B, B76226808406D8B38DE2D3A8CCE633BB507022C8BAAA6C3DAD34204CC6CE1284 ] wlidsvc         C:\Windows\system32\wlidsvc.dll
22:20:51.0546 0x0480  wlidsvc - ok
22:20:51.0593 0x0480  [ E2A596CACFC6504306CDB7B593B90084, DF89CF57249553CE922C841F18B99A213185FA1099C053B9BB8C0F6E5BC3FEC0 ] WmiAcpi         C:\Windows\System32\drivers\wmiacpi.sys
22:20:51.0624 0x0480  WmiAcpi - ok
22:20:51.0671 0x0480  [ D113499052C5E541906B727779F0F959, 05FB51086C0A0CE3812A7E6098C5A454ECCFE8553669CFA715153564F2226DB0 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
22:20:51.0765 0x0480  wmiApSrv - ok
22:20:51.0796 0x0480  WMPNetworkSvc - ok
22:20:51.0843 0x0480  [ C6FF953D5D6F2EAE3B8883474D5076B3, 001CBB7FBC30209C892869258E5ABD3F0932886E156ECB10DCA599F6D32648BE ] wpcfltr         C:\Windows\system32\DRIVERS\wpcfltr.sys
22:20:51.0905 0x0480  wpcfltr - ok
22:20:51.0952 0x0480  [ A6ED163169876BFD2437E872FE2F1509, C13E8676800EEEF690F51C4DEA660B36C8734AE2CCAAC48054E10D74B98949B8 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
22:20:52.0015 0x0480  WPCSvc - ok
22:20:52.0062 0x0480  [ 3013658A4D327854BEEC4A08D9655194, C4CF5AA6A47CC55E7037B0BFE20AE0A6442ADDC5DEB89D6861C98C61851FA821 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
22:20:52.0124 0x0480  WPDBusEnum - ok
22:20:52.0140 0x0480  [ 0346CAFC181C91C6E2330332EB332ED6, D46F44C339399CAAE13CD71C53A169E95065208E07E5420DE00A4509D6CB056F ] WpdUpFltr       C:\Windows\system32\drivers\WpdUpFltr.sys
22:20:52.0218 0x0480  WpdUpFltr - ok
22:20:52.0234 0x0480  [ BC8B5CB336E63BB25EAD1CE8EDD34B81, A42759956EDCCC6D0688240AA4F833FB9CA132D42D2D901CDCBB24DCE1788C1D ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
22:20:52.0312 0x0480  ws2ifsl - ok
22:20:52.0343 0x0480  [ 012CFE7F0F95266F554EE3B91EE2128A, 866312F6BF7369BE686F1BA9F01311C99E95E268C6E63BE37C841F54F5AA0DB8 ] wscsvc          C:\Windows\System32\wscsvc.dll
22:20:52.0406 0x0480  wscsvc - ok
22:20:52.0421 0x0480  WSearch - ok
22:20:52.0609 0x0480  [ D4D04839F3DFAF09D94BAB1016F7A297, 944A41D251F522EE87189C1D01CF7EEE2C70BF4353BA4005C44F03DB485F843F ] WSService       C:\Windows\System32\WSService.dll
22:20:52.0859 0x0480  WSService - ok
22:20:53.0093 0x0480  [ F2463B2E9818D242B4F72B237E9BD545, 3ACD98FB3BD8E12E6A66390CF0ED88050AB90A5B888C1E55914D362E03A1EB93 ] wuauserv        C:\Windows\system32\wuaueng.dll
22:20:53.0390 0x0480  wuauserv - ok
22:20:53.0437 0x0480  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
22:20:53.0499 0x0480  WudfPf - ok
22:20:53.0531 0x0480  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\System32\drivers\WUDFRd.sys
22:20:53.0624 0x0480  WUDFRd - ok
22:20:53.0671 0x0480  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
22:20:53.0749 0x0480  wudfsvc - ok
22:20:53.0765 0x0480  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFWpdFs       C:\Windows\system32\DRIVERS\WUDFRd.sys
22:20:53.0827 0x0480  WUDFWpdFs - ok
22:20:53.0843 0x0480  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFWpdMtp      C:\Windows\system32\DRIVERS\WUDFRd.sys
22:20:53.0906 0x0480  WUDFWpdMtp - ok
22:20:53.0952 0x0480  [ 6D9E07436B6646EC8F7EFFD39B6BA288, 82C1CEA93ECEF17D221AD0F87C5BD96F3FD8143841C16BD9608BD4D58D90B8E0 ] WwanSvc         C:\Windows\System32\wwansvc.dll
22:20:54.0062 0x0480  WwanSvc - ok
22:20:54.0077 0x0480  ================ Scan global ===============================
22:20:54.0140 0x0480  [ DDC1AFBF9DDF880CE9BD3896114D8DED, E2406231EA4D2689A5EDFA9BD1A1BC064359D8D23B37F113A18B5EAE3E2D4050 ] C:\Windows\system32\basesrv.dll
22:20:54.0187 0x0480  [ E9343076AE704D20BB0D01F3AF3EFFEF, FF2CE4146945976F9480690505CECD3C7C719BAF0F633E6192C8272C75EF295D ] C:\Windows\system32\winsrv.dll
22:20:54.0265 0x0480  [ BD7C6949984D19AAA609896B675E7357, 5B46538B27BC70F5A3805AA63F6AACDC780C7168468FB535F2D35CF26B9DEE06 ] C:\Windows\system32\sxssrv.dll
22:20:54.0327 0x0480  [ 8F226143046435C75C033B0C52E90FFE, 54FA316485B57D7B8104FE621F5F40DEC35E3D57C3DF46B5F7EACF57445FE7CA ] C:\Windows\system32\services.exe
22:20:54.0359 0x0480  [ Global ] - ok
22:20:54.0359 0x0480  ================ Scan MBR ==================================
22:20:54.0374 0x0480  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
22:20:54.0452 0x0480  \Device\Harddisk0\DR0 - ok
22:20:54.0452 0x0480  ================ Scan VBR ==================================
22:20:54.0468 0x0480  [ 3F21C2B0DF11EF1B4FFE2485190A194E ] \Device\Harddisk0\DR0\Partition1
22:20:54.0499 0x0480  \Device\Harddisk0\DR0\Partition1 - ok
22:20:54.0515 0x0480  [ F344480E5EA24526200E7E1602077340 ] \Device\Harddisk0\DR0\Partition2
22:20:54.0531 0x0480  \Device\Harddisk0\DR0\Partition2 - ok
22:20:54.0546 0x0480  [ 66FAA80B9274EE79831AFC0B93D4E7DB ] \Device\Harddisk0\DR0\Partition3
22:20:54.0546 0x0480  \Device\Harddisk0\DR0\Partition3 - ok
22:20:54.0562 0x0480  [ 51C8C4AF820FDD6D6A9DC364EC4E6BCF ] \Device\Harddisk0\DR0\Partition4
22:20:54.0578 0x0480  \Device\Harddisk0\DR0\Partition4 - ok
22:20:54.0593 0x0480  [ F11EED538662A443401D6D1CF44970E6 ] \Device\Harddisk0\DR0\Partition5
22:20:54.0624 0x0480  \Device\Harddisk0\DR0\Partition5 - ok
22:20:54.0656 0x0480  [ F34F79BEE88A0E6EA331225D9951F738 ] \Device\Harddisk0\DR0\Partition6
22:20:54.0671 0x0480  \Device\Harddisk0\DR0\Partition6 - ok
22:20:54.0671 0x0480  ================ Scan generic autorun ======================
22:20:54.0718 0x0480  [ 7442B612841A842A9517EBB7F5FA9893, 87BB58112310072B9BC44974AB2373181CED7A6A1D538585D327A6367D612CC0 ] C:\Windows\system32\igfxtray.exe
22:20:54.0765 0x0480  IgfxTray - ok
22:20:54.0812 0x0480  [ 7BCAA84DEB3037859716F2B7BE6EBDBE, 36795AB6DFC983D4104E5B13FEF38400FE5CEE4E2E20C75E4D7456F5E9D3C259 ] C:\Windows\system32\hkcmd.exe
22:20:54.0874 0x0480  HotKeysCmds - ok
22:20:54.0890 0x0480  [ 247C63697DAA7D49AD75F598AC9B4C91, 37548A05E61B8F2596633F1987606A1C140BC6650ABCCD5CB613BE6F4BE70E23 ] C:\Windows\system32\DptfPolicyLpmServiceHelper.exe
22:20:54.0921 0x0480  DptfPolicyLpmServiceHelper - ok
22:20:54.0984 0x0480  [ B7BCA8A30CE13A283CDBDECEF5616C39, C734A8C3633653E0C903E7F14F574DEED763613F9E6A5CE7862D547CAE9AEDDB ] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
22:20:55.0281 0x0480  ACMON - ok
22:20:55.0531 0x0480  [ FF3ADE2620DD221C3E011DC614EA71EF, 572A0D40E30A1F8B2121B5B4AE9B46301CEF0E370318EAF1F8FC7916DE7470F2 ] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe
22:20:56.0124 0x0480  ASUSWebStorage - ok
22:20:56.0234 0x0480  [ 0751C82143C6DFCFE01A2C479DCC461B, 3BADD551BD0FDB9FBCF65BEE77A49881FB0BD0CF06702E1573F8C30702A02913 ] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe
22:20:56.0374 0x0480  Sophos AutoUpdate Monitor - ok
22:20:56.0499 0x0480  [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
22:20:56.0624 0x0480  Adobe ARM - ok
22:20:56.0687 0x0480  [ F7AD0BD4A944A97C13B196215981346C, 9CDE2D90E5BD7AF1387F8DBB9463FDE402955581CC0613AF50DFE8AF94D5FA5C ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
22:20:56.0874 0x0480  SunJavaUpdateSched - ok
22:20:56.0874 0x0480  Waiting for KSN requests completion. In queue: 225
22:20:57.0890 0x0480  Waiting for KSN requests completion. In queue: 225
22:20:58.0906 0x0480  Waiting for KSN requests completion. In queue: 225
22:20:59.0937 0x0480  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.5.218.0 ), 0x60100 ( disabled : updated )
22:20:59.0937 0x0480  AV detected via SS2: Sophos Anti-Virus, C:\Program Files (x86)\Sophos\Sophos Anti-Virus\WSCClient.exe ( 10.0.12.0 ), 0x51000 ( enabled : updated )
22:20:59.0953 0x0480  Win FW state via NFP2: enabled
22:21:02.0375 0x0480  ============================================================
22:21:02.0375 0x0480  Scan finished
22:21:02.0375 0x0480  ============================================================
22:21:02.0390 0x0c48  Detected object count: 0
22:21:02.0390 0x0c48  Actual detected object count: 0
22:21:06.0879 0x1018  Deinitialize success
         
