Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Thunderbird Trojaner Fund

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 03.12.2014, 23:40   #1
BeRealm
 
Thunderbird Trojaner Fund - Standard

Thunderbird Trojaner Fund



Hallo liebes T-B,
habe heute einen Scan mit Emsisoft gemacht un der hat folgendes gefunden
Code:
ATTFilter
Emsisoft Internet Security - Version 9.0
Letztes Update: 03/12/2014 19:32:50
Benutzerkonto: 

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\, F:\, P:\

PUPs-Erkennung: An
Archiv Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus

Scan Beginn:	03/12/2014 19:33:38
C:\Users\...\AppData\Local\Thunderbird\Profiles\2jjrmp7v.default\Cache\9\BB\F4EBDd01 -> [Subject: Rechnung 25.11.2014 Nr. 3735808][Date: Tue, 25 Nov 2014 13:29:11 +0100] -> (MIME part) -> Rechnung_9085669632.zip -> rechnung_november_2014_0003900028_2014_11_0029302375471_03_444_0039938289.exe 	gefunden: Trojan.GenericKD.1992899 (B)

Gescannt	488325
Gefunden	1

Scan Ende:	03/12/2014 21:58:15
Scan Zeit:	2:24:37
         
was hat es damit aufsich und wieso is von Thunderbird was auf der Platte ich nutze extra IMAP?
Kann man bei Thunerbird Einstellunge treffen um so etwas zu vermeiden?
Vielen Dank

Habe gerade nochmal frische Logs gemacht, weil ich heute Abend 2 mal nen Bluescreen hatte

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2014
Ran by nobody (administrator) on nobody-PC on 03-12-2014 23:32:12
Running from C:\Users\nobody\Downloads
Loaded Profile: nobody (Available profiles: nobody & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Internet Security\a2service.exe
(AMD) C:\Windows\System32\atieclxx.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Internet Security\a2guard.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13671640 2000-01-01] (Realtek Semiconductor)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2011-04-15] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft internet security\a2guard.exe [4954576 2014-12-02] (Emsisoft GmbH)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-4215263498-307554076-952119999-1000\...\Policies\Explorer: [NoRecentDocsNetHood] 1
HKU\S-1-5-21-4215263498-307554076-952119999-1000\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-21-4215263498-307554076-952119999-1000\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\S-1-5-21-4215263498-307554076-952119999-1000\...\MountPoints2: {af3d3d76-c40b-11e1-a69c-6c626d71b5ac} - K:\setup.exe -a
HKU\S-1-5-18\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse-Agent] => "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse] => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] => "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
IFEO\taskmgr.exe: [Debugger] "C:\USERS\nobody\PROCEXP.EXE"
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4215263498-307554076-952119999-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=20.4.0.40
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=20.4.0.40
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=20.4.0.40
HKU\S-1-5-21-4215263498-307554076-952119999-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
HKU\S-1-5-21-4215263498-307554076-952119999-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=MDNF&bmod=MDNF
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-4215263498-307554076-952119999-1000 -> {D4B784BE-9D95-493C-9913-1CBFF80823C3} URL = http://websearch.ask.com/redirect?client=ie&tb=NDV&o=15765&src=kw&q={searchTerms}&locale=&apn_ptnrs=NY&apn_dtid=YYYYYYYYDE&apn_uid=048098F7-35A8-4F01-AB9A-F8571793D74C&apn_sauid=DA1A58EF-DF01-4BE1-9D62-CFCB57AEADB1&
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} ->  No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\nobody\AppData\Roaming\Mozilla\Firefox\Profiles\osojicxh.default-1405634837334
FF Homepage: https://www.ixquick.de/
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*'))%20%7B%20return%20'PROXY%20us07.sq.proxmate.me%3A8000%3B%20PROXY%20us02.sq.proxmate.me%3A8000%3B%20PROXY%20us11.sq.proxmate.me%3A8000%3B%20PROXY%20us09.sq.proxmate.me%3A8000%3B%20PROXY%20us04.sq.proxmate.me%3A8000%3B%20PROXY%20us01.sq.proxmate.me%3A8000%3B%20PROXY%20us08.sq.proxmate.me%3A8000%3B%20PROXY%20us03.sq.proxmate.me%3A8000%3B%20PROXY%20us10.sq.proxmate.me%3A8000%3B%20PROXY%20us05.sq.proxmate.me%3A8000%3B%20PROXY%20us06.sq.proxmate.me%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin HKU\S-1-5-21-4215263498-307554076-952119999-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF user.js: detected! => C:\Users\nobody\AppData\Roaming\Mozilla\Firefox\Profiles\osojicxh.default-1405634837334\user.js
FF Extension: Bloody Vikings! - C:\Users\nobody\AppData\Roaming\Mozilla\Firefox\Profiles\osojicxh.default-1405634837334\Extensions\bloodyvikings@ffs.bplaced.net.xpi [2014-08-12]
FF Extension: CanvasBlocker - C:\Users\nobody\AppData\Roaming\Mozilla\Firefox\Profiles\osojicxh.default-1405634837334\Extensions\CanvasBlocker@kkapsner.de.xpi [2014-12-01]
FF Extension: Ghostery - C:\Users\nobody\AppData\Roaming\Mozilla\Firefox\Profiles\osojicxh.default-1405634837334\Extensions\firefox@ghostery.com.xpi [2014-07-17]
FF Extension: ProxMate - Proxy on steroids! - C:\Users\nobody\AppData\Roaming\Mozilla\Firefox\Profiles\osojicxh.default-1405634837334\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2014-07-17]
FF Extension: Flagfox - C:\Users\nobody\AppData\Roaming\Mozilla\Firefox\Profiles\osojicxh.default-1405634837334\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-07-17]
FF Extension: NoScript - C:\Users\nobody\AppData\Roaming\Mozilla\Firefox\Profiles\osojicxh.default-1405634837334\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-07-17]
FF Extension: Adblock Plus - C:\Users\nobody\AppData\Roaming\Mozilla\Firefox\Profiles\osojicxh.default-1405634837334\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-17]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2014-11-11]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2014-11-11]
FF HKLM-x32\...\Firefox\Extensions: [{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}] - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.6.0.52\coFFFw

Chrome: 
=======
CHR Profile: C:\Users\nobody\AppData\Local\Google\Chrome\User Data\Default

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Internet Security\a2service.exe [4907232 2014-12-02] (Emsisoft GmbH)
S2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64616 2014-11-03] (CyberGhost S.R.L)
R2 CLHNServiceForPowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [87336 2012-01-12] (CyberLink Corp.)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [75048 2012-01-12] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [296232 2012-01-12] (CyberLink)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [182304 2014-11-25] (EasyAntiCheat Ltd)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [37176 2014-06-05] (The OpenVPN Project)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [998176 2014-08-28] (Overwolf LTD)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT INTERNET SECURITY\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Internet Security\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Internet Security\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Internet Security\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Internet Security\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-02-04] (DT Soft Ltd)
R1 EfwTdiFlt; C:\Program Files (x86)\Emsisoft Internet Security\fwtdi64.sys [705360 2014-12-02] ()
R3 fwndis; C:\Windows\System32\DRIVERS\fwndis64.sys [484952 2014-12-02] ()
R1 fwwfp; C:\Program Files (x86)\Emsisoft Internet Security\fwwfp764.sys [414424 2014-12-02] ()
R2 ntk_PowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [82928 2011-10-27] (Cyberlink Corp.)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39080 2014-04-09] (Razer Inc)
S3 SKYNETU2C; C:\Windows\System32\DRIVERS\SkyNetU2C_AMD64.SYS [270424 2010-05-10] (TechniSat Digital, S.A.)
R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [102664 2014-01-23] ()
R1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [25992 2014-01-23] ()
R1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [700680 2014-01-23] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [146928 2012-01-11] (CyberLink Corp.)
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 pmem; \??\C:\Users\nobody\AppData\Local\Temp\_MEI59442\drivers\winpmem64.sys [X]
S3 RTL8192cu; system32\DRIVERS\RTL8192cu.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-03 23:32 - 2014-12-03 23:32 - 00021556 _____ () C:\Users\nobody\Downloads\FRST.txt
2014-12-03 23:31 - 2014-12-03 23:31 - 02117632 _____ (Farbar) C:\Users\nobody\Downloads\FRST64.exe
2014-12-03 23:27 - 2014-12-03 23:27 - 00015362 _____ () C:\Users\nobody\Documents\cc_20141203_232727.reg
2014-11-25 19:27 - 2014-11-25 19:27 - 00000000 ____D () C:\Users\nobody\AppData\Roaming\.mono
2014-11-25 19:24 - 2014-11-25 19:21 - 00182304 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe
2014-11-25 16:19 - 2014-12-03 21:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-11-18 21:47 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-18 21:47 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-18 21:47 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-18 21:47 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-11 19:13 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-11 19:13 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-11 19:13 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-11 19:13 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-11 19:13 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-11 19:13 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-11 19:13 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-11 19:13 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-11 19:13 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-11 19:12 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-11 19:12 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-11 19:12 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-11 19:12 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-11 19:12 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-11 19:12 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-11 19:12 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-11 19:12 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-11 19:12 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-11 19:12 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-11 19:12 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-11 19:12 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-11 19:12 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-11 19:12 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-11 19:12 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-11 19:12 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-11 19:12 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-11 19:12 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-11 19:12 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-11 19:12 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-11 19:12 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-11 19:12 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-11 19:12 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-11 19:12 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-11 19:12 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-11 19:12 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-11 19:12 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-11 19:12 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-11 19:12 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-11 19:12 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-11 19:12 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-11 19:12 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-11 19:12 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-11 19:12 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-11 19:12 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-11 19:12 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-11 19:12 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-11 19:12 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-11 19:12 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-11 19:12 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-11 19:12 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-11 19:12 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-11 19:12 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-11 19:12 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-11 19:12 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-11 19:12 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-11 19:12 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-11 19:12 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-11 19:12 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-11 19:12 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-11 19:12 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-11 19:12 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-11 19:12 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-11 19:12 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-11 19:12 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-11 19:12 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-11 19:12 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-11 19:12 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-11 19:12 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-11 19:12 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-11 19:12 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-11 19:12 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-11 19:12 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-11 19:12 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-11 19:12 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-11 19:12 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-11 19:12 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-11 19:12 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-11 19:12 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-11 19:12 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-11 19:12 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-11 19:12 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-11 19:12 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-11 19:12 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-11 19:12 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-11 19:12 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-11 19:12 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-11 19:12 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-11 19:12 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-11 19:12 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-11 19:12 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-11 19:12 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-11 19:11 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-11 19:11 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-11 19:11 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-11 19:11 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-11 19:11 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-11 19:11 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-11 19:11 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-11 19:05 - 2014-11-11 19:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-09 13:54 - 2014-11-08 19:25 - 00000000 ____D () C:\Users\nobody\Downloads\VA-Reggae_Charts_Top_25_vom_06-11-2014-NoGroup
2014-11-09 13:53 - 2014-11-08 19:07 - 00000000 ____D () C:\Users\nobody\Downloads\Party_Schlager_Charts_Top_60-(KW-45-2014)-2014-NoGroup
2014-11-09 13:53 - 2014-11-07 19:41 - 00000000 ____D () C:\Users\nobody\Downloads\German_TOP50_ODC_10_11_2014-MCG
2014-11-08 18:40 - 2014-11-07 22:08 - 718073627 _____ () C:\Users\nobody\Downloads\pl-dracula.webrip.mkv
2014-11-05 16:28 - 2014-11-05 16:28 - 00056720 _____ () C:\Windows\SysWOW64\CCCInstall_201411051628018377.log
2014-11-05 16:28 - 2014-11-05 16:28 - 00000000 ____D () C:\ProgramData\ATI
2014-11-05 16:28 - 2014-11-05 16:28 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-11-05 16:27 - 2014-11-05 16:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-11-04 01:08 - 2014-11-04 01:08 - 00001402 _____ () C:\Users\Public\Desktop\Free Video Editor.lnk
2014-11-04 01:08 - 2014-11-04 01:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-11-04 01:08 - 2014-11-04 01:08 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-11-04 01:07 - 2014-11-04 01:08 - 00000000 ____D () C:\Users\nobody\AppData\Roaming\DVDVideoSoft
2014-11-04 00:37 - 2014-11-04 00:37 - 30182568 _____ (DVDVideoSoft Ltd. ) C:\Users\nobody\Downloads\FreeVideoEditor.exe
2014-11-03 22:08 - 2014-11-03 22:08 - 00001613 _____ () C:\Users\nobody\Desktop\Play League of Legends.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-03 23:32 - 2014-07-23 10:53 - 00000000 ____D () C:\FRST
2014-12-03 23:31 - 2014-09-08 17:20 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Internet Security
2014-12-03 23:21 - 2012-06-15 14:25 - 00000000 ____D () C:\Users\nobody\AppData\Roaming\Skype
2014-12-03 23:21 - 2012-06-15 11:15 - 01267974 _____ () C:\Windows\WindowsUpdate.log
2014-12-03 23:11 - 2009-07-14 05:45 - 00016976 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-03 23:11 - 2009-07-14 05:45 - 00016976 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-03 23:10 - 2012-09-03 12:31 - 00000000 ____D () C:\Users\nobody\AppData\Roaming\TS3Client
2014-12-03 23:10 - 2012-06-15 15:48 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-03 23:09 - 2012-06-16 16:20 - 00000000 ____D () C:\Windows\Minidump
2014-12-03 23:07 - 2013-07-21 15:20 - 00165003 _____ () C:\Users\nobody\Network_Meter_Data.js
2014-12-03 23:05 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-03 22:33 - 2013-07-21 22:06 - 00000028 _____ () C:\Users\nobody\AppData\Roaming\Network Meter_Usage.ini
2014-12-03 02:10 - 2014-08-16 00:19 - 00000000 ____D () C:\Users\nobody\AppData\Roaming\OBS
2014-12-03 00:24 - 2014-08-19 18:23 - 00000000 ____D () C:\Users\nobody\AppData\Roaming\foobar2000
2014-12-02 19:34 - 2014-09-08 17:20 - 00484952 _____ () C:\Windows\system32\Drivers\fwndis64.sys
2014-12-01 23:22 - 2013-06-06 11:55 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-01 18:07 - 2013-06-06 11:55 - 00003824 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-01 18:06 - 2012-06-15 13:51 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-01 18:06 - 2011-11-17 22:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-26 00:36 - 2014-06-26 22:53 - 00000600 _____ () C:\Users\nobody\AppData\Local\PUTTY.RND
2014-11-24 13:59 - 2014-08-16 00:19 - 00000000 ____D () C:\Program Files (x86)\OBS
2014-11-15 21:19 - 2011-03-11 10:20 - 00689118 _____ () C:\Windows\system32\perfh007.dat
2014-11-15 21:19 - 2011-03-11 10:20 - 00146450 _____ () C:\Windows\system32\perfc007.dat
2014-11-15 21:19 - 2009-07-14 06:13 - 01629508 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-15 20:27 - 2012-06-15 11:17 - 00000000 ____D () C:\Users\nobody
2014-11-15 15:33 - 2014-10-22 16:26 - 00002244 ____H () C:\Users\nobody\Documents\Default.rdp
2014-11-14 19:46 - 2014-01-09 16:31 - 00000000 ____D () C:\Users\nobody\AppData\Local\Downloaded Installations
2014-11-14 19:16 - 2009-07-14 04:20 - 00000000 ___RD () C:\Users\Public\Libraries
2014-11-13 19:18 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-13 18:50 - 2013-10-07 22:12 - 00000000 ____D () C:\Users\nobody\AppData\Roaming\vlc
2014-11-12 14:45 - 2013-11-19 14:26 - 00000000 ____D () C:\Users\nobody\AppData\Local\CyberGhost
2014-11-12 14:44 - 2013-11-19 14:25 - 00000000 ____D () C:\Program Files\CyberGhost 5
2014-11-11 21:12 - 2012-06-15 11:18 - 00167360 _____ () C:\Users\nobody\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-11 21:10 - 2009-07-14 05:45 - 00547424 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-11 20:48 - 2013-07-16 17:40 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-11-11 20:20 - 2012-06-15 12:08 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-11 20:16 - 2013-07-29 23:34 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-11 20:14 - 2011-03-14 15:08 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-10 15:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-05 16:28 - 2014-09-28 22:31 - 00000000 ____D () C:\ProgramData\AMD
2014-11-05 16:25 - 2011-11-17 20:56 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-11-05 16:24 - 2011-11-17 20:56 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-11-05 16:16 - 2014-01-05 22:48 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-05 16:14 - 2014-09-28 22:25 - 00000000 ____D () C:\AMD
2014-11-04 14:30 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-04 11:04 - 2014-10-23 00:28 - 00000000 ____D () C:\Users\nobody\AppData\Local\Battle.net

Files to move or delete:
====================
C:\Users\nobody\Network_Meter_Data.js
C:\Users\nobody\ProcExp.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-25 18:37

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-12-2014
Ran by nobody at 2014-12-03 23:32:51
Running from C:\Users\nobody\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Emsisoft Internet Security (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Internet Security (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
FW: Emsisoft Internet Security (Enabled) {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\{047904BA-C065-40D5-969A-C7D91CA93D62}) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Ashampoo Burning Studio 2012 v.10.0.15 (HKLM-x32\...\Ashampoo Burning Studio 2012_is1) (Version: 10.0.15 - Ashampoo GmbH & Co. KG)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Audials (HKLM-x32\...\{9116E9E6-E1F9-4835-95B8-31E7F158E9F7}) (Version: 10.0.50301.100 - Audials AG)
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version:  - Irrational Games)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Canon MG5300 series Benutzerregistrierung (HKLM-x32\...\Canon MG5300 series Benutzerregistrierung) (Version:  - )
Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version:  - Canon Inc.)
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
CyberGhost 5 (HKLM\...\CyberGhost VPN 5_is1) (Version:  - CyberGhost S.R.L.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.1312.54 - CyberLink Corp.)
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.4125 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.46.1.0328 - DT Soft Ltd)
Day of Defeat: Source (HKLM-x32\...\Steam App 300) (Version:  - Valve)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.52 - DivX, LLC)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dropbox (HKU\S-1-5-21-4215263498-307554076-952119999-1000\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Dungeon Defenders (HKLM-x32\...\Steam App 65800) (Version:  - )
Emsisoft Internet Security (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft GmbH)
foobar2000 v1.3.2 (HKLM-x32\...\foobar2000) (Version: 1.3.2 - Peter Pawlowski)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotogalerija (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotoğraf Galerisi (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotótár (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Free Video Editor version 1.4.7.1022 (HKLM-x32\...\Free Video Editor_is1) (Version: 1.4.7.1022 - DVDVideoSoft Ltd.)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galeria fotografii (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Update Helper (x32 Version: 1.3.23.0 - DealPly Technologies Ltd) Hidden <==== ATTENTION
Gothic 3 Enhanced Edition (HKLM-x32\...\{C28A686B-D439-4B83-B023-7402E982F69D}_is1) (Version:  - Nordic Games GmbH)
Gothic 3 Götterdämmerung Enhanced Edition (HKLM-x32\...\{6890095D-D7FE-465A-9B1D-BE605B1F5FD9}_is1) (Version:  - Nordic Games GmbH)
Gothic 3 Modkit v1.75.12 (HKLM-x32\...\{420DA6C7-EE34-4468-AE16-87205B7D24EF}_is1) (Version: v1.75.12 - Nordic Games GmbH)
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
Java 7 Update 65 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417065FF}) (Version: 7.0.650 - Oracle)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{FBE6F998-E9A0-4A15-974B-6592DCEEE7AC}) (Version: 7.0.2.6 - MAGIX Software GmbH)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2015 Premium (HKLM\...\MX.{EAC79752-A0A4-45DB-9F99-9F6445920F77}) (Version: 14.0.0.140 - MAGIX Software GmbH)
MAGIX Video deluxe 2015 Premium (Version: 14.0.0.140 - MAGIX Software GmbH) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 33.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 de)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.1.0 - Mozilla)
Mozilla Thunderbird 31.2.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.2.0 (x86 de)) (Version: 31.2.0 - Mozilla)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-4215263498-307554076-952119999-1000\...\MyFreeCodec) (Version:  - )
NetSpeedMonitor 2.5.4.0 x64 (HKLM\...\{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}) (Version: 2.5.4.0 - Florian Gilles)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenVPN 2.3.4-I002  (HKLM\...\OpenVPN) (Version: 2.3.4-I002 - )
Oracle VM VirtualBox 4.3.16 (HKLM\...\{D7FAEA32-7CE3-4D9F-9139-F7B87BCC50AF}) (Version: 4.3.16 - Oracle Corporation)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.79.21.0 - Overwolf Ltd.)
Paragon Backup & Recovery™ 2014 Free (HKLM\...\{C268B5E1-A5DA-11DF-A289-005056C00008}) (Version: 90.00.0003 - Paragon Software)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version:  - Grinding Gear Games)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PDF24 Creator 6.3.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.308.1 - Tracker Software Products Ltd)
Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version:  - Sony Online Entertainment)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poczta usługi Windows Live (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Raccolta foto (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.86.508.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7240 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.25.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.25.0 - Renesas Electronics Corporation) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SlimDrivers (HKLM-x32\...\{A5457401-D56A-43F2-9524-78E54A7FC07A}) (Version: 2.2.32705 - SlimWare Utilities, Inc.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SUPER © v2014.build.60+Recorder (2014/02/18) Version v2014.buil (HKLM-x32\...\{8E2A18E2-96AF-8549-4DE7-5C06B75719A4}_is1) (Version: v2014.build.60+Recorder - eRightSoft)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{F6EBBA16-FD92-4B34-9703-2B326FF7F364}) (Version: 21.01.8499 - Buhl Data Service GmbH)
Συλλογή φωτογραφιών (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4215263498-307554076-952119999-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\nobody\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4215263498-307554076-952119999-1000_Classes\CLSID\{25815CC0-43F4-3C75-8C3A-A139D9ADE740}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4215263498-307554076-952119999-1000_Classes\CLSID\{4ED64402-CABA-4CD3-943E-B43E0F006016}\InprocServer32 -> C:\Users\nobody\AppData\Local\Microsoft\Windows Sidebar\Gadgets\coremeter_v1.5.0.gadget\cm64.dll (-)
CustomCLSID: HKU\S-1-5-21-4215263498-307554076-952119999-1000_Classes\CLSID\{6538FE62-139F-4136-AEA4-621D4883EB02}\InprocServer32 -> C:\Users\nobody\AppData\Local\Microsoft\Windows Sidebar\Gadgets\coremeter_v1.5.0.gadget\CM64.dll (-)
CustomCLSID: HKU\S-1-5-21-4215263498-307554076-952119999-1000_Classes\CLSID\{80757306-5146-11D5-A672-00B0D022E945}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4215263498-307554076-952119999-1000_Classes\CLSID\{97D17A04-4438-4C8E-BAC7-BC21B8B9E999}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)

