Bei Installation Adobe Flash Player Virus eingefangen...

Kermit1973 · 24.03.2015, 10:31

Liebes Trojaner Board Team,

leider hat sich meine Frau gestern beim updaten/neuinstallieren des Adobe Flash Players einen Virus eingefangen. Neben dem Flash Player waren plötzlich eine Reihe anderer Programme installiert wie Virus Total Scanner, Air Globe, Opera (und weitere an die ich mich nicht mehr erinnern kann). Ich habe die Programme deinstalliert und Malwarebytes laufen lassen. Das Protokoll haenge ich am Ende nach den anderen Protokollen an. Des weiteren hat mich Avast aufgefordert aufgrund eines Root kits eine Startzeit Überprüfung durchzuführen. Diese habe ich durchgeführt, es wurde aber nichts gefunden. Aber im Avast sind alle alten Protokolle verschwunden bis auf eben diese neue Startzeit Überprüfung.
Ausserdem popt seit dem Vorfall immer wieder eine Warnmeldung von Acer?? auf "Please download latest version of flash player" (Meldung siehe attachment). Es wundert mich ein bischen das diese Meldung ausgerechnet jetzt kommt, obwohl der Computer 5 Jahre alt ist und ich diese Meldung zuvor trotz manchmal alten flash player nie gesehen habe.

Könnt ihr mir weiterhelfen? Es folgen die Logfiles:

FRST

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Heiko (administrator) on HEIKO-NOTEBOOK on 24-03-2015 21:41:28
Running from C:\Users\Heiko\Desktop
Loaded Profiles: Heiko (Available profiles: Heiko & Gast)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avast Software s.r.o.) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcServiceHost.exe
(eFolder) C:\Program Files (x86)\Filecloud\bin\agent_service.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Windows\PLFSetI.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Alcatel-Lucent) C:\Program Files\tcnz\pcTrayApp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Elgato Systems) C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(eFolder) C:\Program Files (x86)\Filecloud\bin\agent_gui.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicatorCom.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(Acer Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
(Avast Software s.r.o.) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avast Software s.r.o.) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8060960 2009-08-06] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-18] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2009-11-14] ()
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [823840 2009-10-01] (Acer Incorporated)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-02] (Microsoft Corporation)
HKLM\...\Run: [tcnz_McciTrayApp] => C:\Program Files\tcnz\pcTrayApp.exe [2782720 2013-07-26] (Alcatel-Lucent)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-05-24] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1094736 2009-11-02] (Dritek System Inc.)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] => C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [419112 2009-10-07] (CyberLink Corp.)
HKLM-x32\...\Run: [PlayMovie] => C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [181480 2009-10-06] (Acer Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-27] (Microsoft Corporation)
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-28] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641664 2012-04-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [10752 2012-02-21] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5511352 2015-03-21] (Avast Software s.r.o.)
HKLM-x32\...\Run: [RegKillElbyCheck] => C:\Program Files (x86)\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe [45056 2002-11-02] (Elaborate Bytes AG)
HKLM-x32\...\Run: [RegKillTray] => C:\Program Files (x86)\Elaborate Bytes\DVD Region Killer\RegKillTray.exe [49152 2002-11-28] (Elaborate Bytes)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] => C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe [54072 2014-11-21] (Malwarebytes Corporation)
HKU\S-1-5-21-3175191187-1249783048-3626377888-1000\...\Run: [Remote Control Editor] => C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe [1844296 2011-11-10] (Elgato Systems)
HKU\S-1-5-21-3175191187-1249783048-3626377888-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-3175191187-1249783048-3626377888-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> c:\windows\system32\ACER.SCR [438272 2009-07-08] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Filecloud.lnk
ShortcutTarget: Filecloud.lnk -> C:\Program Files (x86)\Filecloud\bin\agent_gui.exe (eFolder)
Startup: C:\Users\Heiko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet 6700\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [00-Zukmo-SyncFileModified] -> {23939489-8B41-45ec-90F3-BD36A9644006} =>  No File
ShellIconOverlayIdentifiers: [00-Zukmo-SyncFileSuccess] -> {23939488-8B41-45ec-90F3-BD36A9644006} =>  No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShA64.dll (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [AnchorOverlayAttention] -> {40D1DAA7-9CB5-4DB7-8610-A814EDB003A5} => C:\Program Files (x86)\Filecloud\bin\x64\anchoroverlay.dll (eFolder)
ShellIconOverlayIdentifiers: [AnchorOverlayLockedSynced] -> {5B05543A-73D8-4D80-97F9-13F471224DD8} => C:\Program Files (x86)\Filecloud\bin\x64\anchoroverlay.dll (eFolder)
ShellIconOverlayIdentifiers: [AnchorOverlayLockedSyncing] -> {1C514AC9-A6B4-4692-A18E-9A2EE0B4E277} => C:\Program Files (x86)\Filecloud\bin\x64\anchoroverlay.dll (eFolder)
ShellIconOverlayIdentifiers: [AnchorOverlaySynced] -> {56E89524-684C-4352-B350-F97A7377DD64} => C:\Program Files (x86)\Filecloud\bin\x64\anchoroverlay.dll (eFolder)