__________________

Alt 08.09.2014, 19:25   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Finanzamt Trojaner rechtzeitig von Sophos geblockt? - Standard

Finanzamt Trojaner rechtzeitig von Sophos geblockt?



und was wurde in Quarantäne geschoben?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 08.09.2014, 20:32   #5
Pip2
 
Finanzamt Trojaner rechtzeitig von Sophos geblockt? - Standard

Finanzamt Trojaner rechtzeitig von Sophos geblockt?



Hallo Schrauber,

leider löscht bzw. eliminiert mein Sophos direkt alle Trojaner. Es war ein Trojaner mit der ID 2.2, mehr habe ich leider nicht gesehen, weil das immer nur relativ kurz als Information aufpoppt. Die betroffene Datei war im Papierkorb, den Teil vom Pfad habe ich identifiziert.
Gibt es eine Möglichkeit bei Sophos die Informationen über die gelöschten Objekte herauszufinden?


Alt 08.09.2014, 21:57   #6
Pip2
 
Finanzamt Trojaner rechtzeitig von Sophos geblockt? - Standard

Finanzamt Trojaner rechtzeitig von Sophos geblockt?



Edit: Sophos hat wieder angeschlagen - hier sind die Daten:

Typ: Virus/ Spyware
Name: Troj/DocDI-D
Verzeichnis: C:\$Recycle.Bin\S-1-5-21-242285392-2585440693-653752246-1002$RH4MZA0.doc
Verfügbare Maßnahme: keine Maßnahmen (Bereinigung nicht komplett abgeschlossen, manuelle Maßnahme erforderlich)

Einen Screenshot habe ich angehängt - zur Verdeutlichung.

Was mich beunruhigt: zum einen wird dieses Mal nicht automatisch gelöscht und zum anderen ist mein Abfalleimer ist leer, das habe ich gemacht, sobald ich gemerkt habe, dass ich etwas geöffnet habe, von dem ich besser die Finger hätte lassen sollen
Miniaturansicht angehängter Grafiken
Finanzamt Trojaner rechtzeitig von Sophos geblockt?-trojaner.jpg  

Alt 09.09.2014, 21:33   #7
schrauber
/// the machine
/// TB-Ausbilder
 

Finanzamt Trojaner rechtzeitig von Sophos geblockt? - Standard

Finanzamt Trojaner rechtzeitig von Sophos geblockt?



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 10.09.2014, 20:08   #8
Pip2
 
Finanzamt Trojaner rechtzeitig von Sophos geblockt? - Standard

Finanzamt Trojaner rechtzeitig von Sophos geblockt?



Hallo Schrauber,

hier ist der Log:
Code:
ATTFilter
ComboFix 14-09-11.01 - Pippin 10.09.2014  19:54:44.1.4 - x64
Microsoft Windows 8  6.2.9200.0.1252.49.1031.18.3982.2489 [GMT 2:00]
ausgeführt von:: c:\users\Pippin\Desktop\ComboFix.exe
AV: Sophos Anti-Virus *Disabled/Updated* {6BABF8F7-3EB6-BD1D-9167-8C5ECA060A29}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Sophos Anti-Virus *Disabled/Updated* {D0CA1913-188C-B293-ABD7-B72CB1814094}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SetStretch.exe
c:\users\Pippin\AppData\Local\Microsoft\Windows\Temporary Internet Files\{14843B06-A1FC-4CE1-AEF6-D4DA9C42523B}.xps
c:\windows\tmp
c:\windows\tmp\dd_vcredistMSI5A0A.txt
c:\windows\tmp\dd_vcredistUI5A0A.txt
c:\windows\tmp\fonts\fontdb
c:\windows\tmp\qtsingleapp-koboex-7d5-7-lockfile
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-08-10 bis 2014-09-10  ))))))))))))))))))))))))))))))
.
.
2014-09-10 17:59 . 2014-09-10 17:59	--------	d-----w-	c:\users\Pippin\AppData\Local\temp
2014-09-10 17:59 . 2014-09-10 17:59	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-09-10 17:59 . 2014-09-10 17:59	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2014-09-07 19:49 . 2014-09-07 19:49	--------	d-----w-	c:\programdata\Malwarebytes
2014-09-07 19:49 . 2014-09-07 20:10	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-09-07 19:49 . 2014-09-07 19:49	128728	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-07 19:48 . 2014-09-07 19:48	92888	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-09-07 17:22 . 2014-09-07 17:26	--------	d-----w-	C:\FRST
2014-08-27 20:46 . 2014-08-23 06:47	4036096	----a-w-	c:\windows\system32\win32k.sys
2014-08-14 20:28 . 2014-08-14 20:28	189128	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\LICLUA.EXE
2014-08-13 07:40 . 2014-07-15 22:51	71168	----a-w-	c:\windows\system32\drivers\hdaudbus.sys
2014-08-13 07:36 . 2014-06-10 22:44	35480	----a-w-	c:\windows\system32\TsWpfWrp.exe
2014-08-13 07:36 . 2014-06-10 22:43	35480	----a-w-	c:\windows\SysWow64\TsWpfWrp.exe
2014-08-13 07:31 . 2014-05-03 06:34	6974808	----a-w-	c:\windows\system32\ntoskrnl.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-10 17:44 . 2013-02-20 05:10	507	----a-w-	c:\users\Pippin\AppData\Roaming\sp_data.sys
2014-09-09 19:11 . 2012-07-26 08:13	23256	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-29 18:16 . 2013-10-23 20:12	590536	----a-w-	c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-08-14 18:22 . 2013-02-23 15:19	99218768	----a-w-	c:\windows\system32\MRT.exe
2014-08-02 00:15 . 2013-02-24 15:00	704480	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-08-02 00:15 . 2013-02-24 15:00	105440	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-29 10:00 . 2013-02-21 04:46	36648	----a-w-	c:\windows\system32\SophosBootTasks.exe
2014-06-17 23:27 . 2014-07-30 20:07	1440256	----a-w-	c:\windows\SysWow64\osk.exe
2014-06-17 23:24 . 2014-07-30 20:07	1557504	----a-w-	c:\windows\system32\osk.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\Pippin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\Pippin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\Pippin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUSWebStorage"="c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe" [2012-08-28 3417984]
"Sophos AutoUpdate Monitor"="c:\program files (x86)\Sophos\AutoUpdate\almon.exe" [2012-07-06 900160]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-03-17 224128]
.
c:\users\Pippin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-7-30 36414496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 swi_update_64;Sophos Web Intelligence Update;c:\programdata\Sophos\Web Intelligence\swi_update_64.exe;c:\programdata\Sophos\Web Intelligence\swi_update_64.exe [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys;c:\windows\SYSNATIVE\DRIVERS\SophosBootDriver.sys [x]
R4 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
R4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys;c:\windows\SYSNATIVE\DRIVERS\savonaccess.sys [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe;c:\program files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [x]
S2 ClickToRunSvc;Microsoft Office-Klick-und-Los-Dienst;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 DptfParticipantProcessorService;Intel(R) Dynamic Platform & Thermal Framework Processor Participant Service Application;c:\windows\system32\DptfParticipantProcessorService.exe;c:\windows\SYSNATIVE\DptfParticipantProcessorService.exe [x]
S2 DptfPolicyConfigTDPService;Intel(R) Dynamic Platform & Thermal Framework Config TDP Service Application;c:\windows\system32\DptfPolicyConfigTDPService.exe;c:\windows\SYSNATIVE\DptfPolicyConfigTDPService.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 SAVAdminService;Sophos Anti-Virus Statusreporter;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [x]
S2 SAVService;Sophos Anti-Virus;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 swi_service;Sophos Web Intelligence Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]
S3 ATP;ASUS PS/2 Port Input Device;c:\windows\System32\drivers\AsusTP.sys;c:\windows\SYSNATIVE\drivers\AsusTP.sys [x]
S3 DptfDevDram;DptfDevDram;c:\windows\system32\DRIVERS\DptfDevDram.sys;c:\windows\SYSNATIVE\DRIVERS\DptfDevDram.sys [x]
S3 DptfDevFan;DptfDevFan;c:\windows\system32\DRIVERS\DptfDevFan.sys;c:\windows\SYSNATIVE\DRIVERS\DptfDevFan.sys [x]
S3 DptfDevGen;DptfDevGen;c:\windows\system32\DRIVERS\DptfDevGen.sys;c:\windows\SYSNATIVE\DRIVERS\DptfDevGen.sys [x]
S3 DptfDevPch;DptfDevPch;c:\windows\system32\DRIVERS\DptfDevPch.sys;c:\windows\SYSNATIVE\DRIVERS\DptfDevPch.sys [x]
S3 DptfDevProc;DptfDevProc;c:\windows\system32\DRIVERS\DptfDevProc.sys;c:\windows\SYSNATIVE\DRIVERS\DptfDevProc.sys [x]
S3 DptfManager;DptfManager;c:\windows\system32\DRIVERS\DptfManager.sys;c:\windows\SYSNATIVE\DRIVERS\DptfManager.sys [x]
S3 HIDSwitch;ASUS Wireless Radio Control;c:\windows\System32\drivers\AsHIDSwitch64.sys;c:\windows\SYSNATIVE\drivers\AsHIDSwitch64.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;c:\windows\system32\DRIVERS\RtsBaStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsBaStor.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2013-12-21 06:04	215416	----a-w-	c:\program files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-08-29 18:18	2335960	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-08-29 18:18	2335960	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-08-29 18:18	2335960	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2012-03-13 09:23	1500672	----a-w-	c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2012-03-13 09:23	1500672	----a-w-	c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_U]
@="{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}"
[HKEY_CLASSES_ROOT\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}]
2012-03-13 09:23	1500672	----a-w-	c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	164760	----a-w-	c:\users\Pippin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	164760	----a-w-	c:\users\Pippin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	164760	----a-w-	c:\users\Pippin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	164760	----a-w-	c:\users\Pippin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-16 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-16 398656]
"DptfPolicyLpmServiceHelper"="c:\windows\system32\DptfPolicyLpmServiceHelper.exe" [2012-07-30 21888]
"ACMON"="c:\program files (x86)\ASUS\Splendid\ACMON.exe" [2012-08-24 107192]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
LSP: c:\programdata\Sophos\Web Intelligence\swi_ifslsp.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Pippin\AppData\Roaming\Mozilla\Firefox\Profiles\63282fnp.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
FF - prefs.js: keyword.URL - 
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Zeit der Fertigstellung: 2014-09-10  20:02:43
ComboFix-quarantined-files.txt  2014-09-10 18:02
.
Vor Suchlauf: 15 Verzeichnis(se), 126.904.721.408 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 126.862.594.048 Bytes frei
.
- - End Of File - - A8B2962E9FEF2BB76F9224551DF3362B
         