==================== Restore Points  =========================

21-11-2014 22:23:51 Windows Update
25-11-2014 12:01:19 Windows Update
28-11-2014 13:32:07 Windows Update
02-12-2014 18:41:28 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-07-22 19:25 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {09BF38C9-B255-49AE-947D-DE59929E822C} - System32\Tasks\{D00C8BBD-19FF-46D4-A82C-008E60B7377D} => C:\Users\nobody\Downloads\LeagueofLegends_EUW_Installer_06_12_13(1).exe
Task: {17FB9653-33CF-47BB-B91F-FB8B3675C4B6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-01] (Adobe Systems Incorporated)
Task: {1BB2FBCF-B707-4F50-A4A3-70531EB45479} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {1E707367-C8D6-4526-B88F-70BE58E2596C} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {3F67F263-0640-4C30-82C8-7F77EA99F2DD} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: {4B33C136-5566-4D3D-BE14-692242C7CABC} - System32\Tasks\{2DD88588-C1C3-49BE-A5CD-7606CE1DFAE4} => Firefox.exe http://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {4B3FC5C6-2BE1-4611-89B2-CD9EC6E26096} - System32\Tasks\{EFEE90A8-E1A4-4EB5-84D3-51AAAA27A5C7} => Firefox.exe http://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {5097A33A-BAFC-4A0C-830B-EE3635307363} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {6665D69B-4CA4-4396-A198-30B87ED3FD75} - System32\Tasks\{59005705-FE92-4EC3-AFCE-35B55AD3A113} => Firefox.exe http://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {70D83F4A-CC88-42BF-8B44-7E22E3D840F6} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {7D762521-8CC8-4F89-B531-BA88D1918F96} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {B01794BC-B124-42C2-88EB-B3E19C4EA1C6} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {E1C3524D-B7F0-45CC-B21C-AF38E4AD3FA4} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {E6F4C1A6-4F80-42B6-A8FB-12DD3D0C8A34} - System32\Tasks\{E42950E2-80F7-4C6A-9B9B-33BFC6CB88CC} => Firefox.exe http://ui.skype.com/ui/0/6.18.59.106/de/go/help.faq.installer?LastError=1625
Task: {E81940D7-E92F-447F-B254-D27DDBF6F930} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-21] (Microsoft Corporation)
Task: {FD55260E-7F5D-45DC-B36A-04D9FE94B299} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2014-08-28] (Overwolf LTD)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-08-14 20:07 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2013-10-23 06:11 - 2013-10-23 06:11 - 00122232 _____ () C:\Program Files (x86)\DivX\DivX Player\DPXIconHandler.dll
2013-07-16 17:41 - 2011-02-07 08:56 - 00138192 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2014-10-17 15:44 - 2014-10-17 15:44 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\b2363cf94faf59386ab4778a39c16e2b\IsdiInterop.ni.dll
2011-11-17 18:56 - 2011-05-20 19:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-11-11 19:05 - 2014-11-11 19:05 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\nobody\Downloads\putty.exe:BDU

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: MedionReminder => C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe /DeleteRunKey

========================= Accounts: ==========================

Administrator (S-1-5-21-4215263498-307554076-952119999-500 - Administrator - Enabled) => C:\Users\Administrator
Gast (S-1-5-21-4215263498-307554076-952119999-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4215263498-307554076-952119999-1006 - Limited - Enabled)
nobody (S-1-5-21-4215263498-307554076-952119999-1000 - Administrator - Enabled) => C:\Users\nobody

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/02/2014 00:39:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: LolClient.exe, Version: 0.0.0.0, Zeitstempel: 0x515663e0
Name des fehlerhaften Moduls: Adobe AIR.dll, Version: 3.7.0.1530, Zeitstempel: 0x5156646c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0006dd76
ID des fehlerhaften Prozesses: 0xf8c
Startzeit der fehlerhaften Anwendung: 0xLolClient.exe0
Pfad der fehlerhaften Anwendung: LolClient.exe1
Pfad des fehlerhaften Moduls: LolClient.exe2
Berichtskennung: LolClient.exe3

Error: (11/25/2014 08:18:25 PM) (Source: Software Protection Platform Service) (EventID: 8208) (User: )
Description: Fehler bei der Erfassung des authentischen Tickets (hr=0xC004C32A) für die Vorlagen-ID 66c92734-d682-4d71-983e-d6ec3f16059f.

Error: (11/25/2014 08:18:25 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: Lizenzerwerb-Fehlerdetails. 
hr=0xC004C32A

Error: (11/25/2014 05:28:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: a2start.exe, Version: 9.0.0.4570, Zeitstempel: 0x543c0095
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00037017
ID des fehlerhaften Prozesses: 0x10a8
Startzeit der fehlerhaften Anwendung: 0xa2start.exe0
Pfad der fehlerhaften Anwendung: a2start.exe1
Pfad des fehlerhaften Moduls: a2start.exe2
Berichtskennung: a2start.exe3

Error: (11/24/2014 03:25:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 33.1.0.5423, Zeitstempel: 0x545c0a59
Name des fehlerhaften Moduls: mozalloc.dll, Version: 33.1.0.5423, Zeitstempel: 0x545be5ee
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x153c
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (11/24/2014 03:25:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 33.1.0.5423, Zeitstempel: 0x545c0a37
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc000041d
Fehleroffset: 0x74cf4f11
ID des fehlerhaften Prozesses: 0x14b0
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3

Error: (11/22/2014 01:30:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000004e4e4
ID des fehlerhaften Prozesses: 0x111c
Startzeit der fehlerhaften Anwendung: 0xvlc.exe0
Pfad der fehlerhaften Anwendung: vlc.exe1
Pfad des fehlerhaften Moduls: vlc.exe2
Berichtskennung: vlc.exe3

Error: (11/21/2014 01:26:14 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (11/21/2014 01:25:29 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (11/18/2014 11:15:12 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: 


System errors:
=============
Error: (12/03/2014 11:27:09 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (12/03/2014 11:17:09 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (12/03/2014 11:08:24 PM) (Source: WMPNetworkSvc) (EventID: 14319) (User: )
Description: Dienst "WMPNetworkSvc" konnte nicht gestartet werden, da eine Gruppenrichtlinie Windows Media Player davon abhält, Mediendateien mit anderen Geräten gemeinsam zu nutzen.

Error: (12/03/2014 11:07:09 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (12/03/2014 11:06:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CyberGhost VPN 5 Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (12/03/2014 11:06:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst CyberGhost VPN 5 Client Service erreicht.

Error: (12/03/2014 11:05:37 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT-AUTORITÄT)
Description: Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf "\\?\Volume{d03a143c-b71c-11e1-8b78-806e6f6e6963}" können nicht gelesen werden.

Error: (12/03/2014 11:05:22 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000000a (0x0000000000000000, 0x0000000000000002, 0x0000000000000001, 0xfffff800032d6c3f)C:\Windows\MEMORY.DMP120314-22885-01

Error: (12/03/2014 11:05:03 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎03.‎12.‎2014 um 23:03:10 unerwartet heruntergefahren.

Error: (12/03/2014 11:03:03 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT-AUTORITÄT)
Description: Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf "\\?\Volume{d03a143c-b71c-11e1-8b78-806e6f6e6963}" können nicht gelesen werden.


Microsoft Office Sessions:
=========================
Error: (12/02/2014 00:39:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: LolClient.exe0.0.0.0515663e0Adobe AIR.dll3.7.0.15305156646cc00000050006dd76f8c01d00db7c6c3a69aC:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.119\deploy\LolClient.exeC:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.119\deploy\Adobe AIR\Versions\1.0\Adobe AIR.dll43e85891-79b3-11e4-a1cc-eeb433feb861

Error: (11/25/2014 08:18:25 PM) (Source: Software Protection Platform Service) (EventID: 8208) (User: )
Description: hr=0xC004C32A66c92734-d682-4d71-983e-d6ec3f16059f

Error: (11/25/2014 08:18:25 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: hr=0xC004C32A00010001(0x00000000, 20:18:25:213 - http://go.microsoft.com/fwlink/?LinkId=151642)
00020001(0x00000000, 20:18:25:213)
00030001(0x00000000, 20:18:25:213 - http://go.microsoft.com)
00030002(0x00000000, 20:18:25:213 - 1)
00020005(0x00000000, 20:18:25:213 - 0)
0002000C(0x00000000, 20:18:25:373 - 302)
0002000E(0x00000000, 20:18:25:373 - https://validation.sls.microsoft.com/SLWGA/slwga.asmx)
00020001(0x00000000, 20:18:25:373)
00030001(0x00000000, 20:18:25:373 - https://validation.sls.microsoft.com)
00030002(0x00000000, 20:18:25:373 - 1)
00020005(0x00000000, 20:18:25:373 - 0)
0002000C(0x00000000, 20:18:25:753 - 500)
00010002(0x8004FC01, 20:18:25:753 - <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><soap:Body><soap:Fault><faultcode>soap:Server</faultcode><faultstring>SoapException</faultstring><detail><HRESULT>0xC004C32A</HRESULT><Messages><Message>553 (Validation) - [VGA: Required parameter not found in offline XML blob.  ---&gt; Parameter not found in offline XML blob - [Win7BootSectorMustExist]]</Message></Messages></detail></soap:Fault></soap:Body></soap:Envelope>)
00010003(0x8004FC01, 20:18:25:753)

Error: (11/25/2014 05:28:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: a2start.exe9.0.0.4570543c0095KERNELBASE.dll6.1.7601.1840953159a86c00000050003701710a801d008c1db4a4960C:\PROGRAM FILES (X86)\EMSISOFT INTERNET SECURITY\a2start.exeC:\Windows\syswow64\KERNELBASE.dll091030fd-74c0-11e4-b19e-87e3ea20ac6f

Error: (11/24/2014 03:25:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe33.1.0.5423545c0a59mozalloc.dll33.1.0.5423545be5ee8000000300001425153c01d007f05cd3d441C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllc3197b00-73e5-11e4-babf-d085a9d8476e

Error: (11/24/2014 03:25:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: firefox.exe33.1.0.5423545c0a37unknown0.0.0.000000000c000041d74cf4f1114b001d007f055636082C:\Program Files (x86)\Mozilla Firefox\firefox.exeunknownc07d2503-73e5-11e4-babf-d085a9d8476e

Error: (11/22/2014 01:30:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: vlc.exe2.1.5.000000000ntdll.dll6.1.7601.18247521eaf24c0000005000000000004e4e4111c01d00650181b4e1aC:\Program Files\VideoLAN\VLC\vlc.exeC:\Windows\SYSTEM32\ntdll.dll5b96ba22-7243-11e4-b767-92236b79a47f

Error: (11/21/2014 01:26:14 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Users\nobody\AppData\Local\Temp\_MEI59442\detekt.exe.manifest

Error: (11/21/2014 01:25:29 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Users\nobody\AppData\Local\Temp\_MEI34882\detekt.exe.manifest

Error: (11/18/2014 11:15:12 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: 


CodeIntegrity Errors:
===================================
  Date: 2014-03-24 23:51:56.489
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-24 23:51:56.333
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-24 23:51:56.177
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-24 23:33:00.979
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-24 23:33:00.807
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-24 23:33:00.620
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-24 23:33:00.386
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-24 23:33:00.214
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-24 23:33:00.043
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-24 23:19:28.623
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\winsxs\Backup\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db_bcrypt.dll_e2f091ac" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7 CPU 870 @ 2.93GHz
Percentage of memory in use: 37%
Total physical RAM: 6135.11 MB
Available physical RAM: 3807.05 MB
Total Pagefile: 12268.41 MB
Available Pagefile: 9200.67 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:880.41 GB) (Free:286.75 GB) NTFS
Drive d: (Recover) (Fixed) (Total:50 GB) (Free:0.01 GB) NTFS
Drive f: (Festplatte) (Fixed) (Total:465.76 GB) (Free:175.11 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=880.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: F38EF38E)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
__________________
MfG
BeRealm

Alt 04.12.2014, 07:16   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Thunderbird Trojaner Fund - Standard

Thunderbird Trojaner Fund



hi,

Thunderbird war auch nie installiert? Sicher? IMAP ist eine Art des Empfangs, kein Email.-Tool.


Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________

__________________

Alt 04.12.2014, 16:03   #3
BeRealm
 
Thunderbird Trojaner Fund - Standard

Thunderbird Trojaner Fund



Danke für die Antwort. Tut mir leid ich habe mich etwas ungeschickt ausgedrückt. Thunderbird soll schon drauf sein. Es sollen nur keine E-mail Anhänge oder sonstiges auf meinem PC geladen werden. Deswegen dachte ich das bei IMAP alles am jeweiligen Server bleibt und nicht auf der Platte landet. Mich hat es eben sehr verwundert wieso ein Trojaner Fund in einem Thunderbird Ordner gefunden wurde