ShellIconOverlayIdentifiers: [AnchorOverlaySyncing] -> {C6B3FD8D-C629-4A7F-AF73-9ABB59AF029D} => C:\Program Files (x86)\Filecloud\bin\x64\anchoroverlay.dll (eFolder)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Heiko\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Heiko\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Heiko\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Heiko\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3175191187-1249783048-3626377888-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3175191187-1249783048-3626377888-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3175191187-1249783048-3626377888-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.spiegel.de/
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3175191187-1249783048-3626377888-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll [2015-03-21] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-27] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-24] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2015-03-21] (Avast Software s.r.o.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-24] (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll [2011-06-25] (TerraTec Electronic GmbH)
DPF: HKLM-x32 {2D36AF92-04D3-11D8-B719-0000865F231B} https://my.sabre.com/jars/TMinReqX.dll
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-04-09] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 0.0.0.0

FireFox:
========
FF ProfilePath: C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\532md588.default-1422251137045
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-23] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-23] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2013-07-26] (Alcatel-Lucent)
FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll [2013-07-26] (Alcatel-Lucent)
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer -> C:\Windows\system32\TVUAx\npTVUAx.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-11] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-11] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npDivxPlayerPlugin.dll [2009-11-14] (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-27] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-10-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-10-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-10-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-10-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-10-26] (Apple Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-03-22]
FF Extension: Motive Extension - C:\Program Files (x86)\Mozilla Firefox\extensions\mcciwbch@motive.com.xpi [2015-03-22]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-03-14]

Chrome: 
=======
CHR Profile: C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-08]
CHR Extension: (Google Drive) - C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-08]
CHR Extension: (YouTube) - C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-08]
CHR Extension: (Google Search) - C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-08]
CHR Extension: (Motive Extension) - C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec [2014-03-12]
CHR Extension: (Avast Online Security) - C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-10]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-17]
CHR Extension: (Google Wallet) - C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-08]
CHR Extension: (Gmail) - C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-08]
CHR HKLM-x32\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx [2014-03-12]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2015-03-18]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [343336 2015-03-21] (Avast Software s.r.o.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-14] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
S3 OpenVPNService; C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe [37176 2014-04-15] (The OpenVPN Project)
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460288 2013-07-26] (Alcatel-Lucent) [File not signed]
R2 pcServiceHost; C:\Program Files\Common Files\Motive\pcServiceHost.exe [342528 2013-07-26] (Alcatel-Lucent) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SyncedTool; C:\Program Files (x86)\Filecloud\bin\agent_service.exe [8190648 2015-02-27] (eFolder)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 HsspConfig; C:\Windows\system32\CfgSrvc.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31968 2012-10-08] (Wondershare)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-03-21] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-03-21] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-03-21] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-03-21] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-03-21] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [441728 2015-03-21] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-03-21] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [268640 2015-03-21] ()
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310984 2010-12-30] ()
S2 ElbyCDIO; C:\Windows\SysWOW64\Drivers\ElbyCDIO.sys [16320 2002-11-30] (Elaborate Bytes AG) [File not signed]
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [132608 2009-06-30] (Huawei Technologies Co., Ltd.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [42696 2010-12-30] ()
S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [631360 2009-11-17] (DiBcom SA)
S3 MODRC; C:\Windows\System32\DRIVERS\modrc.sys [23744 2009-11-17] (DiBcom S.A.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2013-07-26] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2013-07-26] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2013-07-26] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2013-07-26] (Printing Communications Assoc., Inc. (PCAUSA))
U0 nesnrd; C:\Windows\System32\drivers\aihh.sys [79064 2015-03-24] (Malwarebytes Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S3 RegKill; C:\Windows\SysWOW64\Drivers\RegKill.sys [6400 2002-11-28] (Elaborate Bytes) [File not signed]
S3 StarOpen; No ImagePath