Es gab keine Probleme beim Scan, es lief alles gut durch.
Allerdings hatte ich danach ein Problem, dass der Computer nicht mehr so ganz ruhig lief - Programme hingen. Neustart war auch nicht ohne Probleme möglich, ich habe nur durch gewaltsames Herunterfahren (langes Drücken der Austaste) wieder etwas machen können. Dann lief aber alles wieder.
Trojaner ist immer noch in der Quarantäne bei Sophos - Maßnahmen wie eliminieren sind leider nicht möglich.

Grüße

Geändert von Pip2 (10.09.2014 um 20:17 Uhr)

Alt 11.09.2014, 12:22   #9
schrauber
/// the machine
/// TB-Ausbilder
 

Finanzamt Trojaner rechtzeitig von Sophos geblockt? - Standard

Finanzamt Trojaner rechtzeitig von Sophos geblockt?



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 11.09.2014, 19:05   #10
Pip2
 
Finanzamt Trojaner rechtzeitig von Sophos geblockt? - Standard

Finanzamt Trojaner rechtzeitig von Sophos geblockt?



Hallo Schrauber,

scheinbar finde ich hier jeden Tag etwas neues Beim Schan mit Malware hat mein Sophos übrigens noch Sophos ein Adware/PUA mit dem Namen NirCMD entdeckt. Bei diesem habe ich aber immerhin die Maßnahmen bereinigen/ zulassen zur Verfügung --> Soll ich bereinigen klicken?
Hier sind noch die Logs:

MBAM:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 11.09.2014
Suchlauf-Zeit: 17:58:20
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.09.11.05
Rootkit Datenbank: v2014.09.10.02
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 8
CPU: x64
Dateisystem: NTFS
Benutzer: Pippin

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 353246
Verstrichene Zeit: 17 Min, 47 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 1
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[4819eb013645a78f7b579564f70dc040]

Ordner: 0
(No malicious items detected)

Dateien: 3
PUP.Optional.OpenCandy, C:\Users\Pippin\Downloads\winamp563_full_emusic-7plus_de-de.exe, In Quarantäne, [6bf63cb03a4184b23000d54a867f0bf5], 
PUP.Optional.Firseria, C:\Users\Pippin\Downloads\Microsoft%20Office%202010.exe, In Quarantäne, [de83a745adce87afb2e20b159b6aa25e], 
PUP.Optional.SweetPage.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\sweet-page.xml, In Quarantäne, [352c5894b9c20a2c51e4e871f410dc24], 

Physische Sektoren: 0
(No malicious items detected)


(end)
         
AdwCleaner:
Code:
ATTFilter
# AdwCleaner v3.309 - Bericht erstellt am 11/09/2014 um 18:34:29
# Aktualisiert 02/09/2014 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzername : Pippin - PIP
# Gestartet von : C:\Users\Pippin\Desktop\adwcleaner_3.309.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : DptfParticipantProcessorService
Dienst Gelöscht : DptfPolicyConfigTDPService

***** [ Dateien / Ordner ] *****

Datei Gelöscht : C:\Windows\System32\DptfParticipantProcessorService.exe
Datei Gelöscht : C:\Windows\System32\DptfPolicyConfigTDPService.exe

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updateJumpFlip_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updateJumpFlip_RASMANCS
Schlüssel Gelöscht : HKCU\Software\OCS

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16537


-\\ Mozilla Firefox v31.0 (x86 de)

[ Datei : C:\Users\Pippin\AppData\Roaming\Mozilla\Firefox\Profiles\63282fnp.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [6143 octets] - [15/01/2014 23:06:36]
AdwCleaner[R1].txt - [1589 octets] - [11/09/2014 18:33:17]
AdwCleaner[S0].txt - [4007 octets] - [15/01/2014 23:08:22]
AdwCleaner[S1].txt - [1464 octets] - [11/09/2014 18:34:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1524 octets] ##########
         