Hier das Log von TDSSKiller:
Code:
ATTFilter
15:55:35.0669 0x0c74  TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
15:55:40.0760 0x0c74  ============================================================
15:55:40.0760 0x0c74  Current date / time: 2014/12/04 15:55:40.0760
15:55:40.0760 0x0c74  SystemInfo:
15:55:40.0760 0x0c74  
15:55:40.0760 0x0c74  OS Version: 6.1.7601 ServicePack: 1.0
15:55:40.0760 0x0c74  Product type: Workstation
15:55:40.0760 0x0c74  ComputerName: nobody-PC
15:55:40.0761 0x0c74  UserName: nobody
15:55:40.0761 0x0c74  Windows directory: C:\Windows
15:55:40.0761 0x0c74  System windows directory: C:\Windows
15:55:40.0761 0x0c74  Running under WOW64
15:55:40.0761 0x0c74  Processor architecture: Intel x64
15:55:40.0761 0x0c74  Number of processors: 8
15:55:40.0761 0x0c74  Page size: 0x1000
15:55:40.0761 0x0c74  Boot type: Normal boot
15:55:40.0761 0x0c74  ============================================================
15:55:45.0865 0x0c74  KLMD registered as C:\Windows\system32\drivers\76539183.sys
15:55:46.0166 0x0c74  System UUID: {8D6D8F82-DF3C-4B01-300F-002311C17320}
15:55:46.0575 0x0c74  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:55:46.0608 0x0c74  Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:55:46.0617 0x0c74  ============================================================
15:55:46.0617 0x0c74  \Device\Harddisk0\DR0:
15:55:46.0618 0x0c74  MBR partitions:
15:55:46.0618 0x0c74  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:55:46.0618 0x0c74  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6E0D3800
15:55:46.0618 0x0c74  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x6E106000, BlocksNum 0x6400000
15:55:46.0618 0x0c74  \Device\Harddisk1\DR1:
15:55:46.0618 0x0c74  MBR partitions:
15:55:46.0618 0x0c74  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800
15:55:46.0618 0x0c74  ============================================================
15:55:46.0676 0x0c74  C: <-> \Device\Harddisk0\DR0\Partition2
15:55:46.0721 0x0c74  D: <-> \Device\Harddisk0\DR0\Partition3
15:55:46.0750 0x0c74  F: <-> \Device\Harddisk1\DR1\Partition1
15:55:46.0750 0x0c74  ============================================================
15:55:46.0750 0x0c74  Initialize success
15:55:46.0750 0x0c74  ============================================================
15:55:55.0154 0x16a8  ============================================================
15:55:55.0154 0x16a8  Scan started
15:55:55.0154 0x16a8  Mode: Manual; 
15:55:55.0154 0x16a8  ============================================================
15:55:55.0154 0x16a8  KSN ping started
15:55:57.0911 0x16a8  KSN ping finished: true
15:55:58.0963 0x16a8  ================ Scan system memory ========================
15:55:58.0963 0x16a8  System memory - ok
15:55:58.0963 0x16a8  ================ Scan services =============================
15:55:59.0164 0x16a8  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
15:55:59.0168 0x16a8  1394ohci - ok
15:55:59.0226 0x16a8  [ 73C035299E3044636104CA7A7634A6AC, ED1D4904E2D1D1C72ED9697297AE1B64860098BA2F6F63F7A1426413007DF138 ] a2acc           C:\PROGRAM FILES (X86)\EMSISOFT INTERNET SECURITY\a2accx64.sys
15:55:59.0228 0x16a8  a2acc - ok
15:55:59.0384 0x16a8  [ 1DF600AAA554D358108FF241A667112B, 9CD99BB0A22570B4AE62A0F66122457E57E10965552A8C6FD9C6E4090DAF150E ] a2AntiMalware   C:\Program Files (x86)\Emsisoft Internet Security\a2service.exe
15:55:59.0460 0x16a8  a2AntiMalware - ok
15:55:59.0496 0x16a8  [ D27A8B7BB0E15DFBFC6B4E774EE17AD9, CBAD45B3FFFD30C34AF918009F699B65F89043D0799FC25D2472381912F86F93 ] A2DDA           C:\Program Files (x86)\Emsisoft Internet Security\a2ddax64.sys
15:55:59.0497 0x16a8  A2DDA - ok
15:55:59.0523 0x16a8  [ 05936579605018BD2BC528FF2C1AD95F, 763C2E76F9078F6A74D5BCCB4DD8A10C82AEB9C9F5A45C3706A587FA2D03E7D3 ] a2injectiondriver C:\Program Files (x86)\Emsisoft Internet Security\a2dix64.sys
15:55:59.0524 0x16a8  a2injectiondriver - ok
15:55:59.0533 0x16a8  [ B1AB7116D14667A2238DAEFE20B7F4D0, DC8A9093A6F759657C3354931A462FCCAF3533A907FB7152380EB2E9B4AD3BF8 ] a2util          C:\Program Files (x86)\Emsisoft Internet Security\a2util64.sys
15:55:59.0534 0x16a8  a2util - ok
15:55:59.0566 0x16a8  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
15:55:59.0573 0x16a8  ACPI - ok
15:55:59.0585 0x16a8  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
15:55:59.0586 0x16a8  AcpiPmi - ok
15:55:59.0736 0x16a8  [ F79623288F2A357AB20288B5DC4F452A, AA6F70A4C12E390E08074D6FD0EA0D1856D8274DA833E56A8811BF820A2D41D4 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:55:59.0742 0x16a8  AdobeFlashPlayerUpdateSvc - ok
15:55:59.0765 0x16a8  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
15:55:59.0776 0x16a8  adp94xx - ok
15:55:59.0796 0x16a8  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
15:55:59.0803 0x16a8  adpahci - ok
15:55:59.0829 0x16a8  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
15:55:59.0833 0x16a8  adpu320 - ok
15:55:59.0856 0x16a8  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:55:59.0858 0x16a8  AeLookupSvc - ok
15:55:59.0886 0x16a8  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
15:55:59.0896 0x16a8  AFD - ok
15:55:59.0915 0x16a8  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
15:55:59.0917 0x16a8  agp440 - ok
15:55:59.0927 0x16a8  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
15:55:59.0929 0x16a8  ALG - ok
15:55:59.0945 0x16a8  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:55:59.0946 0x16a8  aliide - ok
15:55:59.0987 0x16a8  [ F17B1902DFCED1C24DB57492A7896FF8, 966AB1A072A8AF98D7EDD2A388D919B50FC41A06E1C51B04B2C2F54F1BA7F0D5 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
15:55:59.0992 0x16a8  AMD External Events Utility - ok
15:56:00.0002 0x16a8  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
15:56:00.0003 0x16a8  amdide - ok
15:56:00.0020 0x16a8  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
15:56:00.0022 0x16a8  AmdK8 - ok
15:56:00.0438 0x16a8  [ 81FCDBBA547919D59DC134ED717658B4, 9A95C4400CAE00F25EE10BAE8949CF7317954742EB6F0831AAAEA4A2C220E56B ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
15:56:00.0704 0x16a8  amdkmdag - ok
15:56:00.0797 0x16a8  [ AF6B384E03D15471EDCEDDDEBAA363B2, 2D8CFA26D69A8FF0FAC6EBA2E5A62977B21ECBA0C65458072FEC4A886B3EDD73 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
15:56:00.0807 0x16a8  amdkmdap - ok
15:56:00.0825 0x16a8  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
15:56:00.0827 0x16a8  AmdPPM - ok
15:56:00.0843 0x16a8  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
15:56:00.0846 0x16a8  amdsata - ok
15:56:00.0857 0x16a8  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
15:56:00.0861 0x16a8  amdsbs - ok
15:56:00.0878 0x16a8  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
15:56:00.0879 0x16a8  amdxata - ok
15:56:00.0898 0x16a8  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
15:56:00.0900 0x16a8  AppID - ok
15:56:00.0918 0x16a8  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:56:00.0919 0x16a8  AppIDSvc - ok
15:56:00.0943 0x16a8  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
15:56:00.0946 0x16a8  Appinfo - ok
15:56:00.0958 0x16a8  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
15:56:00.0961 0x16a8  arc - ok
15:56:00.0975 0x16a8  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
15:56:00.0977 0x16a8  arcsas - ok
15:56:01.0038 0x16a8  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:56:01.0103 0x16a8  aspnet_state - ok
15:56:01.0124 0x16a8  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:56:01.0125 0x16a8  AsyncMac - ok
15:56:01.0150 0x16a8  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
15:56:01.0151 0x16a8  atapi - ok
15:56:01.0184 0x16a8  [ 33497249626E7787AA5CEA99B226CCA6, EF6213B79F83334CD95E4A58A4FE64190AA3FEFF590E41C4BF302FC4A8F6D6D6 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
15:56:01.0186 0x16a8  AtiHDAudioService - ok
15:56:01.0227 0x16a8  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:56:01.0242 0x16a8  AudioEndpointBuilder - ok
15:56:01.0258 0x16a8  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv        C:\Windows\System32\Audiosrv.dll
15:56:01.0269 0x16a8  AudioSrv - ok
15:56:01.0292 0x16a8  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:56:01.0296 0x16a8  AxInstSV - ok
15:56:01.0325 0x16a8  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
15:56:01.0335 0x16a8  b06bdrv - ok
15:56:01.0349 0x16a8  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
15:56:01.0356 0x16a8  b57nd60a - ok
15:56:01.0370 0x16a8  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:56:01.0372 0x16a8  BDESVC - ok
15:56:01.0394 0x16a8  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:56:01.0395 0x16a8  Beep - ok
15:56:01.0423 0x16a8  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
15:56:01.0438 0x16a8  BFE - ok
15:56:01.0480 0x16a8  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
15:56:01.0499 0x16a8  BITS - ok
15:56:01.0521 0x16a8  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
15:56:01.0522 0x16a8  blbdrive - ok
15:56:01.0542 0x16a8  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:56:01.0544 0x16a8  bowser - ok
15:56:01.0553 0x16a8  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
15:56:01.0554 0x16a8  BrFiltLo - ok
15:56:01.0569 0x16a8  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
15:56:01.0570 0x16a8  BrFiltUp - ok
15:56:01.0587 0x16a8  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
15:56:01.0591 0x16a8  Browser - ok
15:56:01.0616 0x16a8  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
15:56:01.0623 0x16a8  Brserid - ok
15:56:01.0658 0x16a8  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:56:01.0660 0x16a8  BrSerWdm - ok
15:56:01.0670 0x16a8  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:56:01.0671 0x16a8  BrUsbMdm - ok
15:56:01.0686 0x16a8  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:56:01.0687 0x16a8  BrUsbSer - ok
15:56:01.0689 0x16a8  BTCFilterService - ok
15:56:01.0699 0x16a8  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
15:56:01.0701 0x16a8  BTHMODEM - ok
15:56:01.0726 0x16a8  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
15:56:01.0728 0x16a8  bthserv - ok
15:56:01.0750 0x16a8  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:56:01.0752 0x16a8  cdfs - ok
15:56:01.0771 0x16a8  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
15:56:01.0775 0x16a8  cdrom - ok
15:56:01.0786 0x16a8  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
15:56:01.0789 0x16a8  CertPropSvc - ok
15:56:01.0861 0x16a8  [ 08D4BD3F12DFF3A11E4F2C09745DA0FA, 99A19D3B43F5B21A3E23B9A91D9443ED2710C14B954C769B837626181FC4F630 ] CGVPNCliService C:\Program Files\CyberGhost 5\Service.exe
15:56:01.0862 0x16a8  CGVPNCliService - ok
15:56:01.0885 0x16a8  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
15:56:01.0887 0x16a8  circlass - ok
15:56:01.0969 0x16a8  [ B794DCF38C965FA2F93C45A7C3D582C5, 0E483EAF835B85AA4B6F449F9BB68AF0A3EE4192D29CD72F4B812F1E4D9E9A7C ] cleanhlp        C:\Program Files (x86)\Emsisoft Internet Security\cleanhlp64.sys
15:56:01.0971 0x16a8  cleanhlp - ok
15:56:01.0998 0x16a8  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
15:56:02.0007 0x16a8  CLFS - ok
15:56:02.0081 0x16a8  [ 4C6406CF07D4EBB70C5774D55C6688FB, 3AA5DB7A0E7BB54F3D0FA9D2CB952144A7A5FCAC20A644646DE7392D7EDDB408 ] CLHNServiceForPowerDVD12 C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
15:56:02.0083 0x16a8  CLHNServiceForPowerDVD12 - ok
15:56:02.0123 0x16a8  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:56:02.0125 0x16a8  clr_optimization_v2.0.50727_32 - ok
15:56:02.0149 0x16a8  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:56:02.0152 0x16a8  clr_optimization_v2.0.50727_64 - ok
15:56:02.0193 0x16a8  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:56:02.0270 0x16a8  clr_optimization_v4.0.30319_32 - ok
15:56:02.0286 0x16a8  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:56:02.0306 0x16a8  clr_optimization_v4.0.30319_64 - ok
15:56:02.0322 0x16a8  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
15:56:02.0323 0x16a8  CmBatt - ok
15:56:02.0335 0x16a8  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:56:02.0336 0x16a8  cmdide - ok
15:56:02.0384 0x16a8  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
15:56:02.0392 0x16a8  CNG - ok
15:56:02.0415 0x16a8  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
15:56:02.0417 0x16a8  Compbatt - ok
15:56:02.0426 0x16a8  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
15:56:02.0428 0x16a8  CompositeBus - ok
15:56:02.0431 0x16a8  COMSysApp - ok
15:56:02.0453 0x16a8  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
15:56:02.0455 0x16a8  crcdisk - ok
15:56:02.0483 0x16a8  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:56:02.0488 0x16a8  CryptSvc - ok
15:56:02.0516 0x16a8  [ EA22BCA708B37B82ADEBC822A171B92E, 27E6D82F4508B3542E373F1B24E7F02F7C82282102E5199A8EC9B91E2B6ABC66 ] CyberLink PowerDVD 12 Media Server Monitor Service C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
15:56:02.0517 0x16a8  CyberLink PowerDVD 12 Media Server Monitor Service - ok
15:56:02.0532 0x16a8  [ 3168D2F171A64590E7A11355CAE60A1E, E240691219933EE657B5B401ABAAB2EB7505EE4A869B619352F5886C924F41AC ] CyberLink PowerDVD 12 Media Server Service C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
15:56:02.0537 0x16a8  CyberLink PowerDVD 12 Media Server Service - ok
15:56:02.0560 0x16a8  [ 88123E5A5572405DF6FE56E4A2A95BD4, F24BD9B54E1758942468C9280F1285091DE7EBE8BC2FAC8AFB98B62C1C8C1F5E ] dc3d            C:\Windows\system32\DRIVERS\dc3d.sys
15:56:02.0562 0x16a8  dc3d - ok
15:56:02.0588 0x16a8  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:56:02.0600 0x16a8  DcomLaunch - ok
15:56:02.0675 0x16a8  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
15:56:02.0682 0x16a8  defragsvc - ok
15:56:02.0704 0x16a8  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:56:02.0706 0x16a8  DfsC - ok
15:56:02.0718 0x16a8  dgderdrv - ok
15:56:02.0738 0x16a8  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:56:02.0745 0x16a8  Dhcp - ok
15:56:02.0757 0x16a8  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
15:56:02.0758 0x16a8  discache - ok
15:56:02.0763 0x16a8  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
15:56:02.0764 0x16a8  Disk - ok
15:56:02.0783 0x16a8  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:56:02.0788 0x16a8  Dnscache - ok
15:56:02.0810 0x16a8  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
15:56:02.0817 0x16a8  dot3svc - ok
15:56:02.0837 0x16a8  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
15:56:02.0841 0x16a8  DPS - ok
15:56:02.0870 0x16a8  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:56:02.0871 0x16a8  drmkaud - ok
15:56:02.0897 0x16a8  [ 46571ED73AE84469DCA53081D33CF3C8, 8BB386BB4F6AD39F06A8607CD1DF3D67CFA45BBE52E40EDB90EB8C862283EBFF ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
15:56:02.0902 0x16a8  dtsoftbus01 - ok
15:56:02.0941 0x16a8  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:56:02.0958 0x16a8  DXGKrnl - ok
15:56:03.0012 0x16a8  EagleX64 - ok
15:56:03.0066 0x16a8  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
15:56:03.0069 0x16a8  EapHost - ok
15:56:03.0074 0x16a8  EasyAntiCheat - ok
15:56:03.0171 0x16a8  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
15:56:03.0238 0x16a8  ebdrv - ok
15:56:03.0287 0x16a8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
15:56:03.0289 0x16a8  EFS - ok
15:56:03.0342 0x16a8  [ C0D4F1A32B5AEE52E14545C07824FFBD, FAB315D8208A58F42A455E02D86EF707E5ADD249A7907DC4F68E9FAE0545DFE0 ] EfwTdiFlt       C:\Program Files (x86)\Emsisoft Internet Security\fwtdi64.sys
15:56:03.0354 0x16a8  EfwTdiFlt - ok
15:56:03.0404 0x16a8  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:56:03.0415 0x16a8  ehRecvr - ok
15:56:03.0429 0x16a8  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
15:56:03.0432 0x16a8  ehSched - ok
15:56:03.0464 0x16a8  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
15:56:03.0475 0x16a8  elxstor - ok
15:56:03.0492 0x16a8  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:56:03.0493 0x16a8  ErrDev - ok
15:56:03.0529 0x16a8  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
15:56:03.0538 0x16a8  EventSystem - ok
15:56:03.0567 0x16a8  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
15:56:03.0572 0x16a8  exfat - ok
15:56:03.0591 0x16a8  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:56:03.0596 0x16a8  fastfat - ok
15:56:03.0667 0x16a8  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
15:56:03.0682 0x16a8  Fax - ok
15:56:03.0694 0x16a8  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
15:56:03.0695 0x16a8  fdc - ok
15:56:03.0707 0x16a8  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
15:56:03.0708 0x16a8  fdPHost - ok
15:56:03.0723 0x16a8  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:56:03.0725 0x16a8  FDResPub - ok
15:56:03.0734 0x16a8  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:56:03.0736 0x16a8  FileInfo - ok
15:56:03.0750 0x16a8  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:56:03.0751 0x16a8  Filetrace - ok
15:56:03.0765 0x16a8  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
15:56:03.0766 0x16a8  flpydisk - ok
15:56:03.0782 0x16a8  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:56:03.0789 0x16a8  FltMgr - ok
15:56:03.0841 0x16a8  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
15:56:03.0865 0x16a8  FontCache - ok
15:56:03.0902 0x16a8  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:56:03.0903 0x16a8  FontCache3.0.0.0 - ok
15:56:03.0914 0x16a8  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
15:56:03.0916 0x16a8  FsDepends - ok
15:56:03.0941 0x16a8  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:56:03.0942 0x16a8  Fs_Rec - ok
15:56:03.0971 0x16a8  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:56:03.0980 0x16a8  fvevol - ok
15:56:04.0055 0x16a8  [ 164A0CFD246C4911FD0FF72FAB8612FB, 7E6F936E251310CB6E28AA1A836C6259D01E70AAEB0EEF6A5CC72ECB12225A87 ] fwndis          C:\Windows\system32\DRIVERS\fwndis64.sys
15:56:04.0062 0x16a8  fwndis - ok
15:56:04.0120 0x16a8  [ 828ECF8255F45F63042770413D80A162, D4F158C6F8F7A7E4DF38700BB71F6D7027773E76F30495076440B7E3FDA33647 ] fwwfp           C:\Program Files (x86)\Emsisoft Internet Security\fwwfp764.sys
15:56:04.0126 0x16a8  fwwfp - ok
15:56:04.0139 0x16a8  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
15:56:04.0141 0x16a8  gagp30kx - ok
15:56:04.0183 0x16a8  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
15:56:04.0200 0x16a8  gpsvc - ok
15:56:04.0229 0x16a8  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B, F9995CFEC7BBFE10B06EEE04CA6B49658275C43096E57747BFF9C2C31A0F9011 ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
15:56:04.0231 0x16a8  hamachi - ok
15:56:04.0247 0x16a8  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:56:04.0249 0x16a8  hcw85cir - ok
15:56:04.0281 0x16a8  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:56:04.0289 0x16a8  HdAudAddService - ok
15:56:04.0311 0x16a8  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
15:56:04.0314 0x16a8  HDAudBus - ok
15:56:04.0329 0x16a8  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
15:56:04.0331 0x16a8  HidBatt - ok
15:56:04.0342 0x16a8  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
15:56:04.0345 0x16a8  HidBth - ok
15:56:04.0361 0x16a8  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
15:56:04.0363 0x16a8  HidIr - ok
15:56:04.0388 0x16a8  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
15:56:04.0389 0x16a8  hidserv - ok
15:56:04.0412 0x16a8  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:56:04.0413 0x16a8  HidUsb - ok
15:56:04.0434 0x16a8  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:56:04.0437 0x16a8  hkmsvc - ok
15:56:04.0452 0x16a8  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:56:04.0458 0x16a8  HomeGroupListener - ok
15:56:04.0486 0x16a8  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:56:04.0491 0x16a8  HomeGroupProvider - ok
15:56:04.0515 0x16a8  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
15:56:04.0518 0x16a8  HpSAMD - ok
15:56:04.0562 0x16a8  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:56:04.0577 0x16a8  HTTP - ok
15:56:04.0586 0x16a8  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:56:04.0586 0x16a8  hwpolicy - ok
15:56:04.0619 0x16a8  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
15:56:04.0621 0x16a8  i8042prt - ok
15:56:04.0637 0x16a8  [ 2FDAEC4B02729C48C0FD1B0B4695995B, 87331D91FA3A23257B9913067B7B16D08710408070795B638058DBF728BBB288 ] iaStor          C:\Windows\system32\drivers\iaStor.sys
15:56:04.0647 0x16a8  iaStor - ok
15:56:04.0703 0x16a8  [ D41861E56E7552C13674D7F147A02464, A361AE723FEEFD8D34D259F667ED14EEEC3B8ED6458522AC5D50C08E281B298B ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
15:56:04.0704 0x16a8  IAStorDataMgrSvc - ok
15:56:04.0729 0x16a8  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
15:56:04.0738 0x16a8  iaStorV - ok
15:56:04.0796 0x16a8  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:56:04.0815 0x16a8  idsvc - ok
15:56:04.0831 0x16a8  IEEtwCollectorService - ok
15:56:04.0993 0x16a8  [ A87261EF1546325B559374F5689CF5BC, 8DE48A8A13A32AAAC54CDDF58F3F61BE3E2802C1D9CA1CA98E57EB0D65FB6002 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
15:56:05.0119 0x16a8  igfx - ok
15:56:05.0149 0x16a8  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
15:56:05.0150 0x16a8  iirsp - ok
15:56:05.0196 0x16a8  [ CE1EE31FFF730CA975A5535D8A71AF61, A1808EB92EC2444F9309C93F5724A7A374F4B983862829BF9B076C8D3B2427DE ] IJPLMSVC        C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
15:56:05.0199 0x16a8  IJPLMSVC - ok
15:56:05.0232 0x16a8  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
15:56:05.0250 0x16a8  IKEEXT - ok
15:56:05.0366 0x16a8  [ F94E2C3BA6D4B57C2E1DD03E950CBBC4, C0C4F779E1BA0A6C68937A2F6A0AEA5F49F0476A8520AC1323775536FA585A3C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:56:05.0446 0x16a8  IntcAzAudAddService - ok
15:56:05.0464 0x16a8  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
15:56:05.0466 0x16a8  intelide - ok
15:56:05.0488 0x16a8  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:56:05.0489 0x16a8  intelppm - ok
15:56:05.0513 0x16a8  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:56:05.0516 0x16a8  IPBusEnum - ok
15:56:05.0528 0x16a8  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:56:05.0530 0x16a8  IpFilterDriver - ok
15:56:05.0571 0x16a8  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:56:05.0583 0x16a8  iphlpsvc - ok
15:56:05.0604 0x16a8  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
15:56:05.0609 0x16a8  IPMIDRV - ok
15:56:05.0670 0x16a8  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
15:56:05.0672 0x16a8  IPNAT - ok
15:56:05.0685 0x16a8  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:56:05.0686 0x16a8  IRENUM - ok
15:56:05.0701 0x16a8  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:56:05.0702 0x16a8  isapnp - ok
15:56:05.0733 0x16a8  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
15:56:05.0740 0x16a8  iScsiPrt - ok
15:56:05.0766 0x16a8  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:56:05.0768 0x16a8  kbdclass - ok
15:56:05.0773 0x16a8  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
15:56:05.0774 0x16a8  kbdhid - ok
15:56:05.0812 0x16a8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
15:56:05.0814 0x16a8  KeyIso - ok
15:56:05.0864 0x16a8  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:56:05.0866 0x16a8  KSecDD - ok
15:56:05.0895 0x16a8  [ 41774FF331F609EF442B7398EE6202B1, AD67DA06A74895C384F4A1F1CF47050DAEE9C6CE8AD12F1A116FC977B6C3A864 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
15:56:05.0899 0x16a8  KSecPkg - ok
15:56:05.0908 0x16a8  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
15:56:05.0909 0x16a8  ksthunk - ok
15:56:05.0941 0x16a8  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:56:05.0950 0x16a8  KtmRm - ok
15:56:05.0975 0x16a8  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
15:56:05.0981 0x16a8  LanmanServer - ok
15:56:06.0004 0x16a8  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:56:06.0008 0x16a8  LanmanWorkstation - ok
15:56:06.0025 0x16a8  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:56:06.0026 0x16a8  lltdio - ok
15:56:06.0056 0x16a8  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:56:06.0063 0x16a8  lltdsvc - ok
15:56:06.0081 0x16a8  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:56:06.0082 0x16a8  lmhosts - ok
15:56:06.0111 0x16a8  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
15:56:06.0114 0x16a8  LSI_FC - ok
15:56:06.0129 0x16a8  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
15:56:06.0131 0x16a8  LSI_SAS - ok
15:56:06.0137 0x16a8  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
15:56:06.0139 0x16a8  LSI_SAS2 - ok
15:56:06.0149 0x16a8  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
15:56:06.0151 0x16a8  LSI_SCSI - ok
15:56:06.0177 0x16a8  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
15:56:06.0179 0x16a8  luafv - ok
15:56:06.0198 0x16a8  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
15:56:06.0201 0x16a8  Mcx2Svc - ok
15:56:06.0212 0x16a8  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
15:56:06.0214 0x16a8  megasas - ok
15:56:06.0229 0x16a8  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
15:56:06.0235 0x16a8  MegaSR - ok
15:56:06.0264 0x16a8  Microsoft SharePoint Workspace Audit Service - ok
15:56:06.0282 0x16a8  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
15:56:06.0285 0x16a8  MMCSS - ok
15:56:06.0298 0x16a8  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
15:56:06.0299 0x16a8  Modem - ok
15:56:06.0317 0x16a8  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:56:06.0318 0x16a8  monitor - ok
15:56:06.0322 0x16a8  motccgp - ok
15:56:06.0327 0x16a8  motccgpfl - ok
15:56:06.0333 0x16a8  motmodem - ok
15:56:06.0338 0x16a8  MotoSwitchService - ok
15:56:06.0344 0x16a8  Motousbnet - ok
15:56:06.0349 0x16a8  motusbdevice - ok
15:56:06.0366 0x16a8  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:56:06.0367 0x16a8  mouclass - ok
15:56:06.0382 0x16a8  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:56:06.0383 0x16a8  mouhid - ok
15:56:06.0419 0x16a8  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:56:06.0421 0x16a8  mountmgr - ok
15:56:06.0454 0x16a8  [ 43BCA4038E290F75B5B6FECBFF5288A2, 52076DC16CDBD5A86AF2157528E56B52442489C45429B5EE39D7B34863414682 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:56:06.0457 0x16a8  MozillaMaintenance - ok
15:56:06.0482 0x16a8  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:56:06.0486 0x16a8  mpio - ok
15:56:06.0504 0x16a8  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:56:06.0506 0x16a8  mpsdrv - ok
15:56:06.0549 0x16a8  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:56:06.0568 0x16a8  MpsSvc - ok
15:56:06.0595 0x16a8  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:56:06.0598 0x16a8  MRxDAV - ok
15:56:06.0625 0x16a8  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:56:06.0629 0x16a8  mrxsmb - ok
15:56:06.0687 0x16a8  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:56:06.0693 0x16a8  mrxsmb10 - ok
15:56:06.0702 0x16a8  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:56:06.0705 0x16a8  mrxsmb20 - ok
15:56:06.0728 0x16a8  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
15:56:06.0730 0x16a8  msahci - ok
15:56:06.0755 0x16a8  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:56:06.0759 0x16a8  msdsm - ok
15:56:06.0778 0x16a8  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
15:56:06.0782 0x16a8  MSDTC - ok
15:56:06.0809 0x16a8  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:56:06.0810 0x16a8  Msfs - ok
15:56:06.0822 0x16a8  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
15:56:06.0823 0x16a8  mshidkmdf - ok
15:56:06.0838 0x16a8  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:56:06.0839 0x16a8  msisadrv - ok
15:56:06.0862 0x16a8  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:56:06.0867 0x16a8  MSiSCSI - ok
15:56:06.0872 0x16a8  msiserver - ok
15:56:06.0892 0x16a8  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:56:06.0893 0x16a8  MSKSSRV - ok
15:56:06.0905 0x16a8  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:56:06.0906 0x16a8  MSPCLOCK - ok
15:56:06.0919 0x16a8  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:56:06.0920 0x16a8  MSPQM - ok
15:56:06.0945 0x16a8  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:56:06.0953 0x16a8  MsRPC - ok
15:56:06.0978 0x16a8  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
15:56:06.0979 0x16a8  mssmbios - ok
15:56:07.0001 0x16a8  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:56:07.0003 0x16a8  MSTEE - ok
15:56:07.0018 0x16a8  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
15:56:07.0021 0x16a8  MTConfig - ok
15:56:07.0037 0x16a8  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
15:56:07.0038 0x16a8  Mup - ok
15:56:07.0077 0x16a8  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
15:56:07.0088 0x16a8  napagent - ok
15:56:07.0112 0x16a8  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:56:07.0119 0x16a8  NativeWifiP - ok
15:56:07.0161 0x16a8  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:56:07.0186 0x16a8  NDIS - ok
15:56:07.0205 0x16a8  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
15:56:07.0206 0x16a8  NdisCap - ok
15:56:07.0225 0x16a8  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:56:07.0226 0x16a8  NdisTapi - ok
15:56:07.0236 0x16a8  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:56:07.0238 0x16a8  Ndisuio - ok
15:56:07.0264 0x16a8  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:56:07.0268 0x16a8  NdisWan - ok
15:56:07.0297 0x16a8  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:56:07.0299 0x16a8  NDProxy - ok
15:56:07.0306 0x16a8  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:56:07.0307 0x16a8  NetBIOS - ok
15:56:07.0329 0x16a8  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
15:56:07.0335 0x16a8  NetBT - ok
15:56:07.0346 0x16a8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
15:56:07.0347 0x16a8  Netlogon - ok
15:56:07.0375 0x16a8  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
15:56:07.0383 0x16a8  Netman - ok
15:56:07.0422 0x16a8  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:56:07.0443 0x16a8  NetMsmqActivator - ok
15:56:07.0459 0x16a8  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:56:07.0461 0x16a8  NetPipeActivator - ok
15:56:07.0493 0x16a8  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
15:56:07.0504 0x16a8  netprofm - ok
15:56:07.0514 0x16a8  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:56:07.0516 0x16a8  NetTcpActivator - ok
15:56:07.0524 0x16a8  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:56:07.0527 0x16a8  NetTcpPortSharing - ok
15:56:07.0544 0x16a8  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
15:56:07.0546 0x16a8  nfrd960 - ok
15:56:07.0574 0x16a8  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:56:07.0581 0x16a8  NlaSvc - ok
15:56:07.0610 0x16a8  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:56:07.0615 0x16a8  Npfs - ok
15:56:07.0676 0x16a8  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
15:56:07.0678 0x16a8  nsi - ok
15:56:07.0689 0x16a8  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:56:07.0690 0x16a8  nsiproxy - ok