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl [146928 2009-10-06] (CyberLink Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 upperdev; system32\DRIVERS\usbser_lowerfltx64.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-24 21:41 - 2015-03-24 21:42 - 00027509 _____ () C:\Users\Heiko\Desktop\FRST.txt
2015-03-24 21:41 - 2015-03-24 21:41 - 00000000 ____D () C:\FRST
2015-03-24 21:40 - 2015-03-24 21:40 - 00000472 _____ () C:\Users\Heiko\Desktop\defogger_disable.log
2015-03-24 21:40 - 2015-03-24 21:40 - 00000000 _____ () C:\Users\Heiko\defogger_reenable
2015-03-24 21:38 - 2015-03-24 21:39 - 00380416 _____ () C:\Users\Heiko\Desktop\Gmer-19357.exe
2015-03-24 21:38 - 2015-03-24 21:38 - 02095616 _____ (Farbar) C:\Users\Heiko\Desktop\FRST64.exe
2015-03-24 21:38 - 2015-03-24 21:38 - 01135104 _____ (Farbar) C:\Users\Heiko\Desktop\FRST.exe
2015-03-24 21:37 - 2015-03-24 21:37 - 00050477 _____ () C:\Users\Heiko\Desktop\Defogger.exe
2015-03-24 21:27 - 2015-03-24 21:27 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\aihh.sys
2015-03-24 09:18 - 2015-03-24 09:20 - 00014191 _____ () C:\Users\Heiko\AppData\Local\MyWinLockerInstaller.txt-20150324.log
2015-03-24 00:02 - 2015-03-24 00:02 - 00276016 _____ () C:\Windows\Minidump\032415-22682-01.dmp
2015-03-23 20:56 - 2015-03-23 20:56 - 02168320 _____ () C:\Users\Heiko\Desktop\adwcleaner_4.113.exe
2015-03-23 20:52 - 2015-03-23 20:52 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-23 20:52 - 2015-03-23 20:52 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-23 20:26 - 2015-03-23 20:27 - 00000000 ____D () C:\Users\Heiko\AppData\Roaming\Opera Software
2015-03-23 20:26 - 2015-03-23 20:27 - 00000000 ____D () C:\Users\Heiko\AppData\Local\Opera Software
2015-03-23 20:23 - 2015-03-23 20:27 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-03-22 10:41 - 2015-03-22 10:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-21 10:43 - 2015-03-21 10:43 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-03-21 10:43 - 2015-03-21 10:43 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-03-21 10:33 - 2015-03-21 10:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-03-17 15:46 - 2015-03-23 23:47 - 00000000 ____D () C:\AdwCleaner
2015-03-17 09:48 - 2004-03-09 00:00 - 00440352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSHFLXGD.OCX
2015-03-17 09:35 - 2015-01-17 15:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-17 09:35 - 2015-01-17 15:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-17 09:34 - 2015-02-24 16:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-17 09:34 - 2015-02-24 15:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-17 09:34 - 2015-02-21 14:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-17 09:34 - 2015-02-21 13:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-17 09:34 - 2015-02-21 13:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-17 09:34 - 2015-02-21 13:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-17 09:34 - 2015-02-21 13:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-17 09:34 - 2015-02-21 12:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-17 09:34 - 2015-02-21 12:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-17 09:34 - 2015-02-20 16:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-17 09:34 - 2015-02-20 16:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-17 09:34 - 2015-02-20 15:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-17 09:34 - 2015-02-20 15:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-17 09:34 - 2015-02-20 15:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-17 09:34 - 2015-02-20 15:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-17 09:34 - 2015-02-20 15:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-17 09:34 - 2015-02-20 15:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-17 09:34 - 2015-02-20 15:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-17 09:34 - 2015-02-20 15:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-17 09:34 - 2015-02-20 15:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-17 09:34 - 2015-02-20 15:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-17 09:34 - 2015-02-20 15:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-17 09:34 - 2015-02-20 15:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-17 09:34 - 2015-02-20 15:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-17 09:34 - 2015-02-20 15:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-17 09:34 - 2015-02-20 15:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-17 09:34 - 2015-02-20 15:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-17 09:34 - 2015-02-20 15:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-17 09:34 - 2015-02-20 15:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-17 09:34 - 2015-02-20 15:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-17 09:34 - 2015-02-20 15:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-17 09:34 - 2015-02-20 15:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-17 09:34 - 2015-02-20 15:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-17 09:34 - 2015-02-20 15:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-17 09:34 - 2015-02-20 15:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-17 09:34 - 2015-02-20 15:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-17 09:34 - 2015-02-20 14:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-17 09:34 - 2015-02-20 14:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-17 09:34 - 2015-02-20 14:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-17 09:34 - 2015-02-20 14:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-17 09:34 - 2015-02-20 14:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-17 09:34 - 2015-02-20 14:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-17 09:34 - 2015-02-20 14:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-17 09:34 - 2015-02-20 14:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-17 09:34 - 2015-02-20 14:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-17 09:34 - 2015-02-20 14:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-17 09:34 - 2015-02-20 14:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-17 09:34 - 2015-02-20 14:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-17 09:34 - 2015-02-20 14:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-17 09:34 - 2015-02-20 14:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-17 09:34 - 2015-02-20 14:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-17 09:34 - 2015-02-20 14:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-17 09:34 - 2015-02-20 14:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-17 09:34 - 2015-02-20 14:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-17 09:34 - 2015-02-20 13:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-17 09:34 - 2015-02-20 13:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-17 09:33 - 2015-02-03 16:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-17 09:33 - 2015-02-03 16:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-17 09:33 - 2015-02-03 16:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-17 09:33 - 2015-02-03 16:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-17 09:33 - 2015-02-03 16:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-17 09:33 - 2015-02-03 16:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-17 09:33 - 2015-02-03 16:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-17 09:33 - 2015-02-03 16:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-17 09:33 - 2015-02-03 16:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-17 09:33 - 2015-02-03 16:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-17 09:33 - 2015-02-03 16:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-17 09:33 - 2015-02-03 16:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-17 09:33 - 2015-02-03 16:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-17 09:33 - 2015-02-03 16:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-17 09:32 - 2015-02-03 16:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-17 09:32 - 2015-02-03 16:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-17 09:32 - 2015-02-03 16:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-17 09:32 - 2015-02-03 16:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-17 09:32 - 2015-02-03 16:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-17 09:32 - 2015-02-03 16:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-17 09:32 - 2015-02-03 16:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-17 09:32 - 2015-02-03 16:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-17 09:32 - 2015-02-03 16:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-17 09:32 - 2015-02-03 16:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-17 09:32 - 2015-02-03 16:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-17 09:32 - 2015-02-03 16:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-17 09:32 - 2015-02-03 16:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-17 09:32 - 2015-02-03 16:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-17 09:32 - 2015-02-03 16:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-17 09:32 - 2015-02-03 16:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-17 09:32 - 2015-02-03 16:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-17 09:32 - 2015-02-03 16:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-17 09:32 - 2015-02-03 16:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-17 09:32 - 2015-02-03 16:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-17 09:32 - 2015-02-03 16:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-17 09:32 - 2015-02-03 16:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-17 09:32 - 2015-02-03 16:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-17 09:32 - 2015-02-03 16:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-17 09:32 - 2015-02-03 16:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-17 09:32 - 2015-02-03 16:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-17 09:32 - 2015-02-03 16:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-17 09:32 - 2015-02-03 16:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-17 09:32 - 2015-02-03 16:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-17 09:32 - 2015-02-03 16:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-17 09:32 - 2015-02-03 16:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-17 09:32 - 2015-02-03 16:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-17 09:32 - 2015-02-03 16:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-17 09:32 - 2015-02-03 16:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-17 09:32 - 2015-02-03 16:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-17 09:32 - 2014-11-01 11:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-17 09:31 - 2015-02-03 16:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-17 09:31 - 2015-02-03 16:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-17 09:31 - 2015-02-03 16:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-17 09:31 - 2015-02-03 16:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-17 09:31 - 2015-02-03 16:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-17 09:31 - 2015-02-03 16:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-17 09:31 - 2015-02-03 16:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-17 09:31 - 2015-02-03 16:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-17 09:31 - 2015-02-03 16:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-17 09:31 - 2015-02-03 16:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-17 09:31 - 2015-02-03 16:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-17 09:31 - 2015-02-03 16:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-17 09:31 - 2015-02-03 16:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-17 09:31 - 2015-02-03 16:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-17 09:31 - 2015-02-03 16:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-17 09:31 - 2015-02-03 16:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-17 09:31 - 2015-02-03 16:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-17 09:31 - 2015-02-03 16:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-17 09:31 - 2015-02-03 16:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-17 09:31 - 2015-02-03 16:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-17 09:31 - 2015-02-03 16:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-17 09:31 - 2015-02-03 16:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-17 09:31 - 2015-02-03 16:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-17 09:31 - 2015-02-03 16:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-17 09:31 - 2015-02-03 16:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-17 09:30 - 2015-02-03 16:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-17 09:30 - 2015-02-03 16:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-17 09:30 - 2015-02-03 16:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-17 09:30 - 2015-02-03 16:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-17 09:30 - 2015-02-03 16:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-17 09:30 - 2015-02-03 16:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-17 09:30 - 2015-02-03 16:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-17 09:30 - 2015-02-03 16:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-17 09:30 - 2015-02-03 16:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-17 09:30 - 2015-02-03 16:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-17 09:30 - 2015-02-03 16:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-17 09:30 - 2015-02-03 16:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-17 09:30 - 2015-02-03 16:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-17 09:30 - 2015-02-03 16:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-17 09:30 - 2015-02-03 15:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-17 09:22 - 2015-03-06 18:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-17 09:22 - 2015-03-06 18:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-17 09:22 - 2015-03-06 18:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-17 09:22 - 2015-03-06 18:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-17 09:22 - 2015-03-06 18:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-17 09:22 - 2015-03-06 18:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-17 09:22 - 2015-03-06 18:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-17 09:22 - 2015-03-06 18:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-17 09:22 - 2015-03-06 18:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-17 09:22 - 2015-03-06 18:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-17 09:22 - 2015-03-06 18:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-17 09:22 - 2015-03-06 18:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-17 09:22 - 2015-03-06 18:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-17 09:22 - 2015-03-06 18:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-17 09:22 - 2015-03-06 18:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-17 09:22 - 2015-03-06 18:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-17 09:22 - 2015-03-06 18:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-17 09:22 - 2015-03-06 18:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-17 09:22 - 2015-03-06 18:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-17 09:22 - 2015-03-06 18:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-17 09:22 - 2015-03-06 18:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-17 09:22 - 2015-01-31 12:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-17 09:21 - 2015-03-06 18:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-17 09:21 - 2015-03-06 18:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-17 09:21 - 2015-03-06 18:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-17 09:21 - 2015-03-06 18:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-17 09:21 - 2015-03-06 18:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-17 09:21 - 2015-03-06 18:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-17 09:21 - 2015-03-06 18:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-17 09:21 - 2015-03-06 18:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-17 09:21 - 2015-03-06 18:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-17 09:21 - 2015-03-06 18:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-17 09:17 - 2015-02-20 16:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-17 09:17 - 2015-02-03 16:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-17 09:17 - 2015-02-03 16:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-17 09:16 - 2015-02-20 17:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-17 09:16 - 2015-02-20 17:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-17 09:16 - 2015-02-20 17:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-17 09:16 - 2015-02-20 17:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-17 09:16 - 2015-02-20 17:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-17 09:16 - 2015-02-20 17:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-17 09:16 - 2015-02-20 17:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-17 09:16 - 2015-02-20 17:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-17 09:16 - 2015-02-20 16:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-17 09:16 - 2015-02-13 18:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-17 09:16 - 2015-02-13 18:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-17 09:13 - 2015-02-03 16:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-17 09:13 - 2015-02-03 16:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-17 09:13 - 2015-01-31 16:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-17 09:13 - 2015-01-31 16:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-17 09:13 - 2015-01-31 12:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-17 09:12 - 2015-02-26 16:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-17 08:52 - 2015-02-04 16:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-17 08:52 - 2015-02-04 15:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-13 09:54 - 2015-03-13 09:54 - 00010484 _____ () C:\Users\Heiko\AppData\Local\recently-used.xbel