JRT:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 x64
Ran by Pippin on 11.09.2014 at 18:40:40,23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Pippin\AppData\Roaming\mozilla\firefox\profiles\63282fnp.default\minidumps [18 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.09.2014 at 18:47:38,46
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014
Ran by Pippin (administrator) on PIP on 11-09-2014 18:54:51
Running from C:\Users\Pippin\Desktop
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Dropbox, Inc.) C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavMain.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [21888 2012-07-30] ()
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-24] (ASUS)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-28] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [900160 2012-07-06] (Sophos Limited)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Startup: C:\Users\Pippin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: AsusWSShellExt_U -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Pippin\AppData\Roaming\Mozilla\Firefox\Profiles\63282fnp.default
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: https://www.google.de/
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files (x86)\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files (x86)\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Pippin\AppData\Roaming\Mozilla\Firefox\Profiles\63282fnp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-02-23]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome: 
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2369720 2014-08-01] (Microsoft Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-26] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-26] (Microsoft Corporation)
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [215848 2014-04-14] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [139048 2014-04-14] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [232512 2012-07-06] (Sophos Limited)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-26] (Microsoft Corporation)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2869824 2012-11-12] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [1998400 2012-11-12] (Sophos Limited)
S4 TuneUp.Defrag; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe [607040 2013-02-22] (TuneUp Software)
S4 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [1403200 2011-11-21] (TuneUp Software)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [107328 2012-07-13] (Intel Corporation)
R3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [42816 2012-07-13] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [64832 2012-07-13] (Intel Corporation)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [96064 2012-07-13] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [228672 2012-07-13] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [361792 2012-07-13] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-11] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [144672 2012-04-24] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\system32\DRIVERS\SophosBootDriver.sys [25608 2011-08-25] (Sophos Plc)
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [11856 2010-02-24] (TuneUp Software)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U0 msahci; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-11 18:54 - 2014-09-11 18:54 - 00016327 _____ () C:\Users\Pippin\Desktop\FRST.txt
2014-09-11 18:54 - 2014-09-11 18:54 - 00000000 ____D () C:\Users\Pippin\Desktop\FRST-OlderVersion
2014-09-11 18:47 - 2014-09-11 18:47 - 00000746 _____ () C:\Users\Pippin\Desktop\JRT.txt
2014-09-11 18:40 - 2014-09-11 18:40 - 00000000 ____D () C:\Windows\ERUNT
2014-09-11 18:39 - 2014-09-11 18:39 - 01016261 _____ (Thisisu) C:\Users\Pippin\Desktop\JRT.exe
2014-09-11 18:31 - 2014-09-11 18:31 - 01370483 _____ () C:\Users\Pippin\Desktop\adwcleaner_3.309.exe
2014-09-11 18:30 - 2014-09-11 18:31 - 01370483 _____ () C:\Users\Pippin\Downloads\adwcleaner_3.309.exe
2014-09-11 18:29 - 2014-09-11 18:29 - 00001783 _____ () C:\Users\Pippin\Desktop\mbam.txt
2014-09-11 17:56 - 2014-09-11 17:56 - 00001104 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-11 17:56 - 2014-09-11 17:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-11 17:55 - 2014-09-11 17:55 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-09-11 17:55 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-11 17:55 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-11 17:53 - 2014-09-11 17:53 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Pippin\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-10 21:18 - 2014-08-16 11:34 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 21:18 - 2014-08-16 11:34 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-09-10 21:18 - 2014-08-16 11:34 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 21:18 - 2014-08-16 11:33 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 21:18 - 2014-08-16 11:33 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 21:18 - 2014-08-16 11:32 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 21:18 - 2014-08-16 11:32 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 21:18 - 2014-08-16 11:32 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-10 21:18 - 2014-08-16 11:32 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 21:18 - 2014-08-16 11:32 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 21:18 - 2014-08-16 11:32 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 21:18 - 2014-08-16 09:37 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 21:18 - 2014-08-16 09:36 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 21:18 - 2014-08-16 09:36 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 21:18 - 2014-08-16 09:36 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-09-10 21:18 - 2014-08-16 09:36 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 21:18 - 2014-08-16 09:36 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 21:18 - 2014-08-16 09:36 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 21:18 - 2014-08-16 09:36 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 21:18 - 2014-08-16 09:36 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 21:18 - 2014-08-16 09:35 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 21:18 - 2014-03-07 02:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-10 21:18 - 2013-05-16 00:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-09-10 21:18 - 2013-05-16 00:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-09-10 21:18 - 2013-05-14 15:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 21:18 - 2013-05-14 11:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 21:18 - 2013-02-21 12:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-09-10 21:18 - 2013-02-21 12:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 21:18 - 2013-02-21 12:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 21:18 - 2013-02-21 12:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-09-10 21:18 - 2013-02-19 11:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-09-10 21:18 - 2012-11-08 06:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 21:18 - 2012-11-08 06:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 21:18 - 2012-07-26 05:06 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 21:17 - 2014-08-16 11:34 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 21:17 - 2014-08-16 11:33 - 19280384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 21:17 - 2014-08-16 11:32 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 21:17 - 2014-08-16 11:32 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 21:17 - 2014-08-16 09:37 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 21:17 - 2014-08-16 09:36 - 14369280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 21:17 - 2014-08-16 09:36 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 21:17 - 2013-02-21 12:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 21:17 - 2013-02-21 12:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 21:12 - 2014-08-01 01:40 - 01287680 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-09-10 21:11 - 2014-07-24 05:33 - 00875688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2014-09-10 21:11 - 2014-07-24 05:33 - 00869544 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2014-09-10 21:11 - 2014-06-05 03:12 - 00678600 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2014-09-10 21:11 - 2014-06-04 01:12 - 00536776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2014-09-10 21:10 - 2014-08-28 13:34 - 00059400 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-10 21:10 - 2014-08-28 08:05 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-09-10 21:10 - 2014-08-28 08:05 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-09-10 21:10 - 2014-08-28 08:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-09-10 21:10 - 2014-08-28 08:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-09-10 21:10 - 2014-08-28 08:02 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-09-10 21:10 - 2014-08-28 08:01 - 03285504 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-10 21:10 - 2014-08-28 08:01 - 01623552 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-10 21:10 - 2014-08-28 08:01 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-09-10 21:10 - 2014-08-28 08:01 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-09-10 21:10 - 2014-08-28 08:01 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-09-10 21:10 - 2014-08-28 08:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-09-10 21:10 - 2014-08-28 08:01 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-09-10 21:10 - 2014-08-28 08:01 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2014-09-10 21:10 - 2014-08-09 10:30 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-09-10 21:10 - 2014-08-09 10:29 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll
2014-09-10 20:02 - 2014-09-10 20:02 - 00018218 _____ () C:\ComboFix.txt
2014-09-10 19:52 - 2014-09-10 20:02 - 00000000 ____D () C:\Qoobox
2014-09-10 19:52 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-10 19:52 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-10 19:52 - 2009-04-20 06:56 - 00060416 _____ () C:\Windows\NIRCMD.exe
2014-09-10 19:52 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-10 19:52 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-10 19:52 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2014-09-10 19:52 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-10 19:52 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-10 19:52 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-10 19:51 - 2014-09-10 20:00 - 00000000 ____D () C:\Windows\erdnt
2014-09-10 19:48 - 2014-09-10 19:48 - 05576769 ____R (Swearware) C:\Users\Pippin\Desktop\ComboFix.exe
2014-09-10 19:47 - 2014-09-10 19:48 - 05576769 _____ (Swearware) C:\Users\Pippin\Downloads\ComboFix.exe
2014-09-07 22:16 - 2014-09-07 22:17 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Pippin\Desktop\tdsskiller.exe
2014-09-07 21:49 - 2014-09-11 18:36 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-07 21:49 - 2014-09-11 17:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-07 21:49 - 2014-09-07 22:10 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-07 21:48 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-07 21:47 - 2014-09-07 22:09 - 00000000 ____D () C:\Users\Pippin\Desktop\mbar
2014-09-07 21:45 - 2014-09-07 21:45 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Pippin\Desktop\mbar-1.07.0.1012.exe
2014-09-07 19:42 - 2014-09-07 19:42 - 00006678 _____ () C:\Users\Pippin\Desktop\gmer.txt
2014-09-07 19:24 - 2014-09-07 19:26 - 00026716 _____ () C:\Users\Pippin\Downloads\Addition.txt
2014-09-07 19:23 - 2014-09-07 19:26 - 00033010 _____ () C:\Users\Pippin\Downloads\FRST.txt
2014-09-07 19:23 - 2014-09-07 19:23 - 00380416 _____ () C:\Users\Pippin\Downloads\jyff14mu.exe
2014-09-07 19:22 - 2014-09-11 18:55 - 00000000 ____D () C:\FRST
2014-09-07 19:19 - 2014-09-11 18:54 - 02105856 _____ (Farbar) C:\Users\Pippin\Desktop\FRST64.exe
2014-09-07 19:15 - 2014-09-07 19:15 - 00000474 _____ () C:\Users\Pippin\Downloads\defogger_disable.log
2014-09-07 19:15 - 2014-09-07 19:15 - 00000000 _____ () C:\Users\Pippin\defogger_reenable
2014-09-07 19:13 - 2014-09-07 19:13 - 00050477 _____ () C:\Users\Pippin\Downloads\Defogger.exe
2014-09-04 20:07 - 2014-09-07 20:19 - 00000000 ____D () C:\Users\Pippin\Downloads\Steuerbericht09201417
2014-09-03 21:27 - 2014-09-08 22:00 - 00227763 _____ () C:\Users\Pippin\Desktop\Picknick.odt
2014-08-27 22:46 - 2014-08-23 08:47 - 04036096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-20 22:22 - 2014-08-27 22:51 - 00449272 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-13 09:40 - 2014-07-16 00:51 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-08-13 09:36 - 2014-06-11 00:44 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 09:36 - 2014-06-11 00:43 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 09:33 - 2014-07-16 01:03 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-13 09:33 - 2014-07-12 04:36 - 01023488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-13 09:33 - 2014-06-13 03:57 - 01453400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 09:33 - 2014-06-13 03:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-13 09:31 - 2014-06-20 01:35 - 01312768 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 09:31 - 2014-06-20 00:24 - 00694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-13 09:31 - 2014-06-05 19:56 - 00112984 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 09:31 - 2014-06-05 19:30 - 10116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-08-13 09:31 - 2014-06-05 19:29 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 09:31 - 2014-06-05 19:29 - 00393216 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 09:31 - 2014-06-05 19:28 - 02306560 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 09:31 - 2014-06-05 19:28 - 02146304 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-08-13 09:31 - 2014-06-05 15:12 - 08857600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-08-13 09:31 - 2014-06-05 15:11 - 02416128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-13 09:31 - 2014-06-05 15:11 - 00295424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-13 09:31 - 2014-06-05 15:10 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-13 09:31 - 2014-06-05 15:10 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-08-13 09:31 - 2014-05-29 06:04 - 00094552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2014-08-13 09:31 - 2014-05-08 03:34 - 00328024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-08-13 09:31 - 2014-05-03 08:34 - 06974808 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-08-13 09:31 - 2014-05-03 08:33 - 01824808 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-08-13 09:31 - 2014-05-03 06:51 - 01408976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-08-13 09:31 - 2014-05-02 00:37 - 01023488 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-08-13 09:31 - 2014-04-30 00:32 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe
2014-08-13 09:31 - 2014-04-30 00:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2014-08-13 09:31 - 2014-04-24 01:51 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-08-13 09:31 - 2014-04-24 01:51 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-08-13 09:31 - 2014-04-24 01:38 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-08-13 09:31 - 2014-04-24 01:38 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-11 18:55 - 2014-09-11 18:54 - 00016327 _____ () C:\Users\Pippin\Desktop\FRST.txt
2014-09-11 18:55 - 2014-09-07 19:22 - 00000000 ____D () C:\FRST
2014-09-11 18:54 - 2014-09-11 18:54 - 00000000 ____D () C:\Users\Pippin\Desktop\FRST-OlderVersion
2014-09-11 18:54 - 2014-09-07 19:19 - 02105856 _____ (Farbar) C:\Users\Pippin\Desktop\FRST64.exe
2014-09-11 18:47 - 2014-09-11 18:47 - 00000746 _____ () C:\Users\Pippin\Desktop\JRT.txt
2014-09-11 18:47 - 2012-11-02 13:43 - 01251961 _____ () C:\Windows\WindowsUpdate.log
2014-09-11 18:40 - 2014-09-11 18:40 - 00000000 ____D () C:\Windows\ERUNT
2014-09-11 18:39 - 2014-09-11 18:39 - 01016261 _____ (Thisisu) C:\Users\Pippin\Desktop\JRT.exe
2014-09-11 18:37 - 2013-09-02 19:47 - 00000000 ___RD () C:\Users\Pippin\Dropbox
2014-09-11 18:37 - 2013-09-02 19:43 - 00000000 ____D () C:\Users\Pippin\AppData\Roaming\Dropbox
2014-09-11 18:36 - 2014-09-07 21:49 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-11 18:36 - 2013-02-20 07:10 - 00000507 _____ () C:\Users\Pippin\AppData\Roaming\sp_data.sys
2014-09-11 18:36 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-11 18:35 - 2014-08-10 21:15 - 00005160 _____ () C:\Windows\PFRO.log
2014-09-11 18:34 - 2014-01-15 23:06 - 00000000 ____D () C:\AdwCleaner
2014-09-11 18:31 - 2014-09-11 18:31 - 01370483 _____ () C:\Users\Pippin\Desktop\adwcleaner_3.309.exe
2014-09-11 18:31 - 2014-09-11 18:30 - 01370483 _____ () C:\Users\Pippin\Downloads\adwcleaner_3.309.exe
2014-09-11 18:29 - 2014-09-11 18:29 - 00001783 _____ () C:\Users\Pippin\Desktop\mbam.txt
2014-09-11 18:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-09-11 17:56 - 2014-09-11 17:56 - 00001104 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-11 17:56 - 2014-09-11 17:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-11 17:55 - 2014-09-11 17:55 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-09-11 17:55 - 2014-09-07 21:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-11 17:53 - 2014-09-11 17:53 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Pippin\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-10 21:12 - 2013-02-23 17:19 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 20:29 - 2013-07-10 21:54 - 00000000 _____ () C:\Windows\system32\vireng.log
2014-09-10 20:02 - 2014-09-10 20:02 - 00018218 _____ () C:\ComboFix.txt
2014-09-10 20:02 - 2014-09-10 19:52 - 00000000 ____D () C:\Qoobox
2014-09-10 20:00 - 2014-09-10 19:51 - 00000000 ____D () C:\Windows\erdnt
2014-09-10 19:59 - 2012-07-26 07:26 - 00000215 _____ () C:\Windows\system.ini
2014-09-10 19:48 - 2014-09-10 19:48 - 05576769 ____R (Swearware) C:\Users\Pippin\Desktop\ComboFix.exe
2014-09-10 19:48 - 2014-09-10 19:47 - 05576769 _____ (Swearware) C:\Users\Pippin\Downloads\ComboFix.exe
2014-09-08 22:00 - 2014-09-03 21:27 - 00227763 _____ () C:\Users\Pippin\Desktop\Picknick.odt
2014-09-07 22:17 - 2014-09-07 22:16 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Pippin\Desktop\tdsskiller.exe
2014-09-07 22:10 - 2014-09-07 21:49 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-07 22:10 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-09-07 22:09 - 2014-09-07 21:47 - 00000000 ____D () C:\Users\Pippin\Desktop\mbar
2014-09-07 21:45 - 2014-09-07 21:45 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Pippin\Desktop\mbar-1.07.0.1012.exe
2014-09-07 20:43 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-09-07 20:19 - 2014-09-04 20:07 - 00000000 ____D () C:\Users\Pippin\Downloads\Steuerbericht09201417
2014-09-07 19:42 - 2014-09-07 19:42 - 00006678 _____ () C:\Users\Pippin\Desktop\gmer.txt
2014-09-07 19:26 - 2014-09-07 19:24 - 00026716 _____ () C:\Users\Pippin\Downloads\Addition.txt
2014-09-07 19:26 - 2014-09-07 19:23 - 00033010 _____ () C:\Users\Pippin\Downloads\FRST.txt
2014-09-07 19:23 - 2014-09-07 19:23 - 00380416 _____ () C:\Users\Pippin\Downloads\jyff14mu.exe
2014-09-07 19:15 - 2014-09-07 19:15 - 00000474 _____ () C:\Users\Pippin\Downloads\defogger_disable.log
2014-09-07 19:15 - 2014-09-07 19:15 - 00000000 _____ () C:\Users\Pippin\defogger_reenable
2014-09-07 19:15 - 2013-02-20 07:06 - 00000000 ____D () C:\Users\Pippin
2014-09-07 19:13 - 2014-09-07 19:13 - 00050477 _____ () C:\Users\Pippin\Downloads\Defogger.exe
2014-09-07 19:13 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-09-04 21:53 - 2014-08-11 20:41 - 00144038 _____ () C:\Users\Pippin\Desktop\FFT 2013_fertig.mcf
2014-09-04 21:53 - 2014-08-11 20:41 - 00000000 ____D () C:\Users\Pippin\Desktop\FFT 2013_fertig_mcf-Dateien
2014-09-04 21:53 - 2013-12-20 18:07 - 00000000 ____D () C:\ProgramData\tmp
2014-09-03 21:48 - 2013-03-03 19:48 - 00000099 _____ () C:\Users\Public\LMDebug.log
2014-09-02 21:32 - 2013-02-24 17:00 - 00705480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-02 21:32 - 2013-02-24 17:00 - 00104904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-29 20:20 - 2013-10-23 22:00 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-28 13:34 - 2014-09-10 21:10 - 00059400 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-28 08:05 - 2014-09-10 21:10 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-28 08:05 - 2014-09-10 21:10 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-28 08:05 - 2014-09-10 21:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-28 08:05 - 2014-09-10 21:10 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-28 08:02 - 2014-09-10 21:10 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-28 08:01 - 2014-09-10 21:10 - 03285504 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-28 08:01 - 2014-09-10 21:10 - 01623552 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-28 08:01 - 2014-09-10 21:10 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-28 08:01 - 2014-09-10 21:10 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-08-28 08:01 - 2014-09-10 21:10 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-08-28 08:01 - 2014-09-10 21:10 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-28 08:01 - 2014-09-10 21:10 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-28 08:01 - 2014-09-10 21:10 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2014-08-27 23:00 - 2012-08-03 01:02 - 00760560 _____ () C:\Windows\system32\perfh007.dat
2014-08-27 23:00 - 2012-08-03 01:02 - 00158770 _____ () C:\Windows\system32\perfc007.dat
2014-08-27 23:00 - 2012-07-26 09:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-27 22:51 - 2014-08-20 22:22 - 00449272 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-27 22:49 - 2012-07-26 09:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-08-27 22:14 - 2013-02-21 23:27 - 00000000 ____D () C:\Users\Pippin\AppData\Roaming\Skype
2014-08-23 08:47 - 2014-08-27 22:46 - 04036096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-20 22:17 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData
2014-08-20 22:17 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore
2014-08-16 11:34 - 2014-09-10 21:18 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-16 11:34 - 2014-09-10 21:18 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-08-16 11:34 - 2014-09-10 21:18 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-16 11:34 - 2014-09-10 21:17 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-16 11:33 - 2014-09-10 21:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-16 11:33 - 2014-09-10 21:18 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-16 11:33 - 2014-09-10 21:17 - 19280384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-16 11:32 - 2014-09-10 21:18 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-16 11:32 - 2014-09-10 21:18 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-16 11:32 - 2014-09-10 21:18 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-16 11:32 - 2014-09-10 21:18 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-16 11:32 - 2014-09-10 21:18 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-16 11:32 - 2014-09-10 21:18 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-16 11:32 - 2014-09-10 21:17 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-16 11:32 - 2014-09-10 21:17 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-16 09:37 - 2014-09-10 21:18 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-16 09:37 - 2014-09-10 21:17 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-16 09:36 - 2014-09-10 21:18 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-16 09:36 - 2014-09-10 21:18 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-16 09:36 - 2014-09-10 21:18 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-16 09:36 - 2014-09-10 21:18 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-16 09:36 - 2014-09-10 21:18 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-16 09:36 - 2014-09-10 21:18 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-16 09:36 - 2014-09-10 21:18 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-16 09:36 - 2014-09-10 21:18 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-16 09:36 - 2014-09-10 21:17 - 14369280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-16 09:36 - 2014-09-10 21:17 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-16 09:35 - 2014-09-10 21:18 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-14 20:25 - 2013-09-15 22:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-12 22:31 - 2013-09-02 19:47 - 00000984 _____ () C:\Users\Pippin\Desktop\Dropbox.lnk
2014-08-12 22:31 - 2013-09-02 19:44 - 00000000 ____D () C:\Users\Pippin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-12 22:28 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\LiveKernelReports