15:56:07.0756 0x16a8  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:56:07.0797 0x16a8  Ntfs - ok
15:56:07.0858 0x16a8  [ EAAC965642EF5F818AED508CADF83E4B, 89DBEE7878FCD589778A5D84D265645628B114C77D2EF432F471706121CAEC9C ] ntk_PowerDVD12  C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys
15:56:07.0860 0x16a8  ntk_PowerDVD12 - ok
15:56:07.0888 0x16a8  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
15:56:07.0889 0x16a8  Null - ok
15:56:07.0912 0x16a8  [ 550BE6C46110B74C1ED7B156598D67AF, EB6DCF9FC9F9312DF0108C96C74F13D057F314F52D432DE53FA07DD76FE984F6 ] nusb3hub        C:\Windows\system32\drivers\nusb3hub.sys
15:56:07.0915 0x16a8  nusb3hub - ok
15:56:07.0932 0x16a8  [ 17401C97DCF93F121B89B554D733B836, 60626F14A62037326C43AFEAE58BBDAFD30E97C6E668AA88C1F8A0832533ACCF ] nusb3xhc        C:\Windows\system32\drivers\nusb3xhc.sys
15:56:07.0937 0x16a8  nusb3xhc - ok
15:56:07.0957 0x16a8  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:56:07.0961 0x16a8  nvraid - ok
15:56:08.0001 0x16a8  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:56:08.0005 0x16a8  nvstor - ok
15:56:08.0030 0x16a8  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:56:08.0034 0x16a8  nv_agp - ok
15:56:08.0057 0x16a8  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
15:56:08.0059 0x16a8  ohci1394 - ok
15:56:08.0111 0x16a8  [ 107383EF78A7DC444F62594C927536E6, 7B1D2E3FE5D53AC168BE455881971E001845DB5BCADB4F0A49BB2DA8BCFFBACE ] OpenVPNService  C:\Program Files\OpenVPN\bin\openvpnserv.exe
15:56:08.0113 0x16a8  OpenVPNService - ok
15:56:08.0154 0x16a8  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:56:08.0159 0x16a8  ose - ok
15:56:08.0320 0x16a8  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:56:08.0422 0x16a8  osppsvc - ok
15:56:08.0550 0x16a8  [ A000644A12059D9BEFAC21D04A43047C, 63AE4FC35D221C694EFDE98729334CD2E036F0A07EAF85CBDC03EBDEDA1C1ECB ] OverwolfUpdater C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe
15:56:08.0571 0x16a8  OverwolfUpdater - ok
15:56:08.0605 0x16a8  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:56:08.0613 0x16a8  p2pimsvc - ok
15:56:08.0678 0x16a8  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
15:56:08.0688 0x16a8  p2psvc - ok
15:56:08.0709 0x16a8  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
15:56:08.0711 0x16a8  Parport - ok
15:56:08.0732 0x16a8  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:56:08.0734 0x16a8  partmgr - ok
15:56:08.0749 0x16a8  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:56:08.0754 0x16a8  PcaSvc - ok
15:56:08.0768 0x16a8  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
15:56:08.0772 0x16a8  pci - ok
15:56:08.0791 0x16a8  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
15:56:08.0792 0x16a8  pciide - ok
15:56:08.0810 0x16a8  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
15:56:08.0815 0x16a8  pcmcia - ok
15:56:08.0828 0x16a8  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
15:56:08.0829 0x16a8  pcw - ok
15:56:08.0863 0x16a8  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:56:08.0877 0x16a8  PEAUTH - ok
15:56:08.0965 0x16a8  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
15:56:08.0967 0x16a8  PerfHost - ok
15:56:09.0039 0x16a8  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
15:56:09.0070 0x16a8  pla - ok
15:56:09.0116 0x16a8  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:56:09.0126 0x16a8  PlugPlay - ok
15:56:09.0223 0x16a8  pmem - ok
15:56:09.0237 0x16a8  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
15:56:09.0239 0x16a8  PNRPAutoReg - ok
15:56:09.0264 0x16a8  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
15:56:09.0270 0x16a8  PNRPsvc - ok
15:56:09.0294 0x16a8  [ 5BC4D480DD527EB0CF33A67A090A130E, 25B5E34CF5CED4C5C5CB2175018905F0A49191DC1670CA3F797A8434D6F1AE82 ] Point64         C:\Windows\system32\DRIVERS\point64.sys
15:56:09.0296 0x16a8  Point64 - ok
15:56:09.0327 0x16a8  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:56:09.0338 0x16a8  PolicyAgent - ok
15:56:09.0369 0x16a8  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
15:56:09.0374 0x16a8  Power - ok
15:56:09.0399 0x16a8  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:56:09.0402 0x16a8  PptpMiniport - ok
15:56:09.0418 0x16a8  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
15:56:09.0420 0x16a8  Processor - ok
15:56:09.0446 0x16a8  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
15:56:09.0452 0x16a8  ProfSvc - ok
15:56:09.0497 0x16a8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:56:09.0498 0x16a8  ProtectedStorage - ok
15:56:09.0516 0x16a8  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:56:09.0519 0x16a8  Psched - ok
15:56:09.0556 0x16a8  [ DD3FD48D69F5FBBB21D46D1514C1C2DB, 2B188E3AC4BD9B608D375DD550507717852C2AF7C0F99FFED90098999B9D4F01 ] PSI             C:\Windows\system32\DRIVERS\psi_mf_amd64.sys
15:56:09.0558 0x16a8  PSI - ok
15:56:09.0607 0x16a8  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
15:56:09.0639 0x16a8  ql2300 - ok
15:56:09.0681 0x16a8  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
15:56:09.0684 0x16a8  ql40xx - ok
15:56:09.0707 0x16a8  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
15:56:09.0714 0x16a8  QWAVE - ok
15:56:09.0734 0x16a8  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:56:09.0736 0x16a8  QWAVEdrv - ok
15:56:09.0753 0x16a8  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:56:09.0754 0x16a8  RasAcd - ok
15:56:09.0773 0x16a8  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
15:56:09.0775 0x16a8  RasAgileVpn - ok
15:56:09.0794 0x16a8  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
15:56:09.0797 0x16a8  RasAuto - ok
15:56:09.0820 0x16a8  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:56:09.0824 0x16a8  Rasl2tp - ok
15:56:09.0847 0x16a8  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
15:56:09.0856 0x16a8  RasMan - ok
15:56:09.0872 0x16a8  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:56:09.0875 0x16a8  RasPppoe - ok
15:56:09.0890 0x16a8  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:56:09.0893 0x16a8  RasSstp - ok
15:56:09.0909 0x16a8  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:56:09.0916 0x16a8  rdbss - ok
15:56:09.0928 0x16a8  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
15:56:09.0929 0x16a8  rdpbus - ok
15:56:09.0949 0x16a8  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:56:09.0950 0x16a8  RDPCDD - ok
15:56:09.0968 0x16a8  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:56:09.0968 0x16a8  RDPENCDD - ok
15:56:09.0986 0x16a8  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
15:56:09.0987 0x16a8  RDPREFMP - ok
15:56:10.0033 0x16a8  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
15:56:10.0034 0x16a8  RdpVideoMiniport - ok
15:56:10.0070 0x16a8  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:56:10.0075 0x16a8  RDPWD - ok
15:56:10.0095 0x16a8  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:56:10.0100 0x16a8  rdyboost - ok
15:56:10.0132 0x16a8  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:56:10.0136 0x16a8  RemoteAccess - ok
15:56:10.0153 0x16a8  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:56:10.0158 0x16a8  RemoteRegistry - ok
15:56:10.0177 0x16a8  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:56:10.0180 0x16a8  RpcEptMapper - ok
15:56:10.0192 0x16a8  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
15:56:10.0194 0x16a8  RpcLocator - ok
15:56:10.0222 0x16a8  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
15:56:10.0230 0x16a8  RpcSs - ok
15:56:10.0251 0x16a8  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:56:10.0253 0x16a8  rspndr - ok
15:56:10.0315 0x16a8  [ D2D055E7ED70A5EE885D17D35DF97E80, 51781E55EEE111140A261822D3F78D76AD288E9DDF8578E236358E0AEB872C2F ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
15:56:10.0330 0x16a8  RTL8167 - ok
15:56:10.0344 0x16a8  RTL8192cu - ok
15:56:10.0390 0x16a8  [ B3F36B4B3F192EA87DDC119F3A0B3E45, DE80502994ED9977AD64483385A0BC0C6060EA9E9C08645E72FBBCFE8B2358C7 ] RTL8192su       C:\Windows\system32\DRIVERS\RTL8192su.sys
15:56:10.0405 0x16a8  RTL8192su - ok
15:56:10.0443 0x16a8  [ 63A9F32EAFCE8D5D171FE189823A58E1, 3574E42EDBF9C583CDF3F525EC400D63860C54DA88EFB4E14548147DB0C182DE ] rzendpt         C:\Windows\system32\DRIVERS\rzendpt.sys
15:56:10.0444 0x16a8  rzendpt - ok
15:56:10.0494 0x16a8  [ 6A0C6BAE535BB5FFE6FBCB48023B77C0, C0BA911D94DFAEBE3DA76AA6B91B840F6A05BE10C4A8A6BA0800992E0F5D5324 ] rzudd           C:\Windows\system32\DRIVERS\rzudd.sys
15:56:10.0498 0x16a8  rzudd - ok
15:56:10.0513 0x16a8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
15:56:10.0515 0x16a8  SamSs - ok
15:56:10.0542 0x16a8  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:56:10.0545 0x16a8  sbp2port - ok
15:56:10.0578 0x16a8  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:56:10.0583 0x16a8  SCardSvr - ok
15:56:10.0622 0x16a8  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:56:10.0623 0x16a8  scfilter - ok
15:56:10.0700 0x16a8  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
15:56:10.0723 0x16a8  Schedule - ok
15:56:10.0754 0x16a8  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:56:10.0755 0x16a8  SCPolicySvc - ok
15:56:10.0772 0x16a8  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:56:10.0776 0x16a8  SDRSVC - ok
15:56:10.0790 0x16a8  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:56:10.0791 0x16a8  secdrv - ok
15:56:10.0818 0x16a8  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
15:56:10.0821 0x16a8  seclogon - ok
15:56:10.0930 0x16a8  [ 398A81D590424441B2F5C5C08073CADB, 1E064DFCC49EB0D8A4150276BF796B9DFA030C451570A170EC940F8CBAAD80F3 ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
15:56:10.0956 0x16a8  Secunia PSI Agent - ok
15:56:10.0994 0x16a8  [ 8C2D3A80FC90A860F0F24DEB67471481, CE4D17B63149C44B4CD5CB7776FD4705DC675F6D2D077D53BE15578294EBC9D4 ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
15:56:11.0005 0x16a8  Secunia Update Agent - ok
15:56:11.0022 0x16a8  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
15:56:11.0029 0x16a8  SENS - ok
15:56:11.0067 0x16a8  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:56:11.0069 0x16a8  SensrSvc - ok
15:56:11.0094 0x16a8  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
15:56:11.0095 0x16a8  Serenum - ok
15:56:11.0115 0x16a8  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
15:56:11.0118 0x16a8  Serial - ok
15:56:11.0144 0x16a8  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
15:56:11.0146 0x16a8  sermouse - ok
15:56:11.0185 0x16a8  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
15:56:11.0189 0x16a8  SessionEnv - ok
15:56:11.0207 0x16a8  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
15:56:11.0208 0x16a8  sffdisk - ok
15:56:11.0231 0x16a8  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:56:11.0232 0x16a8  sffp_mmc - ok
15:56:11.0240 0x16a8  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
15:56:11.0241 0x16a8  sffp_sd - ok
15:56:11.0252 0x16a8  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
15:56:11.0254 0x16a8  sfloppy - ok
15:56:11.0292 0x16a8  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:56:11.0300 0x16a8  SharedAccess - ok
15:56:11.0330 0x16a8  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:56:11.0339 0x16a8  ShellHWDetection - ok
15:56:11.0361 0x16a8  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
15:56:11.0363 0x16a8  SiSRaid2 - ok
15:56:11.0382 0x16a8  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
15:56:11.0384 0x16a8  SiSRaid4 - ok
15:56:11.0413 0x16a8  [ E00BA977EA507FB19BDD9594AFA13C47, 78A07DD3E9258AC49B815BF5E4CCA1184F8708CC7B96C2A910270608C4D8B153 ] SKYNETU2C       C:\Windows\system32\DRIVERS\SkyNetU2C_AMD64.SYS
15:56:11.0419 0x16a8  SKYNETU2C - ok
15:56:11.0481 0x16a8  [ 050A4112B00BCA2E13314CDE48C1DEEE, 86C679CD494DEEB984372BF954EFBB8982AC7995FBF89FCF83BC228991D1B825 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
15:56:11.0486 0x16a8  SkypeUpdate - ok
15:56:11.0522 0x16a8  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:56:11.0524 0x16a8  Smb - ok
15:56:11.0560 0x16a8  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:56:11.0562 0x16a8  SNMPTRAP - ok
15:56:11.0583 0x16a8  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
15:56:11.0584 0x16a8  spldr - ok
15:56:11.0622 0x16a8  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
15:56:11.0632 0x16a8  Spooler - ok
15:56:11.0742 0x16a8  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
15:56:11.0797 0x16a8  sppsvc - ok
15:56:11.0822 0x16a8  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
15:56:11.0825 0x16a8  sppuinotify - ok
15:56:11.0857 0x16a8  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:56:11.0867 0x16a8  srv - ok
15:56:11.0885 0x16a8  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:56:11.0894 0x16a8  srv2 - ok
15:56:11.0905 0x16a8  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:56:11.0909 0x16a8  srvnet - ok
15:56:11.0939 0x16a8  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:56:11.0944 0x16a8  SSDPSRV - ok
15:56:11.0968 0x16a8  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:56:11.0970 0x16a8  SstpSvc - ok
15:56:12.0044 0x16a8  [ CC7ED069C2FC82B5B1555C2044C765CC, CE43363544A3EE2C5133CD0D47BF34AFAFA4EAD6AC9EB9A772EE55E89D4D89D4 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
15:56:12.0063 0x16a8  Steam Client Service - ok
15:56:12.0090 0x16a8  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
15:56:12.0092 0x16a8  stexstor - ok
15:56:12.0120 0x16a8  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
15:56:12.0133 0x16a8  stisvc - ok
15:56:12.0153 0x16a8  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
15:56:12.0154 0x16a8  swenum - ok
15:56:12.0184 0x16a8  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
15:56:12.0196 0x16a8  swprv - ok
15:56:12.0252 0x16a8  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
15:56:12.0288 0x16a8  SysMain - ok
15:56:12.0305 0x16a8  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:56:12.0308 0x16a8  TabletInputService - ok
15:56:12.0348 0x16a8  [ 3C32FF010F869BC184DF71290477384E, 55CFCEC7F026C6E2E96A2FBE846AB513BB12BB0348735274FE1B71AF019C837B ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
15:56:12.0349 0x16a8  tap0901 - ok
15:56:12.0373 0x16a8  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:56:12.0381 0x16a8  TapiSrv - ok
15:56:12.0405 0x16a8  [ 048CFE7569D6ADCAB9349BB1A566A79E, E248D2A66881FDFF9505896F383EFFEF2FD5AFC15D8992E653F5C31F1F80DAF3 ] tbhsd           C:\Windows\system32\drivers\tbhsd.sys
15:56:12.0407 0x16a8  tbhsd - ok
15:56:12.0434 0x16a8  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
15:56:12.0436 0x16a8  TBS - ok
15:56:12.0498 0x16a8  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:56:12.0536 0x16a8  Tcpip - ok
15:56:12.0585 0x16a8  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:56:12.0615 0x16a8  TCPIP6 - ok
15:56:12.0661 0x16a8  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:56:12.0663 0x16a8  tcpipreg - ok
15:56:12.0690 0x16a8  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:56:12.0691 0x16a8  TDPIPE - ok
15:56:12.0718 0x16a8  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:56:12.0720 0x16a8  TDTCP - ok
15:56:12.0739 0x16a8  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:56:12.0742 0x16a8  tdx - ok
15:56:12.0917 0x16a8  [ 4ACFC5853A3F0C6C2F54E537C23EE90F, 47D81F471A250696A1A0D19294FC553EB88D813612A8351C89F65D7BF99C8532 ] TeamViewer9     C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
15:56:12.0993 0x16a8  TeamViewer9 - ok
15:56:13.0020 0x16a8  [ F5520DBB47C60EE83024B38720ABDA24, B8E555D92440BF93E3B55A66E27CEF936477EF7528F870D3B78BD3B294A05CC0 ] teamviewervpn   C:\Windows\system32\DRIVERS\teamviewervpn.sys
15:56:13.0020 0x16a8  teamviewervpn - ok
15:56:13.0045 0x16a8  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
15:56:13.0046 0x16a8  TermDD - ok
15:56:13.0090 0x16a8  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
15:56:13.0106 0x16a8  TermService - ok
15:56:13.0134 0x16a8  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
15:56:13.0136 0x16a8  Themes - ok
15:56:13.0158 0x16a8  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
15:56:13.0160 0x16a8  THREADORDER - ok
15:56:13.0177 0x16a8  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
15:56:13.0181 0x16a8  TrkWks - ok
15:56:13.0222 0x16a8  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:56:13.0226 0x16a8  TrustedInstaller - ok
15:56:13.0272 0x16a8  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:56:13.0274 0x16a8  tssecsrv - ok
15:56:13.0317 0x16a8  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
15:56:13.0319 0x16a8  TsUsbFlt - ok
15:56:13.0349 0x16a8  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
15:56:13.0351 0x16a8  TsUsbGD - ok
15:56:13.0378 0x16a8  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:56:13.0381 0x16a8  tunnel - ok
15:56:13.0405 0x16a8  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
15:56:13.0407 0x16a8  uagp35 - ok
15:56:13.0430 0x16a8  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:56:13.0437 0x16a8  udfs - ok
15:56:13.0476 0x16a8  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:56:13.0479 0x16a8  UI0Detect - ok
15:56:13.0523 0x16a8  [ 5B99D25F5CA1F20CCED62381ED41793E, 672B40021E0C623ED8C7E3203261837B43A5EE750E59DAFC4D6EAC4911B12F44 ] UimBus          C:\Windows\system32\DRIVERS\UimBus.sys
15:56:13.0524 0x16a8  UimBus - ok
15:56:13.0538 0x16a8  [ 67F428FA5F059A974529ECBA6A6C9D71, 912BCAEC818317AFD051351D5EAAF3B5EC8E5AD3CC9C1B8FC17F5DB78829615A ] Uim_DEVIM       C:\Windows\system32\DRIVERS\uim_devim.sys
15:56:13.0539 0x16a8  Uim_DEVIM - ok
15:56:13.0568 0x16a8  [ 76E93AD89DEC20EE2AF99E17183F85AB, 4ED49ADA41FA2BFDCC11861241428E23E8396E72BE10929FF01F0FE48D3DF2C2 ] Uim_IM          C:\Windows\system32\DRIVERS\uim_im.sys
15:56:13.0580 0x16a8  Uim_IM - ok
15:56:13.0605 0x16a8  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:56:13.0611 0x16a8  uliagpkx - ok
15:56:13.0672 0x16a8  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
15:56:13.0674 0x16a8  umbus - ok
15:56:13.0694 0x16a8  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
15:56:13.0696 0x16a8  UmPass - ok
15:56:13.0726 0x16a8  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
15:56:13.0733 0x16a8  upnphost - ok
15:56:13.0779 0x16a8  [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
15:56:13.0782 0x16a8  USBAAPL64 - ok
15:56:13.0812 0x16a8  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:56:13.0814 0x16a8  usbccgp - ok
15:56:13.0843 0x16a8  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:56:13.0846 0x16a8  usbcir - ok
15:56:13.0880 0x16a8  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
15:56:13.0882 0x16a8  usbehci - ok
15:56:13.0907 0x16a8  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:56:13.0915 0x16a8  usbhub - ok
15:56:13.0942 0x16a8  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
15:56:13.0944 0x16a8  usbohci - ok
15:56:13.0975 0x16a8  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:56:13.0976 0x16a8  usbprint - ok
15:56:14.0014 0x16a8  [ AAA2513C8AED8B54B189FD0C6B1634C0, 02FEE0B756AA559C29477A19861AC16D5A3152DC3C897C7D466423438B6A5E42 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
15:56:14.0016 0x16a8  usbscan - ok
15:56:14.0037 0x16a8  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:56:14.0040 0x16a8  USBSTOR - ok
15:56:14.0064 0x16a8  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
15:56:14.0065 0x16a8  usbuhci - ok
15:56:14.0097 0x16a8  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
15:56:14.0100 0x16a8  UxSms - ok
15:56:14.0113 0x16a8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
15:56:14.0114 0x16a8  VaultSvc - ok
15:56:14.0180 0x16a8  [ BC72F198968C1D483435F29ACFAFEA78, C1514E9D309A461D9D10D0C2637757F7796946B93A276200F7BE78CA428BFB0A ] VBoxDrv         C:\Windows\system32\DRIVERS\VBoxDrv.sys
15:56:14.0195 0x16a8  VBoxDrv - ok
15:56:14.0213 0x16a8  [ 8FD4BE594B4247E534E5D7CADA47FF20, A1D4DF89FAE48B2A6E3443C49533000A3E13A3CE1C18D8DB5DAEE4DDD9C51E88 ] VBoxNetAdp      C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
15:56:14.0215 0x16a8  VBoxNetAdp - ok
15:56:14.0228 0x16a8  [ 7C7B16651E383C828A8FAB2B4E7D144E, 4EC92D9E83A2768F9B368FD88DE99F426E2B6FDCDEB346ED1B75DBA2E6E53F43 ] VBoxNetFlt      C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
15:56:14.0231 0x16a8  VBoxNetFlt - ok
15:56:14.0265 0x16a8  [ 97F31032ECA2AA9CD6F456ADEA27EDA4, 7057ADFC8B73F860A690064565F259D5145B07C90DA811F6351CF2283BD61161 ] VBoxUSBMon      C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
15:56:14.0267 0x16a8  VBoxUSBMon - ok
15:56:14.0292 0x16a8  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
15:56:14.0293 0x16a8  vdrvroot - ok
15:56:14.0332 0x16a8  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
15:56:14.0344 0x16a8  vds - ok
15:56:14.0368 0x16a8  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:56:14.0370 0x16a8  vga - ok
15:56:14.0388 0x16a8  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:56:14.0389 0x16a8  VgaSave - ok
15:56:14.0418 0x16a8  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
15:56:14.0423 0x16a8  vhdmp - ok
15:56:14.0447 0x16a8  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
15:56:14.0448 0x16a8  viaide - ok
15:56:14.0468 0x16a8  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:56:14.0470 0x16a8  volmgr - ok
15:56:14.0487 0x16a8  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:56:14.0495 0x16a8  volmgrx - ok
15:56:14.0518 0x16a8  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:56:14.0524 0x16a8  volsnap - ok
15:56:14.0546 0x16a8  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
15:56:14.0550 0x16a8  vsmraid - ok
15:56:14.0621 0x16a8  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
15:56:14.0655 0x16a8  VSS - ok
15:56:14.0693 0x16a8  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
15:56:14.0694 0x16a8  vwifibus - ok
15:56:14.0712 0x16a8  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
15:56:14.0714 0x16a8  vwififlt - ok
15:56:14.0746 0x16a8  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
15:56:14.0748 0x16a8  vwifimp - ok
15:56:14.0776 0x16a8  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
15:56:14.0785 0x16a8  W32Time - ok
15:56:14.0824 0x16a8  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
15:56:14.0825 0x16a8  WacomPen - ok
15:56:14.0847 0x16a8  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:56:14.0850 0x16a8  WANARP - ok
15:56:14.0861 0x16a8  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:56:14.0863 0x16a8  Wanarpv6 - ok
15:56:14.0920 0x16a8  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
15:56:14.0946 0x16a8  WatAdminSvc - ok
15:56:15.0017 0x16a8  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
15:56:15.0050 0x16a8  wbengine - ok
15:56:15.0071 0x16a8  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:56:15.0076 0x16a8  WbioSrvc - ok
15:56:15.0114 0x16a8  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:56:15.0123 0x16a8  wcncsvc - ok
15:56:15.0139 0x16a8  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:56:15.0141 0x16a8  WcsPlugInService - ok
15:56:15.0167 0x16a8  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
15:56:15.0169 0x16a8  Wd - ok
15:56:15.0214 0x16a8  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:56:15.0230 0x16a8  Wdf01000 - ok
15:56:15.0258 0x16a8  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:56:15.0261 0x16a8  WdiServiceHost - ok
15:56:15.0272 0x16a8  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:56:15.0274 0x16a8  WdiSystemHost - ok
15:56:15.0306 0x16a8  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
15:56:15.0313 0x16a8  WebClient - ok
15:56:15.0352 0x16a8  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:56:15.0358 0x16a8  Wecsvc - ok
15:56:15.0377 0x16a8  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:56:15.0380 0x16a8  wercplsupport - ok
15:56:15.0399 0x16a8  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:56:15.0402 0x16a8  WerSvc - ok
15:56:15.0429 0x16a8  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:56:15.0430 0x16a8  WfpLwf - ok
15:56:15.0445 0x16a8  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:56:15.0446 0x16a8  WIMMount - ok
15:56:15.0472 0x16a8  WinDefend - ok
15:56:15.0504 0x16a8  WinHttpAutoProxySvc - ok
15:56:15.0553 0x16a8  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:56:15.0559 0x16a8  Winmgmt - ok
15:56:15.0643 0x16a8  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
15:56:15.0687 0x16a8  WinRM - ok
15:56:15.0747 0x16a8  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
15:56:15.0748 0x16a8  WinUsb - ok
15:56:15.0788 0x16a8  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:56:15.0808 0x16a8  Wlansvc - ok
15:56:15.0916 0x16a8  [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:56:15.0952 0x16a8  wlidsvc - ok
15:56:15.0984 0x16a8  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
15:56:15.0986 0x16a8  WmiAcpi - ok
15:56:16.0093 0x16a8  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:56:16.0097 0x16a8  wmiApSrv - ok
15:56:16.0135 0x16a8  WMPNetworkSvc - ok
15:56:16.0158 0x16a8  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:56:16.0160 0x16a8  WPCSvc - ok
15:56:16.0177 0x16a8  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:56:16.0181 0x16a8  WPDBusEnum - ok
15:56:16.0210 0x16a8  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:56:16.0211 0x16a8  ws2ifsl - ok
15:56:16.0229 0x16a8  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
15:56:16.0232 0x16a8  wscsvc - ok
15:56:16.0256 0x16a8  [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
15:56:16.0257 0x16a8  WSDPrintDevice - ok
15:56:16.0275 0x16a8  [ 4A2A5C50DD1A63577D3ACA94269FBC7F, F75C1906D431CF871AD954218DF32A0F206E45FF49332DEF9F13C0A36A407047 ] WSDScan         C:\Windows\system32\DRIVERS\WSDScan.sys
15:56:16.0277 0x16a8  WSDScan - ok
15:56:16.0287 0x16a8  WSearch - ok
15:56:16.0329 0x16a8  [ 82E8F5AA03DF7DBDB8A33F700D5D8CDA, 7EEB1B8F1430AFB06A18DC6107DBDD57EBBF473FF96F3578481EB89724823393 ] wsvd            C:\Windows\system32\DRIVERS\wsvd.sys
15:56:16.0333 0x16a8  wsvd - ok
15:56:16.0415 0x16a8  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
15:56:16.0467 0x16a8  wuauserv - ok
15:56:16.0494 0x16a8  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:56:16.0496 0x16a8  WudfPf - ok
15:56:16.0535 0x16a8  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:56:16.0540 0x16a8  WUDFRd - ok
15:56:16.0571 0x16a8  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:56:16.0574 0x16a8  wudfsvc - ok
15:56:16.0616 0x16a8  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
15:56:16.0623 0x16a8  WwanSvc - ok
15:56:16.0741 0x16a8  [ 74983ADDCA2D9618512C088D856D6615, C4592EFC1206BD813221814FD529AD38ED26E4AE086613EB95D3D5E20448A1F0 ] {329F96B6-DF1E-4328-BFDA-39EA953C1312} C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl
15:56:16.0744 0x16a8  {329F96B6-DF1E-4328-BFDA-39EA953C1312} - ok
15:56:16.0800 0x16a8  ================ Scan global ===============================
15:56:16.0818 0x16a8  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
15:56:16.0844 0x16a8  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
15:56:16.0855 0x16a8  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
15:56:16.0872 0x16a8  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
15:56:16.0885 0x16a8  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
15:56:16.0893 0x16a8  [ Global ] - ok
15:56:16.0893 0x16a8  ================ Scan MBR ==================================
15:56:16.0901 0x16a8  [ 8BCB23B30DB1819E7D8DDAE01AEBB583 ] \Device\Harddisk0\DR0
15:56:18.0995 0x16a8  \Device\Harddisk0\DR0 - ok
15:56:18.0998 0x16a8  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk1\DR1
15:56:19.0002 0x16a8  \Device\Harddisk1\DR1 - ok
15:56:19.0003 0x16a8  ================ Scan VBR ==================================
15:56:19.0033 0x16a8  [ 619A03A875D85497D559FA3E19E9DE27 ] \Device\Harddisk0\DR0\Partition1
15:56:19.0137 0x16a8  \Device\Harddisk0\DR0\Partition1 - ok
15:56:19.0170 0x16a8  [ 3FF33BD34C636E1585DC471E89E87719 ] \Device\Harddisk0\DR0\Partition2
15:56:19.0230 0x16a8  \Device\Harddisk0\DR0\Partition2 - ok
15:56:19.0240 0x16a8  [ AD2784BD0870F297A9EDC5E45E76DFE0 ] \Device\Harddisk0\DR0\Partition3
15:56:19.0242 0x16a8  \Device\Harddisk0\DR0\Partition3 - ok
15:56:19.0244 0x16a8  [ 7C75F1A9B515359C09BEEAA1B3DCC26B ] \Device\Harddisk1\DR1\Partition1
15:56:19.0246 0x16a8  \Device\Harddisk1\DR1\Partition1 - ok
15:56:19.0247 0x16a8  ================ Scan generic autorun ======================
15:56:19.0608 0x16a8  [ 7F9E5AD3AD1C0CCCF8094E28911B5068, 76D043B7DE0A175B8AA510F49F5983C9852FD4F38AE0FB023D9A339BB63AC269 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
15:56:19.0817 0x16a8  RTHDVCPL - ok
15:56:19.0891 0x16a8  [ DC73E11DC27E7D9AEF884EBE816C4240, 638485C85F7183E2B3060B8FD3189EA47F873B84EE34CAB99526A3A1CC3EE62B ] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
15:56:19.0895 0x16a8  IAStorIcon - ok
15:56:19.0919 0x16a8  [ AE797B72D85E87D403FC11135507922C, F4FC1E5B9EA2DAB6CDF7FDEE279F7902D3A7832A8EE8CADEDE71E6A2F11FA938 ] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
15:56:19.0921 0x16a8  NUSB3MON - ok
15:56:20.0069 0x16a8  [ CB2A6C163235218A7E6AD5FF112AB1FC, BAB2D0BED939301F466F053D91AF908D864BD62499062A09F0FF6E55DB9B3B37 ] c:\program files (x86)\emsisoft internet security\a2guard.exe
15:56:20.0143 0x16a8  emsisoft anti-malware - ok
15:56:20.0230 0x16a8  [ 3CD5FD3FED5388DC01A072DB5D06C9CD, BED3D0CE4EF7A8D0FAB8B1E2E519D2B7F9BB81E62F5CBC6C968179FC20956165 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe
15:56:20.0241 0x16a8  StartCCC - ok
15:56:20.0304 0x16a8  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
15:56:20.0322 0x16a8  Sidebar - ok
15:56:20.0343 0x16a8  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
15:56:20.0346 0x16a8  mctadmin - ok
15:56:20.0373 0x16a8  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
15:56:20.0390 0x16a8  Sidebar - ok
15:56:20.0395 0x16a8  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
15:56:20.0397 0x16a8  mctadmin - ok
15:56:20.0423 0x16a8  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\sidebar.exe
15:56:20.0440 0x16a8  Sidebar - ok
15:56:20.0505 0x16a8  [ E3BF29CED96790CDAAFA981FFDDF53A3, 76CB27EF7B27E5636EDA9D95229519B2A2870729A0BB694F1FD11CD602BAC4DC ] C:\Program Files\Windows Sidebar\sidebar.exe
15:56:20.0535 0x16a8  Sidebar - ok
15:56:20.0536 0x16a8  Waiting for KSN requests completion. In queue: 53
15:56:21.0536 0x16a8  Waiting for KSN requests completion. In queue: 53
15:56:22.0536 0x16a8  Waiting for KSN requests completion. In queue: 11
15:56:23.0550 0x16a8  AV detected via SS2: Emsisoft Internet Security, C:\PROGRAM FILES (X86)\EMSISOFT INTERNET SECURITY\a2start.exe ( 9.0.0.4668 ), 0x41000 ( enabled : updated )
15:56:23.0551 0x16a8  FW detected via SS2: Emsisoft Internet Security, C:\PROGRAM FILES (X86)\EMSISOFT INTERNET SECURITY\a2start.exe ( 9.0.0.4668 ), 0x41010 ( enabled )
15:56:26.0325 0x16a8  ============================================================
15:56:26.0325 0x16a8  Scan finished
15:56:26.0325 0x16a8  ============================================================
15:56:26.0330 0x0e64  Detected object count: 0
15:56:26.0330 0x0e64  Actual detected object count: 0
         