Some content of TEMP:
====================
C:\Users\Pippin\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_idbli.dll
C:\Users\Pippin\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-10 20:22

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Grüße

Alt 12.09.2014, 11:56   #11
schrauber
/// the machine
/// TB-Ausbilder
 

Finanzamt Trojaner rechtzeitig von Sophos geblockt? - Standard

Finanzamt Trojaner rechtzeitig von Sophos geblockt?




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 12.09.2014, 19:01   #12
Pip2
 
Finanzamt Trojaner rechtzeitig von Sophos geblockt? - Standard

Finanzamt Trojaner rechtzeitig von Sophos geblockt?



Kommt daruaf an, wie man Probleme definiert
ESET hat auf jeden Fall einiges erkannt:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=1aee84dac8d4274086d5532710456ac4
# engine=20127
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-09-12 04:35:36
# local_time=2014-09-12 06:35:36 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 10442435 70045847 0 0
# compatibility_mode_1='Sophos Anti-Virus'
# compatibility_mode=8450 16777213 100 99 86622 96299290 0 0
# scanned=262565
# found=11
# cleaned=0
# scan_time=7161
sh=1977F2F0A49C992E60324A527A5887305D48E3D7 ft=1 fh=dc889aa2aa041916 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=A0AC2EF060C27275F2C0768DAF18A02FC0A6E168 ft=0 fh=0000000000000000 vn="Archbomb.RAR Trojaner" ac=I fn="C:\Users\Pippin\Downloads\img_1559.rar"
sh=702156E8AF7BAFB68B38DC2953EFC7D1680A4573 ft=1 fh=c7fbf9e33d27a5e7 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Pippin\Downloads\Microsoft Office Compatibility Pack - CHIP-Downloader.exe"
sh=33B24DBD3D844B32B332B6B3D417C7C49BDAD5E0 ft=1 fh=b5ae0809b81d5e59 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Pippin\Downloads\Word Viewer - CHIP-Downloader.exe"
sh=44C75F2F955CFE8650932D5D600397C0712CD10A ft=1 fh=1ed1429be76b2d59 vn="Variante von Win32/Adware.ADON evtl. unerwünschte Anwendung" ac=I fn="F:\exe-dateien\agsetup183se.exe"
sh=26590FB2BCD90BDE7F3C89B7AE4B684B24F74CD2 ft=1 fh=f46f5e2b9517bece vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="F:\exe-dateien\softonic-Deutsch.exe"
sh=E4A78E59F4A86F4BFCE69DE9A846C0ED092D410B ft=1 fh=0c2a662b93c0398c vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="F:\exe-dateien\SoftonicDownloader_fuer_zonealarm-firewall.exe"
sh=6994FC133F3D99F1B1257370C9BC01BD54AF5D30 ft=1 fh=d1eb868415c0b931 vn="Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung" ac=I fn="F:\exe-dateien\zaSetup_92_058_000_de.exe"
sh=F05DCC8AB09C37F8C922C709E221A033A2CF00AC ft=1 fh=028e89175da59869 vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="F:\Martins Mitbringsel\SoftonicDownloader_fuer_zonealarm-firewall.exe"
sh=6994FC133F3D99F1B1257370C9BC01BD54AF5D30 ft=1 fh=d1eb868415c0b931 vn="Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung" ac=I fn="F:\Martins Mitbringsel\zaSetup_92_058_000_de.exe"
sh=6994FC133F3D99F1B1257370C9BC01BD54AF5D30 ft=1 fh=d1eb868415c0b931 vn="Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung" ac=I fn="F:\setup.exe-dateien\zaSetup_92_058_000_de.exe"
         
Check-up:
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.87  
   x64 (UAC is enabled)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
Windows Defender    
Sophos Anti-Virus   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 TuneUp Utilities    
 TuneUp Utilities Language Pack (de-DE) 
 TuneUp Utilities    
 Java 8 Update 5  
 Java version out of Date! 
 Adobe Flash Player 	14.0.0.125  
 Adobe Reader XI  
 Mozilla Firefox (31.0) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Sophos Sophos Anti-Virus SavService.exe  
 Sophos Sophos Anti-Virus SAVAdminService.exe  
 Sophos Sophos Anti-Virus Web Intelligence swi_service.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         
und