__________________
__________________

Alt 05.12.2014, 15:48   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Thunderbird Trojaner Fund - Standard

Thunderbird Trojaner Fund



Ich glaube Du musst nochmal den Unterschied von IMAP und POP3 nachlesen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 05.12.2014, 19:15   #5
BeRealm
 
Thunderbird Trojaner Fund - Standard

Thunderbird Trojaner Fund



Zitat:
Die (PC-)Clients greifen direkt online auf die Informationen auf den Servern zu und müssen allenfalls Kopien davon beherbergen. Während ein Benutzer von POP nach Verlust seines PC entweder alle E-Mails verloren hat oder bereits gelöschte E-Mails erneut erhält, behält ein Benutzer von IMAP seine Mails auf den Servern und, auch über mehrere und verschiedene Clients hinweg, immer einen einheitlichen Zugriff.(Quelle: Wikipedia)
Ich lese daraus das bei IMAP die E-Mails am Server bleiben und eben nicht auf den Client kommen es sei den man stellt es so ein das diese gespeichert werden. Deshalb habe ich ja gefragt was für Einstellungen man bei Thunderbird treffen könnte.
Ich weiß bis jetzt auch immer noch nicht wie der Trojaner bei mir gelandet ist?
Und vorallem wie ich sowas künftig verhindern kann?

Edit: Heute hatte ich wieder 5 mal einen Bluescreen. Ich habe aber nichts großartig verändert, keine neue Hardware und keine neuen Programme installiert oO

__________________
MfG
BeRealm

Alt 06.12.2014, 16:26   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Thunderbird Trojaner Fund - Standard

Thunderbird Trojaner Fund



Zitat:
Ich lese daraus das bei IMAP die E-Mails am Server bleiben und eben nicht auf den Client kommen
Völlig falsch. Der Unterschied ist sie blieben nach Abholung auf dem Server, und werden nicht vom Server gelöscht. Die sind aber IMMER auf deinem PC, immer.

Lösch die Mail die angemeckert wird und gut is.

Lade Dir bitte Bluescreenview und installiere es:
BlueScreenView - Download - Filepony

Öffnen und den aktuellsten Dump analysieren lassen (macht das Tool automatisch).
Output hier posten.
__________________
--> Thunderbird Trojaner Fund