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014
Ran by Pippin (administrator) on PIP on 12-09-2014 18:53:42
Running from C:\Users\Pippin\Desktop
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Dropbox, Inc.) C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavMain.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [21888 2012-07-30] ()
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-24] (ASUS)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-28] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [900160 2012-07-06] (Sophos Limited)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Startup: C:\Users\Pippin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: AsusWSShellExt_U -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Pippin\AppData\Roaming\Mozilla\Firefox\Profiles\63282fnp.default
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: https://www.google.de/
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files (x86)\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files (x86)\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Pippin\AppData\Roaming\Mozilla\Firefox\Profiles\63282fnp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-02-23]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome: 
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2369720 2014-08-01] (Microsoft Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-26] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-26] (Microsoft Corporation)
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [215848 2014-04-14] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [139048 2014-04-14] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [232512 2012-07-06] (Sophos Limited)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-26] (Microsoft Corporation)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2869824 2012-11-12] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [1998400 2012-11-12] (Sophos Limited)
S4 TuneUp.Defrag; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe [607040 2013-02-22] (TuneUp Software)
S4 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [1403200 2011-11-21] (TuneUp Software)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [107328 2012-07-13] (Intel Corporation)
R3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [42816 2012-07-13] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [64832 2012-07-13] (Intel Corporation)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [96064 2012-07-13] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [228672 2012-07-13] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [361792 2012-07-13] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-12] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [144672 2012-04-24] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\system32\DRIVERS\SophosBootDriver.sys [25608 2011-08-25] (Sophos Plc)
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [11856 2010-02-24] (TuneUp Software)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U0 msahci; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-12 18:53 - 2014-09-12 18:53 - 00001198 _____ () C:\Users\Pippin\Desktop\checkup.txt
2014-09-12 18:51 - 2014-09-12 18:51 - 00854417 _____ () C:\Users\Pippin\Desktop\SecurityCheck.exe
2014-09-12 18:47 - 2014-09-12 18:47 - 00002956 _____ () C:\Users\Pippin\Desktop\ESET.txt
2014-09-12 16:25 - 2014-09-12 16:25 - 02347384 _____ (ESET) C:\Users\Pippin\Desktop\esetsmartinstaller_deu.exe
2014-09-12 16:16 - 2014-09-12 16:16 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-09-11 18:54 - 2014-09-12 18:53 - 00016601 _____ () C:\Users\Pippin\Desktop\FRST.txt
2014-09-11 18:54 - 2014-09-12 18:53 - 00000000 ____D () C:\Users\Pippin\Desktop\FRST-OlderVersion
2014-09-11 18:47 - 2014-09-11 18:47 - 00000746 _____ () C:\Users\Pippin\Desktop\JRT.txt
2014-09-11 18:40 - 2014-09-11 18:40 - 00000000 ____D () C:\Windows\ERUNT
2014-09-11 18:39 - 2014-09-11 18:39 - 01016261 _____ (Thisisu) C:\Users\Pippin\Desktop\JRT.exe
2014-09-11 18:31 - 2014-09-11 18:31 - 01370483 _____ () C:\Users\Pippin\Desktop\adwcleaner_3.309.exe
2014-09-11 18:30 - 2014-09-11 18:31 - 01370483 _____ () C:\Users\Pippin\Downloads\adwcleaner_3.309.exe
2014-09-11 18:29 - 2014-09-11 18:29 - 00001783 _____ () C:\Users\Pippin\Desktop\mbam.txt
2014-09-11 17:56 - 2014-09-11 17:56 - 00001104 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-11 17:56 - 2014-09-11 17:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-11 17:55 - 2014-09-11 17:55 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-09-11 17:55 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-11 17:55 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-11 17:53 - 2014-09-11 17:53 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Pippin\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-10 21:18 - 2014-08-16 11:34 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 21:18 - 2014-08-16 11:34 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-09-10 21:18 - 2014-08-16 11:34 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 21:18 - 2014-08-16 11:33 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 21:18 - 2014-08-16 11:33 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 21:18 - 2014-08-16 11:32 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 21:18 - 2014-08-16 11:32 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 21:18 - 2014-08-16 11:32 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-10 21:18 - 2014-08-16 11:32 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 21:18 - 2014-08-16 11:32 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 21:18 - 2014-08-16 11:32 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 21:18 - 2014-08-16 09:37 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 21:18 - 2014-08-16 09:36 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 21:18 - 2014-08-16 09:36 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 21:18 - 2014-08-16 09:36 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-09-10 21:18 - 2014-08-16 09:36 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 21:18 - 2014-08-16 09:36 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 21:18 - 2014-08-16 09:36 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 21:18 - 2014-08-16 09:36 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 21:18 - 2014-08-16 09:36 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 21:18 - 2014-08-16 09:35 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 21:18 - 2014-03-07 02:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-10 21:18 - 2013-05-16 00:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-09-10 21:18 - 2013-05-16 00:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-09-10 21:18 - 2013-05-14 15:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 21:18 - 2013-05-14 11:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 21:18 - 2013-02-21 12:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-09-10 21:18 - 2013-02-21 12:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 21:18 - 2013-02-21 12:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 21:18 - 2013-02-21 12:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-09-10 21:18 - 2013-02-19 11:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-09-10 21:18 - 2012-11-08 06:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 21:18 - 2012-11-08 06:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 21:18 - 2012-07-26 05:06 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 21:17 - 2014-08-16 11:34 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 21:17 - 2014-08-16 11:33 - 19280384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 21:17 - 2014-08-16 11:32 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 21:17 - 2014-08-16 11:32 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 21:17 - 2014-08-16 09:37 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 21:17 - 2014-08-16 09:36 - 14369280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 21:17 - 2014-08-16 09:36 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 21:17 - 2013-02-21 12:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 21:17 - 2013-02-21 12:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 21:12 - 2014-08-01 01:40 - 01287680 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-09-10 21:11 - 2014-07-24 05:33 - 00875688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2014-09-10 21:11 - 2014-07-24 05:33 - 00869544 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2014-09-10 21:11 - 2014-06-05 03:12 - 00678600 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2014-09-10 21:11 - 2014-06-04 01:12 - 00536776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2014-09-10 21:10 - 2014-08-28 13:34 - 00059400 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-10 21:10 - 2014-08-28 08:05 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-09-10 21:10 - 2014-08-28 08:05 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-09-10 21:10 - 2014-08-28 08:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-09-10 21:10 - 2014-08-28 08:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-09-10 21:10 - 2014-08-28 08:02 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-09-10 21:10 - 2014-08-28 08:01 - 03285504 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-10 21:10 - 2014-08-28 08:01 - 01623552 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-10 21:10 - 2014-08-28 08:01 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-09-10 21:10 - 2014-08-28 08:01 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-09-10 21:10 - 2014-08-28 08:01 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-09-10 21:10 - 2014-08-28 08:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-09-10 21:10 - 2014-08-28 08:01 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-09-10 21:10 - 2014-08-28 08:01 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2014-09-10 21:10 - 2014-08-09 10:30 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-09-10 21:10 - 2014-08-09 10:29 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll
2014-09-10 20:02 - 2014-09-10 20:02 - 00018218 _____ () C:\ComboFix.txt
2014-09-10 19:52 - 2014-09-10 20:02 - 00000000 ____D () C:\Qoobox
2014-09-10 19:52 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-10 19:52 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-10 19:52 - 2009-04-20 06:56 - 00060416 _____ () C:\Windows\NIRCMD.exe
2014-09-10 19:52 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-10 19:52 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-10 19:52 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2014-09-10 19:52 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-10 19:52 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-10 19:52 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-10 19:51 - 2014-09-10 20:00 - 00000000 ____D () C:\Windows\erdnt
2014-09-10 19:48 - 2014-09-10 19:48 - 05576769 ____R (Swearware) C:\Users\Pippin\Desktop\ComboFix.exe
2014-09-10 19:47 - 2014-09-10 19:48 - 05576769 _____ (Swearware) C:\Users\Pippin\Downloads\ComboFix.exe
2014-09-07 22:16 - 2014-09-07 22:17 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Pippin\Desktop\tdsskiller.exe
2014-09-07 21:49 - 2014-09-12 16:16 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-07 21:49 - 2014-09-11 17:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-07 21:49 - 2014-09-07 22:10 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-07 21:48 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-07 21:47 - 2014-09-07 22:09 - 00000000 ____D () C:\Users\Pippin\Desktop\mbar
2014-09-07 21:45 - 2014-09-07 21:45 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Pippin\Desktop\mbar-1.07.0.1012.exe
2014-09-07 19:42 - 2014-09-07 19:42 - 00006678 _____ () C:\Users\Pippin\Desktop\gmer.txt
2014-09-07 19:24 - 2014-09-07 19:26 - 00026716 _____ () C:\Users\Pippin\Downloads\Addition.txt
2014-09-07 19:23 - 2014-09-07 19:26 - 00033010 _____ () C:\Users\Pippin\Downloads\FRST.txt
2014-09-07 19:23 - 2014-09-07 19:23 - 00380416 _____ () C:\Users\Pippin\Downloads\jyff14mu.exe
2014-09-07 19:22 - 2014-09-12 18:53 - 00000000 ____D () C:\FRST
2014-09-07 19:19 - 2014-09-11 18:54 - 02105856 _____ (Farbar) C:\Users\Pippin\Desktop\FRST64.exe
2014-09-07 19:15 - 2014-09-07 19:15 - 00000474 _____ () C:\Users\Pippin\Downloads\defogger_disable.log
2014-09-07 19:15 - 2014-09-07 19:15 - 00000000 _____ () C:\Users\Pippin\defogger_reenable
2014-09-07 19:13 - 2014-09-07 19:13 - 00050477 _____ () C:\Users\Pippin\Downloads\Defogger.exe
2014-09-03 21:27 - 2014-09-08 22:00 - 00227763 _____ () C:\Users\Pippin\Desktop\Picknick.odt