Alt 07.12.2014, 00:07   #7
BeRealm
 
Thunderbird Trojaner Fund - Standard

Thunderbird Trojaner Fund



Code:
ATTFilter
ntoskrnl.exe	ntoskrnl.exe+f20d4	fffff800`0324a000	fffff800`0382f000	0x005e5000	0x531590fb	04/03/2014 09:38:19	Microsoft® Windows® Operating System	NT Kernel & System	6.1.7601.18409 (win7sp1_gdr.140303-2144)	Microsoft Corporation	C:\Windows\system32\ntoskrnl.exe	
tcpip.sys	tcpip.sys+27fb4	fffff880`01a01000	fffff880`01c00000	0x001ff000	0x533f5bd4	05/04/2014 02:26:44						
hal.dll		fffff800`03201000	fffff800`0324a000	0x00049000	0x4ce7c669	20/11/2010 14:00:25						
kdcom.dll		fffff800`00ba7000	fffff800`00bb1000	0x0000a000	0x4d4d8061	05/02/2011 17:52:49						
mcupdate_GenuineIntel.dll		fffff880`00ca6000	fffff880`00cf5000	0x0004f000	0x4ce7c737	20/11/2010 14:03:51						
PSHED.dll		fffff880`00cf5000	fffff880`00d09000	0x00014000	0x4a5be027	14/07/2009 02:32:23	Betriebssystem Microsoft® Windows®	Plattformspezifischer Hardwarefehlertreiber	6.1.7600.16385 (win7_rtm.090713-1255)	Microsoft Corporation	C:\Windows\system32\PSHED.dll	
CLFS.SYS		fffff880`00d09000	fffff880`00d67000	0x0005e000	0x4a5bc11d	14/07/2009 00:19:57						
CI.dll		fffff880`00e6b000	fffff880`00f2b000	0x000c0000	0x4ce7c944	20/11/2010 14:12:36						
Wdf01000.sys		fffff880`00f2b000	fffff880`00fed000	0x000c2000	0x51c51641	22/06/2013 04:13:05						
WDFLDR.SYS		fffff880`00fed000	fffff880`00ffd000	0x00010000	0x5010ab70	26/07/2012 03:29:04						
ACPI.sys		fffff880`00e00000	fffff880`00e57000	0x00057000	0x4ce79294	20/11/2010 10:19:16						
WMILIB.SYS		fffff880`00e57000	fffff880`00e60000	0x00009000	0x4a5bc117	14/07/2009 00:19:51						
msisadrv.sys		fffff880`00e60000	fffff880`00e6a000	0x0000a000	0x4a5bc0fe	14/07/2009 00:19:26						
pci.sys		fffff880`00d67000	fffff880`00d9a000	0x00033000	0x4ce7928f	20/11/2010 10:19:11						
vdrvroot.sys		fffff880`00d9a000	fffff880`00da7000	0x0000d000	0x4a5bcadb	14/07/2009 01:01:31						
partmgr.sys		fffff880`00da7000	fffff880`00dbc000	0x00015000	0x4f641bc1	17/03/2012 06:06:09						
volmgr.sys		fffff880`00dbc000	fffff880`00dd1000	0x00015000	0x4ce792a0	20/11/2010 10:19:28						
volmgrx.sys		fffff880`00c00000	fffff880`00c5c000	0x0005c000	0x4ce792eb	20/11/2010 10:20:43						
mountmgr.sys		fffff880`00c5c000	fffff880`00c76000	0x0001a000	0x4ce79299	20/11/2010 10:19:21						
iaStor.sys		fffff880`0104a000	fffff880`013ec000	0x003a2000	0x4dd69c48	20/05/2011 17:52:24						
amdxata.sys		fffff880`013ec000	fffff880`013f7000	0x0000b000	0x4ba3a3ca	19/03/2010 17:18:18						
fltmgr.sys		fffff880`014cd000	fffff880`01519000	0x0004c000	0x4ce7929c	20/11/2010 10:19:24						
fileinfo.sys		fffff880`01519000	fffff880`0152d000	0x00014000	0x4a5bc481	14/07/2009 00:34:25						
Ntfs.sys		fffff880`0162a000	fffff880`017d3000	0x001a9000	0x52e1be8a	24/01/2014 02:14:50						
msrpc.sys		fffff880`0152d000	fffff880`0158b000	0x0005e000	0x4ce79334	20/11/2010 10:21:56						
ksecdd.sys		fffff880`017d3000	fffff880`017ee000	0x0001b000	0x5348920e	12/04/2014 02:08:30						
cng.sys		fffff880`0158b000	fffff880`015fd000	0x00072000	0x50194fb7	01/08/2012 16:48:07						
pcw.sys		fffff880`017ee000	fffff880`017ff000	0x00011000	0x4a5bc0ff	14/07/2009 00:19:27						
Fs_Rec.sys		fffff880`01600000	fffff880`0160a000	0x0000a000	0x4f4eefd2	01/03/2012 04:41:06						
ndis.sys		fffff880`0185b000	fffff880`0194d000	0x000f2000	0x5034f6b2	22/08/2012 16:11:46						
NETIO.SYS		fffff880`0194d000	fffff880`019ad000	0x00060000	0x5294760d	26/11/2013 11:21:01						
ksecpkg.sys		fffff880`019ad000	fffff880`019d9000	0x0002c000	0x543c7790	14/10/2014 02:08:32						
fwpkclnt.sys		fffff880`01800000	fffff880`01849000	0x00049000	0x533f5b09	05/04/2014 02:23:21						
volsnap.sys		fffff880`01400000	fffff880`0144c000	0x0004c000	0x4ce792c8	20/11/2010 10:20:08						
spldr.sys		fffff880`01849000	fffff880`01851000	0x00008000	0x4a0858bb	11/05/2009 17:56:27						
rdyboost.sys		fffff880`0144c000	fffff880`01486000	0x0003a000	0x4ce7982e	20/11/2010 10:43:10						
mup.sys		fffff880`019d9000	fffff880`019eb000	0x00012000	0x4a5bc201	14/07/2009 00:23:45						
hwpolicy.sys		fffff880`019eb000	fffff880`019f4000	0x00009000	0x4ce7927e	20/11/2010 10:18:54						
fvevol.sys		fffff880`01486000	fffff880`014c0000	0x0003a000	0x5100a65c	24/01/2013 04:11:24						
disk.sys		fffff880`0160a000	fffff880`01620000	0x00016000	0x4a5bc11d	14/07/2009 00:19:57						
CLASSPNP.SYS		fffff880`01000000	fffff880`01030000	0x00030000	0x4ce7929b	20/11/2010 10:19:23						
dtsoftbus01.sys		fffff880`02e1e000	fffff880`02e67000	0x00049000	0x4f10358a	13/01/2012 14:45:46						
cdrom.sys		fffff880`02e67000	fffff880`02e91000	0x0002a000	0x4ce79298	20/11/2010 10:19:20						
a2dix64.sys		fffff880`02e91000	fffff880`02ea0000	0x0000f000	0x5221c6af	31/08/2013 11:34:23						
Null.SYS		fffff880`02ea0000	fffff880`02ea9000	0x00009000	0x4a5bc109	14/07/2009 00:19:37						
Beep.SYS		fffff880`02ea9000	fffff880`02eb0000	0x00007000	0x4a5bca8d	14/07/2009 01:00:13						
vga.sys		fffff880`02eb0000	fffff880`02ebe000	0x0000e000	0x4a5bc587	14/07/2009 00:38:47						
VIDEOPRT.SYS		fffff880`02ebe000	fffff880`02ee3000	0x00025000	0x4a5bc58b	14/07/2009 00:38:51						
watchdog.sys		fffff880`02ee3000	fffff880`02ef3000	0x00010000	0x4a5bc53f	14/07/2009 00:37:35						
RDPCDD.sys		fffff880`02ef3000	fffff880`02efc000	0x00009000	0x4a5bce62	14/07/2009 01:16:34						
rdpencdd.sys		fffff880`02efc000	fffff880`02f05000	0x00009000	0x4a5bce62	14/07/2009 01:16:34						
rdprefmp.sys		fffff880`02f05000	fffff880`02f0e000	0x00009000	0x4a5bce63	14/07/2009 01:16:35						
Msfs.SYS		fffff880`02f0e000	fffff880`02f19000	0x0000b000	0x4a5bc113	14/07/2009 00:19:47						
Npfs.SYS		fffff880`02f19000	fffff880`02f2a000	0x00011000	0x4a5bc114	14/07/2009 00:19:48						
tdx.sys		fffff880`02f2a000	fffff880`02f4c000	0x00022000	0x4ce79332	20/11/2010 10:21:54						
TDI.SYS		fffff880`02f4c000	fffff880`02f59000	0x0000d000	0x4ce7933e	20/11/2010 10:22:06						
fwtdi64.sys		fffff880`07063000	fffff880`07110000	0x000ad000	0x5469412a	17/11/2014 01:28:26						
afd.sys		fffff880`07110000	fffff880`07199000	0x00089000	0x5388291c	30/05/2014 07:45:48						
netbt.sys		fffff880`07199000	fffff880`071de000	0x00045000	0x4ce79386	20/11/2010 10:23:18						
wfplwf.sys		fffff880`071de000	fffff880`071e7000	0x00009000	0x4a5bccb6	14/07/2009 01:09:26						
pacer.sys		fffff880`07000000	fffff880`07026000	0x00026000	0x4ce7a862	20/11/2010 11:52:18						
vwififlt.sys		fffff880`07026000	fffff880`0703c000	0x00016000	0x4a5bcc3a	14/07/2009 01:07:22						
netbios.sys		fffff880`0703c000	fffff880`0704b000	0x0000f000	0x4a5bccb6	14/07/2009 01:09:26						
wanarp.sys		fffff880`02f59000	fffff880`02f74000	0x0001b000	0x4ce7a874	20/11/2010 11:52:36						
VBoxUSBMon.sys		fffff880`02f74000	fffff880`02f9a000	0x00026000	0x540f1c2a	09/09/2014 16:26:34						
VBoxDrv.sys		fffff880`0749e000	fffff880`07581000	0x000e3000	0x540f1cbf	09/09/2014 16:29:03						
uim_im.sys		fffff880`0768e000	fffff880`07736e00	0x000a8e00	0x52af2462	16/12/2013 17:03:46						
UimFIO.SYS		fffff880`07737000	fffff880`077bca00	0x00085a00	0x52af244a	16/12/2013 17:03:22						
uim_devim.sys		fffff880`077bd000	fffff880`077c1280	0x00004280	0x52af246d	16/12/2013 17:03:57						
UimBus.sys		fffff880`077c2000	fffff880`077dd000	0x0001b000	0x52af244e	16/12/2013 17:03:26						
termdd.sys		fffff880`077dd000	fffff880`077f1000	0x00014000	0x4ce7ab0c	20/11/2010 12:03:40						
rdbss.sys		fffff880`07600000	fffff880`07651000	0x00051000	0x4ce79497	20/11/2010 10:27:51						
nsiproxy.sys		fffff880`07651000	fffff880`0765d000	0x0000c000	0x4a5bc15e	14/07/2009 00:21:02						
mssmbios.sys		fffff880`0765d000	fffff880`07668000	0x0000b000	0x4a5bc3be	14/07/2009 00:31:10						
fwwfp764.sys		fffff880`07581000	fffff880`075e9000	0x00068000	0x54694157	17/11/2014 01:29:11						
discache.sys		fffff880`07668000	fffff880`07677000	0x0000f000	0x4a5bc52e	14/07/2009 00:37:18						
dfsc.sys		fffff880`07400000	fffff880`0741e000	0x0001e000	0x4ce79447	20/11/2010 10:26:31						
blbdrive.sys		fffff880`07677000	fffff880`07688000	0x00011000	0x4a5bc4df	14/07/2009 00:35:59						
a2util64.sys		fffff880`077f1000	fffff880`077fb000	0x0000a000	0x537059be	12/05/2014 06:18:54						
a2ddax64.sys		fffff880`0741e000	fffff880`07428000	0x0000a000	0x51396c04	08/03/2013 05:41:40						
tunnel.sys		fffff880`07428000	fffff880`0744e000	0x00026000	0x4ce7a846	20/11/2010 11:51:50						
intelppm.sys		fffff880`0744e000	fffff880`07464000	0x00016000	0x4a5bc0fd	14/07/2009 00:19:25						
atikmpag.sys		fffff880`078c7000	fffff880`07959000	0x00092000	0x5417612a	15/09/2014 22:59:06						
atikmdag.sys		fffff880`0f2c5000	fffff880`1032f000	0x0106a000	0x54176654	15/09/2014 23:21:08						
dxgkrnl.sys		fffff880`07a7b000	fffff880`07b70000	0x000f5000	0x539e411c	16/06/2014 01:58:04						
dxgmms1.sys		fffff880`07b70000	fffff880`07bb6000	0x00046000	0x5164dc13	10/04/2013 04:27:15						
HDAudBus.sys		fffff880`07bb6000	fffff880`07bda000	0x00024000	0x4ce7a65e	20/11/2010 11:43:42						
usbehci.sys		fffff880`07bda000	fffff880`07bec000	0x00012000	0x52954db7	27/11/2013 02:41:11						
USBPORT.SYS		fffff880`07a00000	fffff880`07a56000	0x00056000	0x52954db7	27/11/2013 02:41:11						
Rt64win7.sys		fffff880`07cf1000	fffff880`07dd8000	0x000e7000	0x536b4de6	08/05/2014 10:27:02						
1394ohci.sys		fffff880`07c00000	fffff880`07c3e000	0x0003e000	0x4ce7a6a8	20/11/2010 11:44:56						
nusb3xhc.sys		fffff880`07c3e000	fffff880`07c77000	0x00039000	0x4e30ab36	28/07/2011 01:20:06						
USBD.SYS		fffff880`07c77000	fffff880`07c78e80	0x00001e80	0x52954daf	27/11/2013 02:41:03						
CompositeBus.sys		fffff880`07c79000	fffff880`07c89000	0x00010000	0x4ce7a3ed	20/11/2010 11:33:17						
tbhsd.sys		fffff880`07c89000	fffff880`07c99000	0x00010000	0x50749ec6	09/10/2012 23:01:42						
portcls.sys		fffff880`07c99000	fffff880`07cd6000	0x0003d000	0x524e1b82	04/10/2013 02:36:02						
drmk.sys		fffff880`07dd8000	fffff880`07dfa000	0x00022000	0x524e24fe	04/10/2013 03:16:30						
ks.sys		fffff880`1032f000	fffff880`10372000	0x00043000	0x4ce7a3f3	20/11/2010 11:33:23						
ksthunk.sys		fffff880`07dfa000	fffff880`07dff200	0x00005200	0x4a5bca93	14/07/2009 01:00:19						
AgileVpn.sys		fffff880`07cd6000	fffff880`07cec000	0x00016000	0x4a5bccf0	14/07/2009 01:10:24						
rasl2tp.sys		fffff880`07a56000	fffff880`07a7a000	0x00024000	0x4ce7a872	20/11/2010 11:52:34						
ndistapi.sys		fffff880`07bec000	fffff880`07bf8000	0x0000c000	0x4a5bccd8	14/07/2009 01:10:00						
ndiswan.sys		fffff880`10372000	fffff880`103a1000	0x0002f000	0x4ce7a870	20/11/2010 11:52:32						
raspppoe.sys		fffff880`103a1000	fffff880`103bc000	0x0001b000	0x4a5bcce9	14/07/2009 01:10:17						
raspptp.sys		fffff880`103bc000	fffff880`103dd000	0x00021000	0x4ce7a86f	20/11/2010 11:52:31						
rassstp.sys		fffff880`103dd000	fffff880`103f7000	0x0001a000	0x4a5bccf1	14/07/2009 01:10:25						
teamviewervpn.sys		fffff880`0f200000	fffff880`0f20d000	0x0000d000	0x4760f9c1	13/12/2007 10:22:09						
tap0901.sys		fffff880`0f20d000	fffff880`0f21a000	0x0000d000	0x521606a1	22/08/2013 13:40:01						
VBoxNetAdp.sys		fffff880`0f21a000	fffff880`0f242000	0x00028000	0x540f1c2a	09/09/2014 16:26:34						
fwndis64.sys		fffff880`0f242000	fffff880`0f2ba000	0x00078000	0x54694135	17/11/2014 01:28:37						
kbdclass.sys		fffff880`0798f000	fffff880`0799e000	0x0000f000	0x4a5bc116	14/07/2009 00:19:50						
mouclass.sys		fffff880`0799e000	fffff880`079ad000	0x0000f000	0x4a5bc116	14/07/2009 00:19:50						
VBoxNetFlt.sys		fffff880`079ad000	fffff880`079d8000	0x0002b000	0x540f1c2a	09/09/2014 16:26:34						
swenum.sys		fffff880`07cec000	fffff880`07ced480	0x00001480	0x4a5bca92	14/07/2009 01:00:18						
umbus.sys		fffff880`079d8000	fffff880`079ea000	0x00012000	0x4ce7a695	20/11/2010 11:44:37						
usbhub.sys		fffff880`07800000	fffff880`0785a000	0x0005a000	0x52954dd0	27/11/2013 02:41:36						
NDProxy.SYS		fffff880`0785a000	fffff880`0786f000	0x00015000	0x4ce7a864	20/11/2010 11:52:20						
AtihdW76.sys		fffff880`0786f000	fffff880`0788a000	0x0001b000	0x53a63ff9	22/06/2014 03:31:21						
RTKVHD64.sys		fffff880`09223000	fffff880`095e6e80	0x003c3e80	0x5368e03d	06/05/2014 14:14:37						
nusb3hub.sys		fffff880`09200000	fffff880`0921c000	0x0001c000	0x4e30ab34	28/07/2011 01:20:04						
usbccgp.sys		fffff880`0788a000	fffff880`078a7000	0x0001d000	0x52954dbb	27/11/2013 02:41:15						
hidusb.sys		fffff880`095e7000	fffff880`095f5000	0x0000e000	0x4ce7a665	20/11/2010 11:43:49						
HIDCLASS.SYS		fffff880`078a7000	fffff880`078c0000	0x00019000	0x51d3a2f1	03/07/2013 05:05:05						
HIDPARSE.SYS		fffff880`095f5000	fffff880`095fd080	0x00008080	0x51d3a2f0	03/07/2013 05:05:04						
kbdhid.sys		fffff880`07959000	fffff880`07967000	0x0000e000	0x4ce7a3f5	20/11/2010 11:33:25						
mouhid.sys		fffff880`07967000	fffff880`07974000	0x0000d000	0x4a5bca94	14/07/2009 01:00:20						
USBSTOR.SYS		fffff880`07974000	fffff880`0798f000	0x0001b000	0x4d79a6fc	11/03/2011 05:37:16						
crashdmp.sys		fffff880`079ea000	fffff880`079f8000	0x0000e000	0x4a5bcabd	14/07/2009 01:01:01						
dump_iaStor.sys		fffff880`0205e000	fffff880`02400000	0x003a2000	0x4dd69c48	20/05/2011 17:52:24						
dump_dumpfve.sys		fffff880`02000000	fffff880`02013000	0x00013000	0x4a5bc18f	14/07/2009 00:21:51						
win32k.sys		fffff960`000c0000	fffff960`003e2000	0x00322000	0x00000000							
Dxapi.sys		fffff880`02013000	fffff880`0201f000	0x0000c000	0x4a5bc574	14/07/2009 00:38:28						
monitor.sys		fffff880`0201f000	fffff880`0202d000	0x0000e000	0x4a5bc58c	14/07/2009 00:38:52						
TSDDD.dll		fffff960`00420000	fffff960`0042a000	0x0000a000	0x00000000							
cdd.dll		fffff960`006d0000	fffff960`006f7000	0x00027000	0x00000000							
luafv.sys		fffff880`0202d000	fffff880`02050000	0x00023000	0x4a5bc295	14/07/2009 00:26:13						
ATMFD.DLL		fffff960`00810000	fffff960`00871000	0x00061000	0x00000000		Adobe Type Manager	Windows NT OpenType/Type 1 Font Driver	5.1 Build 238	Adobe Systems Incorporated	C:\Windows\system32\ATMFD.DLL	
lltdio.sys		fffff880`07464000	fffff880`07479000	0x00015000	0x4a5bcc92	14/07/2009 01:08:50						
nwifi.sys		fffff880`02f9a000	fffff880`02fed000	0x00053000	0x4a5bcc3b	14/07/2009 01:07:23						
ndisuio.sys		fffff880`07479000	fffff880`0748c000	0x00013000	0x4ce7a7e0	20/11/2010 11:50:08						
rspndr.sys		fffff880`0704b000	fffff880`07063000	0x00018000	0x4a5bcc92	14/07/2009 01:08:50						
HTTP.sys		fffff880`0644d000	fffff880`06516000	0x000c9000	0x4ce793ce	20/11/2010 10:24:30						
bowser.sys		fffff880`06516000	fffff880`06534000	0x0001e000	0x4d649328	23/02/2011 05:55:04						
mpsdrv.sys		fffff880`06534000	fffff880`0654c000	0x00018000	0x4a5bcc79	14/07/2009 01:08:25						
mrxsmb.sys		fffff880`0654c000	fffff880`06579000	0x0002d000	0x4db78226	27/04/2011 03:40:38						
mrxsmb10.sys		fffff880`06579000	fffff880`065c7000	0x0004e000	0x4e17c104	09/07/2011 03:46:28						
mrxsmb20.sys		fffff880`065c7000	fffff880`065eb000	0x00024000	0x4db781e9	27/04/2011 03:39:37						
ntk_PowerDVD12_64.sys		fffff880`06400000	fffff880`06424000	0x00024000	0x4dcbd2e0	12/05/2011 13:30:24						
peauth.sys		fffff880`08c07000	fffff880`08cad000	0x000a6000	0x4a5bd8df	14/07/2009 02:01:19						
secdrv.SYS		fffff880`08cad000	fffff880`08cb8000	0x0000b000	0x4508052e	13/09/2006 14:18:38						
srvnet.sys		fffff880`08cb8000	fffff880`08ce9000	0x00031000	0x4dba2aff	29/04/2011 04:05:35						
spsys.sys		fffff880`08ce9000	fffff880`08d5a000	0x00071000	0x4a085e7a	11/05/2009 18:20:58						
tcpipreg.sys		fffff880`08d5a000	fffff880`08d6c000	0x00012000	0x506c62be	03/10/2012 17:07:26						
000.fcl		fffff880`08d6c000	fffff880`08d97000	0x0002b000	0x48dcdf7a	26/09/2008 14:11:22						
srv2.sys		fffff880`08d97000	fffff880`08e00000	0x00069000	0x4dba2b0a	29/04/2011 04:05:46						
srv.sys		fffff880`0a874000	fffff880`0a90c000	0x00098000	0x4dba2b1e	29/04/2011 04:06:06						
cleanhlp64.sys		fffff880`0a90c000	fffff880`0a91d000	0x00011000	0x52495785	30/09/2013 11:50:45						
WudfPf.sys		fffff880`0a91d000	fffff880`0a936000	0x00019000	0x5010aae5	26/07/2012 03:26:45						
a2accx64.sys		fffff880`0a936000	fffff880`0a94b000	0x00015000	0x536c7e7e	09/05/2014 08:06:38						
WUDFRd.sys		fffff880`0a94b000	fffff880`0a981000	0x00036000	0x5010aabe	26/07/2012 03:26:06
         
Code:
ATTFilter
==================================================
Dump File         : 120514-23166-01.dmp
Crash Time        : 05/12/2014 19:58:06
Bug Check String  : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code    : 0x0000000a
Parameter 1       : 00000000`00000000
Parameter 2       : 00000000`00000002
Parameter 3       : 00000000`00000001
Parameter 4       : fffff800`032c8c3f
Caused By Driver  : tcpip.sys
Caused By Address : tcpip.sys+27fb4
File Description  : 
Product Name      : 
Company           : 
File Version      : 
Processor         : x64
Crash Address     : ntoskrnl.exe+75bc0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\120514-23166-01.dmp
Processors Count  : 8
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 274.888
Dump File Time    : 05/12/2014 19:59:36
==================================================
         
Also richtet die Mail keinen größeren Schaden an auch wenn sie am Rechner ist?

Ich hoffe das richtige ist bei dabei, war mir unsicher welches gemeint ist
__________________
MfG
BeRealm

Alt 07.12.2014, 21:06   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Thunderbird Trojaner Fund - Standard

Thunderbird Trojaner Fund



naja, solange du den Anhang nicht öffnest und ausführst macht die Mail gar nix.

Poste mal bitte ein frisches FRST Log. Und:


Downloade dir bitte Farbar's MiniToolBox auf deinen Desktop und starte das Tool

Setze einen Haken bei folgenden Einträgen
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset IE Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
  • List Minidump Files
Klicke Go und poste den Inhalt der Result.txt.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 07.12.2014, 23:11   #9
BeRealm
 
Thunderbird Trojaner Fund - Standard

Thunderbird Trojaner Fund




FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-12-2014 01
Ran by nobody (administrator) on nobody-PC on 07-12-2014 22:59:17
Running from C:\Users\nobody\Downloads
Loaded Profile: nobody (Available profiles: nobody & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Internet Security\a2service.exe
(AMD) C:\Windows\System32\atieclxx.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Internet Security\a2guard.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Farbar) C:\Users\nobody\Downloads\MiniToolBox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13671640 2000-01-01] (Realtek Semiconductor)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2011-04-15] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft internet security\a2guard.exe [4954576 2014-12-02] (Emsisoft GmbH)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-4215263498-307554076-952119999-1000\...\Policies\Explorer: [NoRecentDocsNetHood] 1
HKU\S-1-5-21-4215263498-307554076-952119999-1000\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-21-4215263498-307554076-952119999-1000\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\S-1-5-21-4215263498-307554076-952119999-1000\...\MountPoints2: {af3d3d76-c40b-11e1-a69c-6c626d71b5ac} - K:\setup.exe -a
HKU\S-1-5-18\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse-Agent] => "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse] => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] => "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
IFEO\taskmgr.exe: [Debugger] "C:\USERS\nobody\PROCEXP.EXE"
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4215263498-307554076-952119999-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=20.4.0.40
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=20.4.0.40
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=20.4.0.40
HKU\S-1-5-21-4215263498-307554076-952119999-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
HKU\S-1-5-21-4215263498-307554076-952119999-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=MDNF&bmod=MDNF
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-4215263498-307554076-952119999-1000 -> {D4B784BE-9D95-493C-9913-1CBFF80823C3} URL = http://websearch.ask.com/redirect?client=ie&tb=NDV&o=15765&src=kw&q={searchTerms}&locale=&apn_ptnrs=NY&apn_dtid=YYYYYYYYDE&apn_uid=048098F7-35A8-4F01-AB9A-F8571793D74C&apn_sauid=DA1A58EF-DF01-4BE1-9D62-CFCB57AEADB1&
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} ->  No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\nobody\AppData\Roaming\Mozilla\Firefox\Profiles\osojicxh.default-1405634837334
FF Homepage: https://www.ixquick.de/
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1)%20%7B%20return%20'PROXY%20us03.sq.proxmate.me%3A8000%3B%20PROXY%20us07.sq.proxmate.me%3A8000%3B%20PROXY%20us06.sq.proxmate.me%3A8000%3B%20PROXY%20us05.sq.proxmate.me%3A8000%3B%20PROXY%20us08.sq.proxmate.me%3A8000%3B%20PROXY%20us02.sq.proxmate.me%3A8000%3B%20PROXY%20us09.sq.proxmate.me%3A8000%3B%20PROXY%20us04.sq.proxmate.me%3A8000%3B%20PROXY%20us11.sq.proxmate.me%3A8000%3B%20PROXY%20us01.sq.proxmate.me%3A8000%3B%20PROXY%20us10.sq.proxmate.me%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin HKU\S-1-5-21-4215263498-307554076-952119999-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF user.js: detected! => C:\Users\nobody\AppData\Roaming\Mozilla\Firefox\Profiles\osojicxh.default-1405634837334\user.js
FF Extension: Bloody Vikings! - C:\Users\nobody\AppData\Roaming\Mozilla\Firefox\Profiles\osojicxh.default-1405634837334\Extensions\bloodyvikings@ffs.bplaced.net.xpi [2014-08-12]
FF Extension: CanvasBlocker - C:\Users\nobody\AppData\Roaming\Mozilla\Firefox\Profiles\osojicxh.default-1405634837334\Extensions\CanvasBlocker@kkapsner.de.xpi [2014-12-01]
FF Extension: Ghostery - C:\Users\nobody\AppData\Roaming\Mozilla\Firefox\Profiles\osojicxh.default-1405634837334\Extensions\firefox@ghostery.com.xpi [2014-07-17]
FF Extension: ProxMate - Proxy on steroids! - C:\Users\nobody\AppData\Roaming\Mozilla\Firefox\Profiles\osojicxh.default-1405634837334\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2014-07-17]
FF Extension: Flagfox - C:\Users\nobody\AppData\Roaming\Mozilla\Firefox\Profiles\osojicxh.default-1405634837334\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-07-17]
FF Extension: NoScript - C:\Users\nobody\AppData\Roaming\Mozilla\Firefox\Profiles\osojicxh.default-1405634837334\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-07-17]
FF Extension: Adblock Plus - C:\Users\nobody\AppData\Roaming\Mozilla\Firefox\Profiles\osojicxh.default-1405634837334\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-17]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2014-11-11]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2014-11-11]
FF HKLM-x32\...\Firefox\Extensions: [{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}] - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.6.0.52\coFFFw

Chrome: 
=======
CHR Profile: C:\Users\nobody\AppData\Local\Google\Chrome\User Data\Default

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Internet Security\a2service.exe [4907232 2014-12-02] (Emsisoft GmbH)
R2 CLHNServiceForPowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [87336 2012-01-12] (CyberLink Corp.)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [75048 2012-01-12] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [296232 2012-01-12] (CyberLink)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [182304 2014-11-25] (EasyAntiCheat Ltd)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT INTERNET SECURITY\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Internet Security\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Internet Security\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Internet Security\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Internet Security\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-02-04] (DT Soft Ltd)
R1 EfwTdiFlt; C:\Program Files (x86)\Emsisoft Internet Security\fwtdi64.sys [705360 2014-12-02] ()
R3 fwndis; C:\Windows\System32\DRIVERS\fwndis64.sys [484952 2014-12-02] ()
R1 fwwfp; C:\Program Files (x86)\Emsisoft Internet Security\fwwfp764.sys [414424 2014-12-02] ()
R2 ntk_PowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [82928 2011-10-27] (Cyberlink Corp.)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39080 2014-04-09] (Razer Inc)
S3 SKYNETU2C; C:\Windows\System32\DRIVERS\SkyNetU2C_AMD64.SYS [270424 2010-05-10] (TechniSat Digital, S.A.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-12-05] ()
R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [102664 2014-01-23] ()
R1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [25992 2014-01-23] ()
R1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [700680 2014-01-23] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [146928 2012-01-11] (CyberLink Corp.)
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 pmem; \??\C:\Users\nobody\AppData\Local\Temp\_MEI59442\drivers\winpmem64.sys [X]
S3 RTL8192cu; system32\DRIVERS\RTL8192cu.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-07 22:59 - 2014-12-07 22:59 - 00000000 ____D () C:\Users\nobody\Downloads\FRST-OlderVersion
2014-12-07 22:58 - 2014-12-07 22:58 - 00401920 _____ (Farbar) C:\Users\nobody\Downloads\MiniToolBox.exe
2014-12-07 00:02 - 2014-12-07 00:02 - 00001868 _____ () C:\Users\nobody\Documents\dump.txt
2014-12-07 00:01 - 2014-12-07 00:01 - 00000000 ____D () C:\Users\nobody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
2014-12-07 00:01 - 2014-12-07 00:01 - 00000000 ____D () C:\Program Files (x86)\NirSoft
2014-12-07 00:00 - 2014-12-07 00:01 - 00141480 _____ () C:\Users\nobody\Downloads\bluescreenview_152setup.exe
2014-12-05 20:36 - 2014-12-05 20:36 - 00002258 _____ () C:\Windows\PFRO.log
2014-12-05 20:02 - 2014-12-07 20:57 - 00086870 _____ () C:\Windows\WindowsUpdate.log
2014-12-05 19:59 - 2014-12-05 19:59 - 529936009 _____ () C:\Windows\MEMORY.DMP
2014-12-05 19:59 - 2014-12-05 19:59 - 00274888 _____ () C:\Windows\Minidump\120514-23166-01.dmp
2014-12-05 19:56 - 2014-12-07 20:28 - 00000504 _____ () C:\Windows\setupact.log
2014-12-05 19:56 - 2014-12-05 19:56 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-04 15:55 - 2014-12-04 15:55 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\nobody\Downloads\tdsskiller.exe
2014-12-03 23:32 - 2014-12-07 22:59 - 00021421 _____ () C:\Users\nobody\Downloads\FRST.txt
2014-12-03 23:32 - 2014-12-03 23:33 - 00039721 _____ () C:\Users\nobody\Downloads\Addition.txt
2014-12-03 23:31 - 2014-12-07 22:59 - 02119680 _____ (Farbar) C:\Users\nobody\Downloads\FRST64.exe
2014-12-03 23:27 - 2014-12-03 23:27 - 00015362 _____ () C:\Users\nobody\Documents\cc_20141203_232727.reg
2014-12-03 21:58 - 2014-12-05 01:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-11-25 19:27 - 2014-11-25 19:27 - 00000000 ____D () C:\Users\nobody\AppData\Roaming\.mono
2014-11-25 19:24 - 2014-11-25 19:21 - 00182304 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe
2014-11-18 21:47 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-18 21:47 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-18 21:47 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-18 21:47 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-11 19:13 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-11 19:13 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-11 19:13 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-11 19:13 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-11 19:13 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-11 19:13 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-11 19:13 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-11 19:13 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-11 19:13 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-11 19:12 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-11 19:12 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-11 19:12 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-11 19:12 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-11 19:12 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-11 19:12 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-11 19:12 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-11 19:12 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-11 19:12 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-11 19:12 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-11 19:12 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-11 19:12 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-11 19:12 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-11 19:12 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-11 19:12 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-11 19:12 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-11 19:12 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-11 19:12 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-11 19:12 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-11 19:12 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-11 19:12 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-11 19:12 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-11 19:12 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-11 19:12 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-11 19:12 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-11 19:12 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-11 19:12 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-11 19:12 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-11 19:12 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-11 19:12 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-11 19:12 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-11 19:12 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-11 19:12 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-11 19:12 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-11 19:12 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-11 19:12 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-11 19:12 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-11 19:12 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-11 19:12 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-11 19:12 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-11 19:12 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-11 19:12 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-11 19:12 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-11 19:12 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-11 19:12 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-11 19:12 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-11 19:12 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-11 19:12 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-11 19:12 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-11 19:12 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-11 19:12 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-11 19:12 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-11 19:12 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-11 19:12 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-11 19:12 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-11 19:12 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-11 19:12 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-11 19:12 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-11 19:12 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-11 19:12 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-11 19:12 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-11 19:12 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-11 19:12 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-11 19:12 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-11 19:12 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-11 19:12 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-11 19:12 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-11 19:12 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-11 19:12 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-11 19:12 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-11 19:12 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-11 19:12 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-11 19:12 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-11 19:12 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-11 19:12 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-11 19:12 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-11 19:12 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-11 19:12 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-11 19:12 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-11 19:12 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-11 19:12 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-11 19:12 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-11 19:11 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-11 19:11 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-11 19:11 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-11 19:11 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-11 19:11 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-11 19:11 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-11 19:11 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-11 19:05 - 2014-11-11 19:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-09 13:54 - 2014-11-08 19:25 - 00000000 ____D () C:\Users\nobody\Downloads\VA-Reggae_Charts_Top_25_vom_06-11-2014-NoGroup
2014-11-09 13:53 - 2014-11-08 19:07 - 00000000 ____D () C:\Users\nobody\Downloads\Party_Schlager_Charts_Top_60-(KW-45-2014)-2014-NoGroup
2014-11-09 13:53 - 2014-11-07 19:41 - 00000000 ____D () C:\Users\nobody\Downloads\German_TOP50_ODC_10_11_2014-MCG
2014-11-08 18:40 - 2014-11-07 22:08 - 718073627 _____ () C:\Users\nobody\Downloads\pl-dracula.webrip.mkv