2014-08-27 22:46 - 2014-08-23 08:47 - 04036096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-20 22:22 - 2014-08-27 22:51 - 00449272 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-13 09:40 - 2014-07-16 00:51 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-08-13 09:36 - 2014-06-11 00:44 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 09:36 - 2014-06-11 00:43 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 09:33 - 2014-07-16 01:03 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-13 09:33 - 2014-07-12 04:36 - 01023488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-13 09:33 - 2014-06-13 03:57 - 01453400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 09:33 - 2014-06-13 03:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-13 09:31 - 2014-06-20 01:35 - 01312768 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 09:31 - 2014-06-20 00:24 - 00694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-13 09:31 - 2014-06-05 19:56 - 00112984 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 09:31 - 2014-06-05 19:30 - 10116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-08-13 09:31 - 2014-06-05 19:29 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 09:31 - 2014-06-05 19:29 - 00393216 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 09:31 - 2014-06-05 19:28 - 02306560 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 09:31 - 2014-06-05 19:28 - 02146304 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-08-13 09:31 - 2014-06-05 15:12 - 08857600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-08-13 09:31 - 2014-06-05 15:11 - 02416128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-13 09:31 - 2014-06-05 15:11 - 00295424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-13 09:31 - 2014-06-05 15:10 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-13 09:31 - 2014-06-05 15:10 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-08-13 09:31 - 2014-05-29 06:04 - 00094552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2014-08-13 09:31 - 2014-05-08 03:34 - 00328024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-08-13 09:31 - 2014-05-03 08:34 - 06974808 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-08-13 09:31 - 2014-05-03 08:33 - 01824808 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-08-13 09:31 - 2014-05-03 06:51 - 01408976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-08-13 09:31 - 2014-05-02 00:37 - 01023488 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-08-13 09:31 - 2014-04-30 00:32 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe
2014-08-13 09:31 - 2014-04-30 00:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2014-08-13 09:31 - 2014-04-24 01:51 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-08-13 09:31 - 2014-04-24 01:51 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-08-13 09:31 - 2014-04-24 01:38 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-08-13 09:31 - 2014-04-24 01:38 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-12 18:54 - 2014-09-11 18:54 - 00016601 _____ () C:\Users\Pippin\Desktop\FRST.txt
2014-09-12 18:53 - 2014-09-12 18:53 - 00001198 _____ () C:\Users\Pippin\Desktop\checkup.txt
2014-09-12 18:53 - 2014-09-11 18:54 - 00000000 ____D () C:\Users\Pippin\Desktop\FRST-OlderVersion
2014-09-12 18:53 - 2014-09-07 19:22 - 00000000 ____D () C:\FRST
2014-09-12 18:51 - 2014-09-12 18:51 - 00854417 _____ () C:\Users\Pippin\Desktop\SecurityCheck.exe
2014-09-12 18:47 - 2014-09-12 18:47 - 00002956 _____ () C:\Users\Pippin\Desktop\ESET.txt
2014-09-12 18:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-09-12 16:36 - 2012-11-02 13:43 - 01272839 _____ () C:\Windows\WindowsUpdate.log
2014-09-12 16:35 - 2012-08-03 01:02 - 00760560 _____ () C:\Windows\system32\perfh007.dat
2014-09-12 16:35 - 2012-08-03 01:02 - 00158770 _____ () C:\Windows\system32\perfc007.dat
2014-09-12 16:35 - 2012-07-26 09:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-12 16:25 - 2014-09-12 16:25 - 02347384 _____ (ESET) C:\Users\Pippin\Desktop\esetsmartinstaller_deu.exe
2014-09-12 16:17 - 2013-09-02 19:47 - 00000000 ___RD () C:\Users\Pippin\Dropbox
2014-09-12 16:17 - 2013-09-02 19:43 - 00000000 ____D () C:\Users\Pippin\AppData\Roaming\Dropbox
2014-09-12 16:16 - 2014-09-12 16:16 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-09-12 16:16 - 2014-09-07 21:49 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-12 16:16 - 2013-02-20 07:10 - 00000507 _____ () C:\Users\Pippin\AppData\Roaming\sp_data.sys
2014-09-11 18:54 - 2014-09-07 19:19 - 02105856 _____ (Farbar) C:\Users\Pippin\Desktop\FRST64.exe
2014-09-11 18:47 - 2014-09-11 18:47 - 00000746 _____ () C:\Users\Pippin\Desktop\JRT.txt
2014-09-11 18:40 - 2014-09-11 18:40 - 00000000 ____D () C:\Windows\ERUNT
2014-09-11 18:39 - 2014-09-11 18:39 - 01016261 _____ (Thisisu) C:\Users\Pippin\Desktop\JRT.exe
2014-09-11 18:36 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-11 18:35 - 2014-08-10 21:15 - 00005160 _____ () C:\Windows\PFRO.log
2014-09-11 18:34 - 2014-01-15 23:06 - 00000000 ____D () C:\AdwCleaner
2014-09-11 18:31 - 2014-09-11 18:31 - 01370483 _____ () C:\Users\Pippin\Desktop\adwcleaner_3.309.exe
2014-09-11 18:31 - 2014-09-11 18:30 - 01370483 _____ () C:\Users\Pippin\Downloads\adwcleaner_3.309.exe
2014-09-11 18:29 - 2014-09-11 18:29 - 00001783 _____ () C:\Users\Pippin\Desktop\mbam.txt
2014-09-11 17:56 - 2014-09-11 17:56 - 00001104 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-11 17:56 - 2014-09-11 17:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-11 17:55 - 2014-09-11 17:55 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-09-11 17:55 - 2014-09-07 21:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-11 17:53 - 2014-09-11 17:53 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Pippin\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-10 21:23 - 2012-07-26 09:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-09-10 21:17 - 2013-09-15 22:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 21:12 - 2013-02-23 17:19 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 20:29 - 2013-07-10 21:54 - 00000000 _____ () C:\Windows\system32\vireng.log
2014-09-10 20:02 - 2014-09-10 20:02 - 00018218 _____ () C:\ComboFix.txt
2014-09-10 20:02 - 2014-09-10 19:52 - 00000000 ____D () C:\Qoobox
2014-09-10 20:00 - 2014-09-10 19:51 - 00000000 ____D () C:\Windows\erdnt
2014-09-10 19:59 - 2012-07-26 07:26 - 00000215 _____ () C:\Windows\system.ini
2014-09-10 19:48 - 2014-09-10 19:48 - 05576769 ____R (Swearware) C:\Users\Pippin\Desktop\ComboFix.exe
2014-09-10 19:48 - 2014-09-10 19:47 - 05576769 _____ (Swearware) C:\Users\Pippin\Downloads\ComboFix.exe
2014-09-08 22:00 - 2014-09-03 21:27 - 00227763 _____ () C:\Users\Pippin\Desktop\Picknick.odt
2014-09-07 22:17 - 2014-09-07 22:16 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Pippin\Desktop\tdsskiller.exe
2014-09-07 22:10 - 2014-09-07 21:49 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-07 22:10 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-09-07 22:09 - 2014-09-07 21:47 - 00000000 ____D () C:\Users\Pippin\Desktop\mbar
2014-09-07 21:45 - 2014-09-07 21:45 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Pippin\Desktop\mbar-1.07.0.1012.exe
2014-09-07 20:43 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-09-07 19:42 - 2014-09-07 19:42 - 00006678 _____ () C:\Users\Pippin\Desktop\gmer.txt
2014-09-07 19:26 - 2014-09-07 19:24 - 00026716 _____ () C:\Users\Pippin\Downloads\Addition.txt
2014-09-07 19:26 - 2014-09-07 19:23 - 00033010 _____ () C:\Users\Pippin\Downloads\FRST.txt
2014-09-07 19:23 - 2014-09-07 19:23 - 00380416 _____ () C:\Users\Pippin\Downloads\jyff14mu.exe
2014-09-07 19:15 - 2014-09-07 19:15 - 00000474 _____ () C:\Users\Pippin\Downloads\defogger_disable.log
2014-09-07 19:15 - 2014-09-07 19:15 - 00000000 _____ () C:\Users\Pippin\defogger_reenable
2014-09-07 19:15 - 2013-02-20 07:06 - 00000000 ____D () C:\Users\Pippin
2014-09-07 19:13 - 2014-09-07 19:13 - 00050477 _____ () C:\Users\Pippin\Downloads\Defogger.exe
2014-09-07 19:13 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-09-04 21:53 - 2014-08-11 20:41 - 00144038 _____ () C:\Users\Pippin\Desktop\FFT 2013_fertig.mcf
2014-09-04 21:53 - 2014-08-11 20:41 - 00000000 ____D () C:\Users\Pippin\Desktop\FFT 2013_fertig_mcf-Dateien
2014-09-04 21:53 - 2013-12-20 18:07 - 00000000 ____D () C:\ProgramData\tmp
2014-09-03 21:48 - 2013-03-03 19:48 - 00000099 _____ () C:\Users\Public\LMDebug.log
2014-09-02 21:32 - 2013-02-24 17:00 - 00705480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-02 21:32 - 2013-02-24 17:00 - 00104904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-29 20:20 - 2013-10-23 22:00 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-28 13:34 - 2014-09-10 21:10 - 00059400 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-28 08:05 - 2014-09-10 21:10 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-28 08:05 - 2014-09-10 21:10 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-28 08:05 - 2014-09-10 21:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-28 08:05 - 2014-09-10 21:10 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-28 08:02 - 2014-09-10 21:10 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-28 08:01 - 2014-09-10 21:10 - 03285504 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-28 08:01 - 2014-09-10 21:10 - 01623552 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-28 08:01 - 2014-09-10 21:10 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-28 08:01 - 2014-09-10 21:10 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-08-28 08:01 - 2014-09-10 21:10 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-08-28 08:01 - 2014-09-10 21:10 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-28 08:01 - 2014-09-10 21:10 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-28 08:01 - 2014-09-10 21:10 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2014-08-27 22:51 - 2014-08-20 22:22 - 00449272 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-27 22:14 - 2013-02-21 23:27 - 00000000 ____D () C:\Users\Pippin\AppData\Roaming\Skype
2014-08-23 08:47 - 2014-08-27 22:46 - 04036096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-20 22:17 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData
2014-08-20 22:17 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore
2014-08-16 11:34 - 2014-09-10 21:18 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-16 11:34 - 2014-09-10 21:18 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-08-16 11:34 - 2014-09-10 21:18 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-16 11:34 - 2014-09-10 21:17 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-16 11:33 - 2014-09-10 21:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-16 11:33 - 2014-09-10 21:18 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-16 11:33 - 2014-09-10 21:17 - 19280384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-16 11:32 - 2014-09-10 21:18 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-16 11:32 - 2014-09-10 21:18 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-16 11:32 - 2014-09-10 21:18 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-16 11:32 - 2014-09-10 21:18 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-16 11:32 - 2014-09-10 21:18 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-16 11:32 - 2014-09-10 21:18 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-16 11:32 - 2014-09-10 21:17 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-16 11:32 - 2014-09-10 21:17 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-16 09:37 - 2014-09-10 21:18 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-16 09:37 - 2014-09-10 21:17 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-16 09:36 - 2014-09-10 21:18 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-16 09:36 - 2014-09-10 21:18 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-16 09:36 - 2014-09-10 21:18 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-16 09:36 - 2014-09-10 21:18 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-16 09:36 - 2014-09-10 21:18 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-16 09:36 - 2014-09-10 21:18 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-16 09:36 - 2014-09-10 21:18 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-16 09:36 - 2014-09-10 21:18 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-16 09:36 - 2014-09-10 21:17 - 14369280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-16 09:36 - 2014-09-10 21:17 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-16 09:35 - 2014-09-10 21:18 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