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-07 23:00 - 2013-07-21 15:20 - 00167192 _____ () C:\Users\nobody\Network_Meter_Data.js
2014-12-07 22:59 - 2014-09-08 17:20 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Internet Security
2014-12-07 22:59 - 2014-07-23 10:53 - 00000000 ____D () C:\FRST
2014-12-07 22:58 - 2012-06-15 14:25 - 00000000 ____D () C:\Users\nobody\AppData\Roaming\Skype
2014-12-07 20:34 - 2009-07-14 05:45 - 00016976 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-07 20:34 - 2009-07-14 05:45 - 00016976 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-07 20:28 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-07 16:55 - 2013-07-21 22:06 - 00000028 _____ () C:\Users\nobody\AppData\Roaming\Network Meter_Usage.ini
2014-12-07 07:27 - 2014-08-16 00:19 - 00000000 ____D () C:\Users\nobody\AppData\Roaming\OBS
2014-12-07 01:49 - 2012-06-15 15:48 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-07 00:09 - 2013-10-30 21:10 - 00000000 ____D () C:\Users\nobody\AppData\Roaming\Guild Wars 2
2014-12-07 00:08 - 2012-08-23 15:46 - 00000000 ____D () C:\Program Files (x86)\Guild Wars 2
2014-12-05 20:44 - 2013-07-21 17:36 - 00001034 _____ () C:\Users\nobody\AppData\Roaming\Network Meter_Settings.ini
2014-12-05 20:43 - 2014-09-28 21:09 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-12-05 20:41 - 2013-01-17 14:03 - 00000000 ____D () C:\Users\nobody\AppData\Roaming\NetSpeedMonitor
2014-12-05 20:21 - 2013-11-19 14:25 - 00000000 ____D () C:\Program Files\CyberGhost 5
2014-12-05 20:21 - 2012-12-15 04:58 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-12-05 20:11 - 2012-10-21 12:25 - 00000000 ____D () C:\Users\nobody\AppData\Roaming\Dropbox
2014-12-05 20:09 - 2014-11-04 01:07 - 00000000 ____D () C:\Users\nobody\AppData\Roaming\DVDVideoSoft
2014-12-05 20:06 - 2012-06-15 11:17 - 00000000 ____D () C:\Users\nobody
2014-12-05 20:05 - 2014-09-28 22:42 - 00000000 ____D () C:\Medion
2014-12-05 19:59 - 2012-06-16 16:20 - 00000000 ____D () C:\Windows\Minidump
2014-12-05 18:07 - 2014-08-19 18:23 - 00000000 ____D () C:\Users\nobody\AppData\Roaming\foobar2000
2014-12-03 23:10 - 2012-09-03 12:31 - 00000000 ____D () C:\Users\nobody\AppData\Roaming\TS3Client
2014-12-02 19:34 - 2014-09-08 17:20 - 00484952 _____ () C:\Windows\system32\Drivers\fwndis64.sys
2014-12-01 23:22 - 2013-06-06 11:55 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-01 18:07 - 2013-06-06 11:55 - 00003824 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-01 18:06 - 2012-06-15 13:51 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-01 18:06 - 2011-11-17 22:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-26 00:36 - 2014-06-26 22:53 - 00000600 _____ () C:\Users\nobody\AppData\Local\PUTTY.RND
2014-11-24 13:59 - 2014-08-16 00:19 - 00000000 ____D () C:\Program Files (x86)\OBS
2014-11-15 21:19 - 2011-03-11 10:20 - 00689118 _____ () C:\Windows\system32\perfh007.dat
2014-11-15 21:19 - 2011-03-11 10:20 - 00146450 _____ () C:\Windows\system32\perfc007.dat
2014-11-15 21:19 - 2009-07-14 06:13 - 01629508 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-15 15:33 - 2014-10-22 16:26 - 00002244 ____H () C:\Users\nobody\Documents\Default.rdp
2014-11-14 19:46 - 2014-01-09 16:31 - 00000000 ____D () C:\Users\nobody\AppData\Local\Downloaded Installations
2014-11-14 19:16 - 2009-07-14 04:20 - 00000000 ___RD () C:\Users\Public\Libraries
2014-11-13 19:18 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-13 18:50 - 2013-10-07 22:12 - 00000000 ____D () C:\Users\nobody\AppData\Roaming\vlc
2014-11-11 21:12 - 2012-06-15 11:18 - 00167360 _____ () C:\Users\nobody\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-11 21:10 - 2009-07-14 05:45 - 00547424 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-11 20:48 - 2013-07-16 17:40 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-11-11 20:20 - 2012-06-15 12:08 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-11 20:16 - 2013-07-29 23:34 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-11 20:14 - 2011-03-14 15:08 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-10 15:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF

Files to move or delete:
====================
C:\Users\nobody\Network_Meter_Data.js
C:\Users\nobody\ProcExp.exe


Some content of TEMP:
====================
C:\Users\nobody\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsil56s.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-05 17:37

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
MiniToolBox by Farbar  Version: 30-11-2014
Ran by nobody (administrator) on 07-12-2014 at 23:02:30
Running from "C:\Users\nobody\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows-IP-Konfiguration

Der DNS-Aufl�sungscache wurde geleert.

========================= IE Proxy Settings: ============================== 

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ============================== 

"network.proxy.autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20url.indexOf('.brightcove.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('turntable.fm')%20!%3D%20-1%20%26%26%20url.indexOf('static.turntable.fm')%20%3D%3D%20-1%20%26%26%20url.indexOf('s3.amazonaws.com')%20%3D%3D%20-1%20%26%26%20url.indexOf('ping.chartbeat.net')%20%3D%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*'))%20%7B%20return%20'PROXY%20ab-us17.personalitycores.com%3A8000%3B%20PROXY%20ab-us16.personalitycores.com%3A8000%3B%20PROXY%20ab-us11.personalitycores.com%3A8000%3B%20PROXY%20ab-us07.personalitycores.com%3A8000%3B%20PROXY%20ab-us02.personalitycores.com%3A8000%3B%20PROXY%20ab-us18.personalitycores.com%3A8000%3B%20PROXY%20ab-us12.personalitycores.com%3A8000%3B%20PROXY%20ab-us08.personalitycores.com%3A8000%3B%20PROXY%20ab-us13.personalitycores.com%3A8000%3B%20PROXY%20ab-us01.personalitycores.com%3A8000%3B%20PROXY%20ab-us03.personalitycores.com%3A8000%3B%20PROXY%20ab-us15.personalitycores.com%3A8000%3B%20PROXY%20ab-us14.personalitycores.com%3A8000%3B%20PROXY%20ab-us10.personalitycores.com%3A8000%3B%20PROXY%20ab-us09.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
"network.proxy.no_proxies_on", "localhost, 127.0.0.1, stealthy.co"

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================




127.0.0.1       localhost

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = LAN-Verbindung (Connected)
TeamViewer VPN Adapter = LAN-Verbindung 4 (Media disconnected)


# ----------------------------------
# IPv4-Konfiguration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# Ende der IPv4-Konfiguration



Windows-IP-Konfiguration

   Hostname  . . . . . . . . . . . . : nobody-PC
   Prim�res DNS-Suffix . . . . . . . : 
   Knotentyp . . . . . . . . . . . . : Hybrid
   IP-Routing aktiviert  . . . . . . : Nein
   WINS-Proxy aktiviert  . . . . . . : Nein

Ethernet-Adapter LAN-Verbindung 4:

   Medienstatus. . . . . . . . . . . : Medium getrennt
   Verbindungsspezifisches DNS-Suffix: 
   Beschreibung. . . . . . . . . . . : TeamViewer VPN Adapter
   Physikalische Adresse . . . . . . : 00-FF-E9-B7-5C-D2
   DHCP aktiviert. . . . . . . . . . : Ja
   Autokonfiguration aktiviert . . . : Ja

Ethernet-Adapter LAN-Verbindung:

   Verbindungsspezifisches DNS-Suffix: 
   Beschreibung. . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physikalische Adresse . . . . . . : 6C-62-6D-71-B5-AC
   DHCP aktiviert. . . . . . . . . . : Ja
   Autokonfiguration aktiviert . . . : Ja
   Verbindungslokale IPv6-Adresse  . : fe80::c5da:fd36:fbed:58d4%11(Bevorzugt) 
   IPv4-Adresse  . . . . . . . . . . : 192.168.1.2(Bevorzugt) 
   Subnetzmaske  . . . . . . . . . . : 255.255.255.0
   Lease erhalten. . . . . . . . . . : 07 Dezember 2014 20:28:52
   Lease l�uft ab. . . . . . . . . . : 08 Dezember 2014 20:28:52
   Standardgateway . . . . . . . . . : 192.168.1.1
   DHCP-Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6-IAID . . . . . . . . . . . : 255877510
   DHCPv6-Client-DUID. . . . . . . . : 00-01-00-01-17-6D-3F-81-6C-62-6D-71-B5-AC
   DNS-Server  . . . . . . . . . . . : fd00::c225:6ff:fead:5066
                                       192.168.1.1
   NetBIOS �ber TCP/IP . . . . . . . : Aktiviert

Tunneladapter Teredo Tunneling Pseudo-Interface:

   Verbindungsspezifisches DNS-Suffix: 
   Beschreibung. . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP aktiviert. . . . . . . . . . : Nein
   Autokonfiguration aktiviert . . . : Ja
   IPv6-Adresse. . . . . . . . . . . : 2001:0:9d38:6abd:10bf:1730:7d4b:cb71(Bevorzugt) 
   Verbindungslokale IPv6-Adresse  . : fe80::10bf:1730:7d4b:cb71%24(Bevorzugt) 
   Standardgateway . . . . . . . . . : ::
   NetBIOS �ber TCP/IP . . . . . . . : Deaktiviert

Tunneladapter isatap.{1C4C5172-2EC8-448A-A046-B44DFEB0304B}:

   Medienstatus. . . . . . . . . . . : Medium getrennt
   Verbindungsspezifisches DNS-Suffix: 
   Beschreibung. . . . . . . . . . . : Microsoft-ISATAP-Adapter #3
   Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP aktiviert. . . . . . . . . . : Nein
   Autokonfiguration aktiviert . . . : Ja

Tunneladapter isatap.{E9B75CD2-ED45-4CB1-8569-A503FB955164}:

   Medienstatus. . . . . . . . . . . : Medium getrennt
   Verbindungsspezifisches DNS-Suffix: 
   Beschreibung. . . . . . . . . . . : Microsoft-ISATAP-Adapter #4
   Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP aktiviert. . . . . . . . . . : Nein
   Autokonfiguration aktiviert . . . : Ja
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  fd00::c225:6ff:fead:5066

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.

Ping wird ausgef�hrt f�r google.com [173.194.116.200] mit 32 Bytes Daten:
Allgemeiner Fehler.
Allgemeiner Fehler.

Ping-Statistik f�r 173.194.116.200:
    Pakete: Gesendet = 2, Empfangen = 0, Verloren = 2
    (100% Verlust),
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  fd00::c225:6ff:fead:5066

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.

Ping wird ausgef�hrt f�r yahoo.com [98.138.253.109] mit 32 Bytes Daten:
Allgemeiner Fehler.
Allgemeiner Fehler.

Ping-Statistik f�r 98.138.253.109:
    Pakete: Gesendet = 2, Empfangen = 0, Verloren = 2
    (100% Verlust),

Ping wird ausgef�hrt f�r 127.0.0.1 mit 32 Bytes Daten:
Antwort von 127.0.0.1: Bytes=32 Zeit<1ms TTL=128
Antwort von 127.0.0.1: Bytes=32 Zeit<1ms TTL=128

Ping-Statistik f�r 127.0.0.1:
    Pakete: Gesendet = 2, Empfangen = 2, Verloren = 0
    (0% Verlust),
Ca. Zeitangaben in Millisek.:
    Minimum = 0ms, Maximum = 0ms, Mittelwert = 0ms
===========================================================================
Schnittstellenliste
 22...00 ff e9 b7 5c d2 ......TeamViewer VPN Adapter
 11...6c 62 6d 71 b5 ac ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 24...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 20...00 00 00 00 00 00 00 e0 Microsoft-ISATAP-Adapter #3
 21...00 00 00 00 00 00 00 e0 Microsoft-ISATAP-Adapter #4
===========================================================================

IPv4-Routentabelle
===========================================================================
Aktive Routen:
     Netzwerkziel    Netzwerkmaske          Gateway    Schnittstelle Metrik
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.2     10
        127.0.0.0        255.0.0.0   Auf Verbindung         127.0.0.1    306
        127.0.0.1  255.255.255.255   Auf Verbindung         127.0.0.1    306
  127.255.255.255  255.255.255.255   Auf Verbindung         127.0.0.1    306
      169.254.0.0      255.255.0.0   Auf Verbindung       192.168.1.2    306
  169.254.255.255  255.255.255.255   Auf Verbindung       192.168.1.2    266
      192.168.1.0    255.255.255.0   Auf Verbindung       192.168.1.2    266
      192.168.1.2  255.255.255.255   Auf Verbindung       192.168.1.2    266
    192.168.1.255  255.255.255.255   Auf Verbindung       192.168.1.2    266
        224.0.0.0        240.0.0.0   Auf Verbindung         127.0.0.1    306
        224.0.0.0        240.0.0.0   Auf Verbindung       192.168.1.2    266
  255.255.255.255  255.255.255.255   Auf Verbindung         127.0.0.1    306
  255.255.255.255  255.255.255.255   Auf Verbindung       192.168.1.2    266
===========================================================================
St�ndige Routen:
  Keine

IPv6-Routentabelle
===========================================================================
Aktive Routen:
 If Metrik Netzwerkziel             Gateway
 24     58 ::/0                     Auf Verbindung
  1    306 ::1/128                  Auf Verbindung
 24     58 2001::/32                Auf Verbindung
 24    306 2001:0:9d38:6abd:10bf:1730:7d4b:cb71/128
                                    Auf Verbindung
 11    266 fe80::/64                Auf Verbindung
 24    306 fe80::/64                Auf Verbindung
 24    306 fe80::10bf:1730:7d4b:cb71/128
                                    Auf Verbindung
 11    266 fe80::c5da:fd36:fbed:58d4/128
                                    Auf Verbindung
  1    306 ff00::/8                 Auf Verbindung
 24    306 ff00::/8                 Auf Verbindung
 11    266 ff00::/8                 Auf Verbindung
===========================================================================
St�ndige Routen:
  Keine
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/05/2014 08:02:51 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: CCC.exe, Version: 4.5.0.0, Zeitstempel: 0x53ad0dcc
Name des fehlerhaften Moduls: amdmantle64.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x5417637b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000007fee1cedee0
ID des fehlerhaften Prozesses: 0xc64
Startzeit der fehlerhaften Anwendung: 0xCCC.exe0
Pfad der fehlerhaften Anwendung: CCC.exe1
Pfad des fehlerhaften Moduls: CCC.exe2
Berichtskennung: CCC.exe3

Error: (12/05/2014 08:02:51 PM) (Source: .NET Runtime) (User: )
Description: Anwendung: CCC.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: Ausnahmecode c0000005, Ausnahmeadresse 000007FEE1CEDEE0
Stapel:

Error: (12/02/2014 00:39:18 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: LolClient.exe, Version: 0.0.0.0, Zeitstempel: 0x515663e0
Name des fehlerhaften Moduls: Adobe AIR.dll, Version: 3.7.0.1530, Zeitstempel: 0x5156646c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0006dd76
ID des fehlerhaften Prozesses: 0xf8c
Startzeit der fehlerhaften Anwendung: 0xLolClient.exe0
Pfad der fehlerhaften Anwendung: LolClient.exe1
Pfad des fehlerhaften Moduls: LolClient.exe2
Berichtskennung: LolClient.exe3

Error: (11/25/2014 08:18:25 PM) (Source: Software Protection Platform Service) (User: )
Description: Fehler bei der Erfassung des authentischen Tickets (hr=0xC004C32A) für die Vorlagen-ID 66c92734-d682-4d71-983e-d6ec3f16059f.

Error: (11/25/2014 08:18:25 PM) (Source: Software Protection Platform Service) (User: )
Description: Lizenzerwerb-Fehlerdetails. 
hr=0xC004C32A

Error: (11/25/2014 05:28:07 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: a2start.exe, Version: 9.0.0.4570, Zeitstempel: 0x543c0095
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00037017
ID des fehlerhaften Prozesses: 0x10a8
Startzeit der fehlerhaften Anwendung: 0xa2start.exe0
Pfad der fehlerhaften Anwendung: a2start.exe1
Pfad des fehlerhaften Moduls: a2start.exe2
Berichtskennung: a2start.exe3

Error: (11/24/2014 03:25:39 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 33.1.0.5423, Zeitstempel: 0x545c0a59
Name des fehlerhaften Moduls: mozalloc.dll, Version: 33.1.0.5423, Zeitstempel: 0x545be5ee
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x153c
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (11/24/2014 03:25:35 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 33.1.0.5423, Zeitstempel: 0x545c0a37
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc000041d
Fehleroffset: 0x74cf4f11
ID des fehlerhaften Prozesses: 0x14b0
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3

Error: (11/22/2014 01:30:36 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000004e4e4
ID des fehlerhaften Prozesses: 0x111c
Startzeit der fehlerhaften Anwendung: 0xvlc.exe0
Pfad der fehlerhaften Anwendung: vlc.exe1
Pfad des fehlerhaften Moduls: vlc.exe2
Berichtskennung: vlc.exe3

Error: (11/21/2014 01:26:14 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (12/07/2014 11:00:27 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (12/07/2014 10:50:27 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (12/07/2014 10:40:27 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (12/07/2014 10:30:27 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (12/07/2014 10:20:27 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (12/07/2014 10:10:27 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (12/07/2014 10:00:27 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (12/07/2014 09:50:27 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (12/07/2014 09:40:27 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (12/07/2014 09:30:27 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)


Microsoft Office Sessions:
=========================
Error: (12/05/2014 08:02:51 PM) (Source: Application Error)(User: )
Description: CCC.exe4.5.0.053ad0dccamdmantle64.dll_unloaded0.0.0.05417637bc0000005000007fee1cedee0c6401d010bdd16821ddC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeamdmantle64.dll4f39c969-7cb1-11e4-bbd5-c0ce23fdb765

Error: (12/05/2014 08:02:51 PM) (Source: .NET Runtime)(User: )
Description: Anwendung: CCC.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: Ausnahmecode c0000005, Ausnahmeadresse 000007FEE1CEDEE0
Stapel:

Error: (12/02/2014 00:39:18 AM) (Source: Application Error)(User: )
Description: LolClient.exe0.0.0.0515663e0Adobe AIR.dll3.7.0.15305156646cc00000050006dd76f8c01d00db7c6c3a69aC:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.119\deploy\LolClient.exeC:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.119\deploy\Adobe AIR\Versions\1.0\Adobe AIR.dll43e85891-79b3-11e4-a1cc-eeb433feb861

Error: (11/25/2014 08:18:25 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0xC004C32A66c92734-d682-4d71-983e-d6ec3f16059f

Error: (11/25/2014 08:18:25 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0xC004C32A00010001(0x00000000, 20:18:25:213 - http://go.microsoft.com/fwlink/?LinkId=151642)
00020001(0x00000000, 20:18:25:213)
00030001(0x00000000, 20:18:25:213 - http://go.microsoft.com)
00030002(0x00000000, 20:18:25:213 - 1)
00020005(0x00000000, 20:18:25:213 - 0)
0002000C(0x00000000, 20:18:25:373 - 302)
0002000E(0x00000000, 20:18:25:373 - https://validation.sls.microsoft.com/SLWGA/slwga.asmx)
00020001(0x00000000, 20:18:25:373)
00030001(0x00000000, 20:18:25:373 - https://validation.sls.microsoft.com)
00030002(0x00000000, 20:18:25:373 - 1)
00020005(0x00000000, 20:18:25:373 - 0)
0002000C(0x00000000, 20:18:25:753 - 500)
00010002(0x8004FC01, 20:18:25:753 - <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><soap:Body><soap:Fault><faultcode>soap:Server</faultcode><faultstring>SoapException</faultstring><detail><HRESULT>0xC004C32A</HRESULT><Messages><Message>553 (Validation) - [VGA: Required parameter not found in offline XML blob.  ---&gt; Parameter not found in offline XML blob - [Win7BootSectorMustExist]]</Message></Messages></detail></soap:Fault></soap:Body></soap:Envelope>)
00010003(0x8004FC01, 20:18:25:753)

Error: (11/25/2014 05:28:07 PM) (Source: Application Error)(User: )
Description: a2start.exe9.0.0.4570543c0095KERNELBASE.dll6.1.7601.1840953159a86c00000050003701710a801d008c1db4a4960C:\PROGRAM FILES (X86)\EMSISOFT INTERNET SECURITY\a2start.exeC:\Windows\syswow64\KERNELBASE.dll091030fd-74c0-11e4-b19e-87e3ea20ac6f

Error: (11/24/2014 03:25:39 PM) (Source: Application Error)(User: )
Description: plugin-container.exe33.1.0.5423545c0a59mozalloc.dll33.1.0.5423545be5ee8000000300001425153c01d007f05cd3d441C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllc3197b00-73e5-11e4-babf-d085a9d8476e

Error: (11/24/2014 03:25:35 PM) (Source: Application Error)(User: )
Description: firefox.exe33.1.0.5423545c0a37unknown0.0.0.000000000c000041d74cf4f1114b001d007f055636082C:\Program Files (x86)\Mozilla Firefox\firefox.exeunknownc07d2503-73e5-11e4-babf-d085a9d8476e

Error: (11/22/2014 01:30:36 PM) (Source: Application Error)(User: )
Description: vlc.exe2.1.5.000000000ntdll.dll6.1.7601.18247521eaf24c0000005000000000004e4e4111c01d00650181b4e1aC:\Program Files\VideoLAN\VLC\vlc.exeC:\Windows\SYSTEM32\ntdll.dll5b96ba22-7243-11e4-b767-92236b79a47f

Error: (11/21/2014 01:26:14 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Users\nobody\AppData\Local\Temp\_MEI59442\detekt.exe.manifest


CodeIntegrity Errors:
===================================
  Date: 2014-03-24 23:51:56.489
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-24 23:51:56.333
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-24 23:51:56.177
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-24 23:33:00.979
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-24 23:33:00.807
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-24 23:33:00.620
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-24 23:33:00.386
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-24 23:33:00.214
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-24 23:33:00.043
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-24 23:19:28.623
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\winsxs\Backup\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db_bcrypt.dll_e2f091ac" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.



=========================== Installed Programs ============================
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 15.0.0.356 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\{047904BA-C065-40D5-969A-C7D91CA93D62}) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
AMD Accelerated Video Transcoding (Version: 13.30.100.40915 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 2.5.793.1 - Advanced Micro Devices Inc.) Hidden
AMD AVIVO64 Codecs (Version: 11.7.0.11013 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2014.0915.1813.30937 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.61013.1636 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) Hidden
Ashampoo Burning Studio 2012 v.10.0.15 (HKLM-x32\...\Ashampoo Burning Studio 2012_is1) (Version: 10.0.15 - Ashampoo GmbH & Co. KG)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version:  - Irrational Games)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Canon MG5300 series Benutzerregistrierung (HKLM-x32\...\Canon MG5300 series Benutzerregistrierung) (Version:  - )
Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version:  - Canon Inc.)
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2014.0915.1813.30937 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2014.0915.1813.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.1312.54 - CyberLink Corp.)
CyberLink PowerDVD 12 (x32 Version: 12.0.1312.54 - CyberLink Corp.) Hidden
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.4125 - CyberLink Corp.)
CyberLink PowerRecover (x32 Version: 5.5.4125 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.46.1.0328 - DT Soft Ltd)
Day of Defeat: Source (HKLM-x32\...\Steam App 300) (Version:  - Valve)
Definition Update for Microsoft Office 2010 (KB2899521) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{E48DACEA-5789-4CC5-8584-2E268C560131}) (Version:  - Microsoft)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.52 - DivX, LLC)
Dungeon Defenders (HKLM-x32\...\Steam App 65800) (Version:  - )
Emsisoft Internet Security (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft GmbH)
foobar2000 v1.3.2 (HKLM-x32\...\foobar2000) (Version: 1.3.2 - Peter Pawlowski)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotogalerija (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotograf Galerisi (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotótár (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galeria fotografii (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Update Helper (x32 Version: 1.3.23.0 - DealPly Technologies Ltd) Hidden
Gothic 3 Enhanced Edition (HKLM-x32\...\{C28A686B-D439-4B83-B023-7402E982F69D}_is1) (Version:  - Nordic Games GmbH)
Gothic 3 Götterdämmerung Enhanced Edition (HKLM-x32\...\{6890095D-D7FE-465A-9B1D-BE605B1F5FD9}_is1) (Version:  - Nordic Games GmbH)
Gothic 3 Modkit v1.75.12 (HKLM-x32\...\{420DA6C7-EE34-4468-AE16-87205B7D24EF}_is1) (Version: v1.75.12 - Nordic Games GmbH)
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
Java 7 Update 65 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417065FF}) (Version: 7.0.650 - Oracle)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{FBE6F998-E9A0-4A15-974B-6592DCEEE7AC}) (Version: 7.0.2.6 - MAGIX Software GmbH)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2015 Premium (HKLM\...\MX.{EAC79752-A0A4-45DB-9F99-9F6445920F77}) (Version: 14.0.0.140 - MAGIX Software GmbH)
MAGIX Video deluxe 2015 Premium (Version: 14.0.0.140 - MAGIX Software GmbH) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (Version: 2.3.188.0 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 33.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 de)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.1.0 - Mozilla)
Mozilla Thunderbird 31.3.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.3.0 (x86 de)) (Version: 31.3.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version:  - )
NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version:  - )
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Paragon Backup & Recovery™ 2014 Free (HKLM\...\{C268B5E1-A5DA-11DF-A289-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PDF24 Creator 6.3.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.308.1 - Tracker Software Products Ltd)
Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poczta uslugi Windows Live (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Raccolta foto (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.86.508.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7240 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.25.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.25.0 - Renesas Electronics Corporation) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SlimDrivers (HKLM-x32\...\{A5457401-D56A-43F2-9524-78E54A7FC07A}) (Version: 2.2.32705 - SlimWare Utilities, Inc.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SUPER © v2014.build.60+Recorder (2014/02/18) Version v2014.buil (HKLM-x32\...\{8E2A18E2-96AF-8549-4DE7-5C06B75719A4}_is1) (Version: v2014.build.60+Recorder - eRightSoft)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2889935) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{153CD843-3EDC-412C-95B1-F36237DF8415}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{A4F91D60-654C-4892-BFD3-0D41ADA649B6}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{0B7744D2-1FDD-4843-9987-7CE11B79F370}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837602) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{8158D96B-083A-4FE4-8587-B5D0F49FE4B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837602) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{8158D96B-083A-4FE4-8587-B5D0F49FE4B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2889828) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{60C9499F-B532-4206-AB19-F88C3A7684D5}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2889828) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{C1954E2B-1672-4E5C-B564-F8CB2D08345B}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2878251) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{521F54B6-E2E5-462D-946E-8161830DDF18}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
WinRAR 5.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{F6EBBA16-FD92-4B34-9703-2B326FF7F364}) (Version: 21.01.8499 - Buhl Data Service GmbH)
S?????? f?t???af??? (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

========================= Memory info: ===================================

Percentage of memory in use: 41%
Total physical RAM: 6135.11 MB
Available physical RAM: 3601.83 MB
Total Pagefile: 12268.41 MB
Available Pagefile: 9088.8 MB
Total Virtual: 4095.88 MB
Available Virtual: 3964.39 MB

========================= Partitions: =====================================

1 Drive c: (Boot) (Fixed) (Total:880.41 GB) (Free:337.82 GB) NTFS
2 Drive d: (Recover) (Fixed) (Total:50 GB) (Free:0.01 GB) NTFS
4 Drive f: (Festplatte) (Fixed) (Total:465.76 GB) (Free:175.11 GB) NTFS

========================= Users: ========================================

Benutzerkonten fr \\nobody-PC

Administrator            Gast                     nobody                     
Der Befehl wurde erfolgreich ausgefhrt.

========================= Minidump Files ==================================

No minidump file found


**** End of log ****
         
__________________
MfG
BeRealm

Alt 08.12.2014, 20:25   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Thunderbird Trojaner Fund - Standard

Thunderbird Trojaner Fund



FRST öffnen, in das Suchfeld folgendes eintippen:

tcpip.*

und Search klicken. Bitte poste die Search.txt.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 08.12.2014, 23:35   #11
BeRealm
 
Thunderbird Trojaner Fund - Standard

Thunderbird Trojaner Fund



Code:
ATTFilter
Farbar Recovery Scan Tool (x64) Version: 07-12-2014 01
Ran by nobody at 2014-12-08 23:33:04
Running from C:\Users\nobody\Downloads
Boot Mode: Normal

================== Search Files: "tcpip.*" =============

C:\Windows\winsxs\x86_microsoft-windows-tcpip.resources_31bf3856ad364e35_6.1.7600.16385_de-de_2327f9833f998849\tcpip.sys.mui
[2011-03-11 10:19][2011-03-11 10:19] 0051712 ____A (Microsoft Corporation) 89242DCFD98AF214ABE76A73C166C559 [File is signed]

C:\Windows\winsxs\wow64_microsoft-windows-tcpip-mof_31bf3856ad364e35_6.1.7600.16385_none_9e277fcfd3015691\tcpip.mof
[2009-06-10 22:15][2009-06-10 22:15] 0003066 ____A () EEC4A068DE477651214F6C8014ECBEC0 [File is signed]

C:\Windows\winsxs\amd64_server-help-chm.tcpip.resources_31bf3856ad364e35_6.1.7600.16385_de-de_d89bb1ccde5d19ec\tcpip.CHM
[2011-03-11 10:19][2011-03-11 10:19] 0032962 ____A () 775B859F19336E188A6B742F0AA9C1F3 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-tcpip.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7f469506f7f6f97f\tcpip.sys.mui
[2011-03-11 10:19][2011-03-11 10:19] 0051712 ____A (Microsoft Corporation) 889616C5B0241E04271A32BCBADA5F3C [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-tcpip-mof_31bf3856ad364e35_6.1.7600.16385_none_93d2d57d9ea09496\tcpip.mof
[2009-06-10 21:31][2009-06-10 21:31] 0003066 ____A () EEC4A068DE477651214F6C8014ECBEC0 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22648_none_11b12f2896383dd1\tcpip.sys
[2014-06-11 11:35][2014-04-05 03:37] 1897408 ____A (Microsoft Corporation) 4F80944B03112F486212DC20BE166079 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22525_none_11c3cc3c962abcc3\tcpip.sys
[2014-01-16 23:15][2013-11-26 12:34] 1897408 ____A (Microsoft Corporation) F55B41AA6114568AC558ADBABDA85620 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22444_none_11ad2a34963bde27\tcpip.sys
[2013-10-10 11:35][2013-09-07 03:27] 1896896 ____A (Microsoft Corporation) 75F9106B74585D38C8FF6BB5CAD262D7 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22378_none_1190b9b296509a2f\tcpip.sys
[2013-08-15 10:23][2013-07-06 06:20] 1900992 ____A (Microsoft Corporation) B27F13153343BC37A27EAE01634D94E1 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22319_none_11d29984961f0be0\tcpip.sys
[2013-06-12 20:01][2013-05-08 07:14] 1900392 ____A (Microsoft Corporation) 3E94650745D4DAB67E161F5F32CEA597 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22209_none_11dd678a9616f2c8\tcpip.sys
[2013-02-14 10:06][2013-01-04 06:47] 1901416 ____A (Microsoft Corporation) B8C1AAC0523E1C33AEB0EF7572144BA2 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_11c2c45a962baed0\tcpip.sys
[2012-11-14 10:10][2012-10-03 18:44] 1902472 ____A (Microsoft Corporation) D5707FC2300AA5B04B7BFE86D40C0133 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22097_none_117a13de9661c145\tcpip.sys
[2012-09-12 07:04][2012-08-22 19:06] 1901936 ____A (Microsoft Corporation) 7880A26B7D3B96FDA8EFD9F985036B1D [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys
[2012-06-15 11:43][2012-03-30 11:26] 1901424 ____A (Microsoft Corporation) 885B202006EE17AE99B9FBCEC9AF88C9 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys
[2011-11-17 23:19][2011-09-29 18:41] 1912176 ____A (Microsoft Corporation) 3810F06A4D74A7D62641EE73D6B3C660 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_11a276c29643d7ec\tcpip.sys
[2011-09-01 21:00][2011-06-21 07:20] 1914752 ____A (Microsoft Corporation) A0EB71E0DC047C7CC95CD6AB4036296E [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys
[2011-06-21 15:30][2011-04-25 07:16] 1927552 ____A (Microsoft Corporation) B77977AEB2FF159D01DB08A309989C5F [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18438_none_113260637d1284ef\tcpip.sys
[2014-06-11 11:35][2014-04-05 03:47] 1903552 ____A (Microsoft Corporation) 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18254_none_1118bb977d265d27\tcpip.sys
[2013-10-10 11:35][2013-09-08 03:30] 1903552 ____A (Microsoft Corporation) 40AF23633D197905F03AB5628C558C51 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18203_none_114dcae97cfeb81b\tcpip.sys
[2013-08-15 10:23][2013-07-06 07:03] 1910208 ____A (Microsoft Corporation) DB74544B75566C974815E79A62433F29 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18148_none_11278ac57d1aa96b\tcpip.sys
[2013-06-12 20:01][2013-05-08 07:39] 1910632 ____A (Microsoft Corporation) 9849EA3843A2ADBDD1497E97A85D8CAE [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18042_none_112187237d20143a\tcpip.sys
[2013-02-14 10:06][2013-01-03 07:00] 1913192 ____A (Microsoft Corporation) B62A953F2BF3922C8764A29C34A22899 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_110e0fbd7d2e4b88\tcpip.sys
[2012-11-14 10:10][2012-10-03 18:56] 1914248 ____A (Microsoft Corporation) 37608401DFDB388CAF66917F6B2D6FB0 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17939_none_113380f37d117668\tcpip.sys
[2012-09-12 07:04][2012-08-22 19:12] 1913200 ____A (Microsoft Corporation) F782CAD3CEDBB3F9FFE3BF2775D92DDC [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys
[2012-06-15 11:43][2012-03-30 12:35] 1918320 ____A (Microsoft Corporation) ACB82BDA8F46C84F465C1AFA517DC4B9 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys
[2011-11-17 23:19][2011-09-29 17:29] 1923952 ____A (Microsoft Corporation) FC62769E7BFF2896035AEED399108162 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_11327af77d12659c\tcpip.sys
[2011-09-01 21:00][2011-06-21 07:34] 1923968 ____A (Microsoft Corporation) F0E98C00A09FDF791525829A1D14240F [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
[2011-06-21 15:30][2011-04-25 06:33] 1923968 ____A (Microsoft Corporation) 92CE29D95AC9DD2D0EE9061D551BA250 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2010-11-21 04:24][2010-11-21 04:24] 1924480 ____A (Microsoft Corporation) 509383E505C973ED7534A06B3D19688D [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-tcpip-adm_31bf3856ad364e35_6.1.7601.22124_none_91ae30e0b7c1437b\tcpip.admx
[2012-11-14 10:10][2012-09-03 11:53] 0010642 ____A () 72642743589B9BE7FDF70413243BA2A7 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-tcpip-adm_31bf3856ad364e35_6.1.7601.17964_none_90f97c439ec3e033\tcpip.admx
[2012-11-14 10:10][2012-09-03 11:59] 0010642 ____A () 72642743589B9BE7FDF70413243BA2A7 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-tcpip-adm_31bf3856ad364e35_6.1.7600.16385_none_8efe707fa1acdc48\tcpip.admx
[2009-06-10 21:49][2009-06-10 21:49] 0010059 ____A () AFEE9E69CA601B21AEAA5C1FD21F5A52 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-tcpip-adm.resources_31bf3856ad364e35_6.1.7601.22124_de-de_8cbbcaae4eb383e9\tcpip.adml
[2012-11-14 10:10][2012-10-03 18:31] 0015867 ____A () 327B41387C2D97D8E6153C03B600D0E8 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-tcpip-adm.resources_31bf3856ad364e35_6.1.7601.17964_de-de_8c07161135b620a1\tcpip.adml
[2012-11-14 10:10][2012-10-03 18:53] 0015867 ____A () 327B41387C2D97D8E6153C03B600D0E8 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-tcpip-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_8a0c0a4d389f1cb6\tcpip.adml
[2011-03-11 10:19][2011-03-11 10:19] 0015014 ____A () 7A15C818C14CE5FB97CC579D46FF7FF0 [File is signed]

C:\Windows\SysWOW64\wbem\tcpip.mof
[2009-06-10 22:15][2009-06-10 22:15] 0003066 ____A () EEC4A068DE477651214F6C8014ECBEC0 [File is signed]

C:\Windows\SysWOW64\drivers\de-DE\tcpip.sys.mui
[2011-03-11 10:19][2011-03-11 10:19] 0051712 ____A (Microsoft Corporation) 89242DCFD98AF214ABE76A73C166C559 [File is signed]

C:\Windows\System32\wbem\tcpip.mof
[2009-06-10 21:31][2009-06-10 21:31] 0003066 ____A () EEC4A068DE477651214F6C8014ECBEC0 [File is signed]

C:\Windows\System32\drivers\tcpip.sys
[2014-06-11 11:35][2014-04-05 03:47] 1903552 ____A (Microsoft Corporation) 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E [File is signed]

C:\Windows\System32\drivers\de-DE\tcpip.sys.mui
[2011-03-11 10:19][2011-03-11 10:19] 0051712 ____A (Microsoft Corporation) 889616C5B0241E04271A32BCBADA5F3C [File is signed]

C:\Windows\Help\mui\0407\tcpip.CHM
[2011-03-11 10:19][2011-03-11 10:19] 0032962 ____A () 775B859F19336E188A6B742F0AA9C1F3 [File is signed]

====== End Of Search ======
         
__________________
MfG
BeRealm

Alt 09.12.2014, 16:31   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Thunderbird Trojaner Fund - Standard

Thunderbird Trojaner Fund



Erneuere bitte mal die LAN Treiber.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 09.12.2014, 20:22   #13
BeRealm
 
Thunderbird Trojaner Fund - Standard

Thunderbird Trojaner Fund



Ich habe versucht über den Geräte-Manager die Treiber des Netzwerkadapters zu aktualisieren. Wenn ich dann die Treiber online aktualisieren will sagt er mir das die Treiber aktuell sind
__________________
MfG
BeRealm

Alt 10.12.2014, 15:27   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Thunderbird Trojaner Fund - Standard

Thunderbird Trojaner Fund



Herstellerseite aufsuchen, Treiber neu laden und dann installieren.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 11.12.2014, 02:36   #15
BeRealm
 
Thunderbird Trojaner Fund - Standard

Thunderbird Trojaner Fund





Hab ich gemacht
__________________
MfG
BeRealm

Antwort

Themen zu Thunderbird Trojaner Fund
bluescreen 0x0000000a, cyberghost, dvdvideosoft ltd., einstellungen, fehlercode 0x80000003, fehlercode 0xc0000005, fehlercode 0xc000041d, fehlercode windows, festplatte, folgendes, internet, launch, mediendateien, memory.dmp, november, rechnung, required, rootkits, security, speicher, thunderbird, tracker, trojan.generickd.1992899, trojaner, vermeide, vikings



Ähnliche Themen: Thunderbird Trojaner Fund


  1. 4 Trojaner in Thunderbird erkannt (durch Avira)
    Log-Analyse und Auswertung - 30.05.2015 (11)
  2. Fund: Loader.jar, Fund: EXP/Java.Ternewb.Gen
    Plagegeister aller Art und deren Bekämpfung - 06.04.2015 (17)
  3. Win 7 Resultate nach Rootscan Spybot, Microsoft safety scan, AVG Meldung Fund 1) MalSign.generic.712 Fund 2) MalSign.OpenCandy. 7AF
    Log-Analyse und Auswertung - 23.01.2015 (21)
  4. AVIRA-Fund: ADWARE/YONTOO.GEN2 und ESET-Fund: Win32/StartPage.OPH trojan
    Plagegeister aller Art und deren Bekämpfung - 04.04.2013 (12)
  5. Trojaner TR/Bublik - Computer total langsam - speziell Opera & Thunderbird bleiben hängen und laden nichtmehr
    Log-Analyse und Auswertung - 08.03.2013 (1)
  6. Trojaner Generic laut AVG in Thunderbird...AppData...Inbox
    Plagegeister aller Art und deren Bekämpfung - 12.01.2013 (29)
  7. Trojaner: Delf.ADHU in Thunderbird/Mail delivery failed: returning message to sender
    Plagegeister aller Art und deren Bekämpfung - 19.11.2012 (9)
  8. verschlüsselte Dateien durch Trojaner - auch Adressbuch in Thunderbird defekt
    Log-Analyse und Auswertung - 17.06.2012 (3)
  9. FUD Trojaner via Thunderbird eingefangen ?
    Plagegeister aller Art und deren Bekämpfung - 07.02.2011 (5)
  10. Thunderbird Emailkonten ausgehebelt - Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 28.10.2010 (7)
  11. Trojaner Fund !
    Plagegeister aller Art und deren Bekämpfung - 23.08.2010 (24)
  12. dnschanger, fakealert, kein Fund mit G data, Fund mit antimalwarebytes
    Log-Analyse und Auswertung - 07.06.2010 (11)
  13. Virus? Wurm? Trojaner? Problem mit Thunderbird, zudem ist mein Computer langsam
    Plagegeister aller Art und deren Bekämpfung - 23.05.2010 (1)
  14. Thunderbird-Identitäten in Thunderbird importieren?!
    Alles rund um Windows - 20.11.2006 (2)
  15. Trojaner Fund
    Plagegeister aller Art und deren Bekämpfung - 20.02.2005 (3)
  16. Trojaner in Inbox von Thunderbird
    Plagegeister aller Art und deren Bekämpfung - 26.11.2004 (2)
  17. Trojaner Fund
    Plagegeister aller Art und deren Bekämpfung - 06.10.2003 (1)

Zum Thema Thunderbird Trojaner Fund - Hallo liebes T-B, habe heute einen Scan mit Emsisoft gemacht un der hat folgendes gefunden Code: Alles auswählen Aufklappen ATTFilter Emsisoft Internet Security - Version 9.0 Letztes Update: 03/12/2014 19:32:50 - Thunderbird Trojaner Fund...
Archiv
Du betrachtest: Thunderbird Trojaner Fund auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.