Some content of TEMP:
====================
C:\Users\Pippin\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpigipnj.dll
C:\Users\Pippin\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-10 20:22

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Und bei meinem Sophos ist immer noch der Trojaner vom leeren Papierkorb und der Adware/ PUA in der Quarantäe - zweiteren kann ich bereinigen lassen, wenn ich es will.

Aber Probleme habe ich nicht, nur Herausforderungen, die ich dummerweise auch noch selber eingebrockt habe

Alt 13.09.2014, 16:19   #13
schrauber
/// the machine
/// TB-Ausbilder
 

Finanzamt Trojaner rechtzeitig von Sophos geblockt? - Standard

Finanzamt Trojaner rechtzeitig von Sophos geblockt?



In QUarantäne ist doch schön, dafür is sie ja da. Leere den Downloadordner, siehe ESET Log.

und hör auf bei Chip oder Softonic zu laden.

Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 13.09.2014, 20:11   #14
Pip2
 
Finanzamt Trojaner rechtzeitig von Sophos geblockt? - Standard

Finanzamt Trojaner rechtzeitig von Sophos geblockt?



Hallo Schrauber,

vielen Dank für die Hilfe und die Tipps

Aber eine Frage habe ich noch: eigentlich dachte ich immer Chip sei ein sicherer Download-Ort - deshalb habe ich dort auch immer sehr viele Sachen geholt Wenn das nicht der Fall ist: wo sollte man denn dann laden?

Danke noch einmal und Grüße

Alt 14.09.2014, 13:31   #15
schrauber
/// the machine
/// TB-Ausbilder
 

Finanzamt Trojaner rechtzeitig von Sophos geblockt? - Standard

Finanzamt Trojaner rechtzeitig von Sophos geblockt?



Du musst bei Chip aufpassen ohne Ende seit die den Drecks Downloadmanager eingeführt haben.

Filepony.de ist unsere Seite, wenn Dir dort ein Download fehlt einfach Bescheid geben

http://www.trojaner-board.de/157635-...s-richtig.html
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Finanzamt Trojaner rechtzeitig von Sophos geblockt?
fehlercode 0x5, nodrives, pup.optional.firseria, pup.optional.opencandy, pup.optional.qone8, pup.optional.sweetpage.a, sweet-page, sweet-page entfernen, sweetpage, sweetpage entfernen, win32/adware.adon, win32/downloadsponsor.a, win32/softonicdownloader.a, win32/toolbar.conduit.ai, win32/toolbar.conduit.b, win64/systweak.a



Ähnliche Themen: Finanzamt Trojaner rechtzeitig von Sophos geblockt?


  1. Dank Schrauber rechtzeitig zum Zockerfreitag wieder sauber !
    Lob, Kritik und Wünsche - 24.07.2015 (2)
  2. Windows 7, Trojaner von Avira geblockt + entfernt, Malwarebytes möglicher Fund aber von Avira geblockt
    Log-Analyse und Auswertung - 13.05.2015 (13)
  3. Win 7 : IPA Trojaner - Firefox geblockt
    Log-Analyse und Auswertung - 06.01.2015 (11)
  4. Avira durch Gruppenrichtlinie geblockt - Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 21.06.2014 (17)
  5. Trojaner TR/Symmi, Virus geblockt
    Plagegeister aller Art und deren Bekämpfung - 18.05.2014 (9)
  6. Heartbleed: Datendiebstahl beim kanadischen Finanzamt
    Nachrichten - 14.04.2014 (0)
  7. Pop-ups und Werbung,Trojaner-Board wird geblockt
    Log-Analyse und Auswertung - 05.10.2013 (9)
  8. PC heute mit Trojaner infiziert PC geblockt
    Log-Analyse und Auswertung - 02.08.2013 (25)
  9. Elster Rechnung - Ihr Finanzamt
    Diskussionsforum - 30.01.2013 (9)
  10. Vorsicht E-Post: 2011/12 ELSTER Finanzamt 2012
    Nachrichten - 09.02.2012 (0)
  11. Gefährliche Webseite geblockt.. Trojaner Downloader?
    Plagegeister aller Art und deren Bekämpfung - 14.01.2012 (7)
  12. BKA TROJANER-Notebook/WINDOWS geblockt
    Log-Analyse und Auswertung - 27.12.2011 (3)
  13. Sophos Scan hat Trojaner und Maleware gefunden
    Plagegeister aller Art und deren Bekämpfung - 10.12.2011 (35)
  14. H:\autorun.inf wird geblockt auf Memorystick - Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 07.01.2011 (2)
  15. [Problem] Trojaner: SB S&D/Adaware etc. geblockt
    Plagegeister aller Art und deren Bekämpfung - 13.04.2007 (4)
  16. Gefahr von Websites rechtzeitig erkennen
    Plagegeister aller Art und deren Bekämpfung - 21.08.2005 (2)

Zum Thema Finanzamt Trojaner rechtzeitig von Sophos geblockt? - Hallo Trojaner-Experten, ich habe die sogenannte Finanzamt-E-Mail bekommen. Dort war die zip-Datei mit angehängt, die ich entpackt habe und (versucht) habe zu öffnen. Versucht deshalb, weil ich kein Word habe, - Finanzamt Trojaner rechtzeitig von Sophos geblockt?...
Archiv
Du betrachtest: Finanzamt Trojaner rechtzeitig von Sophos geblockt? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.