2015-03-08 20:53 - 2015-03-08 20:53 - 00001717 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-03-08 20:53 - 2015-03-08 20:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-03-08 20:52 - 2015-03-08 20:53 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-03-08 20:52 - 2015-03-08 20:53 - 00000000 ____D () C:\Program Files\iTunes
2015-03-08 20:52 - 2015-03-08 20:52 - 00000000 ____D () C:\Program Files\iPod
2015-03-08 20:52 - 2015-03-08 20:52 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-03-06 08:17 - 2015-03-06 08:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-02-25 21:53 - 2015-01-09 12:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 21:53 - 2015-01-09 12:43 - 00419936 _____ () C:\Windows\system32\locale.nls

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-24 21:40 - 2009-12-30 01:44 - 00000000 ____D () C:\Users\Heiko
2015-03-24 21:29 - 2014-02-07 14:05 - 00000000 ____D () C:\Users\Heiko\AppData\Roaming\BitTorrent
2015-03-24 21:28 - 2009-11-14 21:24 - 01323309 _____ () C:\Windows\WindowsUpdate.log
2015-03-24 21:27 - 2009-10-29 06:36 - 00000000 ____D () C:\Windows\oem
2015-03-24 21:07 - 2014-01-08 10:22 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-24 15:15 - 2014-06-07 10:26 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-24 15:07 - 2014-01-08 10:22 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-24 12:16 - 2009-07-14 17:45 - 00017600 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-24 12:16 - 2009-07-14 17:45 - 00017600 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-24 12:15 - 2009-11-15 06:13 - 00703476 _____ () C:\Windows\system32\perfh007.dat
2015-03-24 12:15 - 2009-11-15 06:13 - 00151084 _____ () C:\Windows\system32\perfc007.dat
2015-03-24 12:15 - 2009-07-14 18:13 - 01630508 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-24 12:07 - 2009-07-14 18:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-24 12:06 - 2011-02-25 21:54 - 00256032 _____ () C:\Windows\PFRO.log
2015-03-24 12:06 - 2011-02-25 21:54 - 00125727 _____ () C:\Windows\setupact.log
2015-03-24 09:21 - 2014-11-19 15:35 - 00000000 ____D () C:\Users\Heiko\Documents\Outlook Files
2015-03-24 09:21 - 2009-07-14 18:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-24 09:18 - 2009-12-31 04:56 - 00000000 ____D () C:\Program Files\Zubehör
2015-03-24 09:17 - 2010-04-19 21:59 - 00000000 ____D () C:\Program Files (x86)\Zattoo4
2015-03-24 09:17 - 2009-10-29 06:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2015-03-24 09:17 - 2009-10-29 06:36 - 00000000 ____D () C:\Program Files (x86)\Acer
2015-03-24 08:57 - 2015-02-12 18:24 - 00000050 _____ () C:\Windows\astplus.ini
2015-03-24 00:02 - 2011-11-29 23:20 - 00000000 ____D () C:\Windows\Minidump
2015-03-24 00:01 - 2015-01-29 18:08 - 641507154 _____ () C:\Windows\MEMORY.DMP
2015-03-23 23:34 - 2009-07-14 16:20 - 00000000 ____D () C:\Windows\Web
2015-03-23 20:53 - 2014-08-18 10:22 - 00000000 ____D () C:\Users\Heiko\AppData\Local\Adobe
2015-03-23 20:27 - 2009-12-30 01:45 - 00001429 _____ () C:\Users\Heiko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-23 20:10 - 2014-02-06 09:40 - 00004184 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-03-23 20:07 - 2009-07-14 18:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-23 20:06 - 2012-05-09 18:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-22 22:25 - 2009-12-30 06:37 - 00002358 ____H () C:\Users\Heiko\Documents\Default.rdp
2015-03-22 20:18 - 2014-02-01 18:03 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-03-22 07:24 - 2013-10-07 10:39 - 00000000 ____D () C:\Users\Gast
2015-03-22 07:23 - 2009-07-14 16:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-22 07:23 - 2009-07-14 16:20 - 00000000 ____D () C:\Windows\registration
2015-03-22 07:23 - 2009-07-14 16:20 - 00000000 ____D () C:\Windows\AppCompat
2015-03-21 10:43 - 2014-04-27 16:11 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-03-21 10:43 - 2013-12-29 21:47 - 00136752 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-03-21 10:43 - 2013-03-14 11:09 - 00268640 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-03-21 10:43 - 2013-03-14 11:09 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-03-21 10:43 - 2012-02-25 21:27 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-03-21 10:43 - 2009-12-30 09:01 - 00441728 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-03-21 10:43 - 2009-12-30 09:01 - 00088408 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-03-21 10:42 - 2011-03-14 07:00 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-03-21 10:40 - 2009-07-14 18:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-03-21 10:33 - 2014-11-22 08:27 - 00001897 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-03-17 18:55 - 2014-04-24 16:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Computer Troubleshooters Calling Card
2015-03-17 12:29 - 2009-07-14 16:20 - 00000000 ____D () C:\Windows\rescache
2015-03-17 10:54 - 2009-07-14 17:45 - 00450496 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-17 10:50 - 2009-07-14 16:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-17 10:50 - 2009-07-14 16:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-17 10:45 - 2009-10-29 18:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-17 10:28 - 2014-04-24 15:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-03-17 10:28 - 2009-07-14 15:34 - 00000510 _____ () C:\Windows\win.ini
2015-03-17 10:26 - 2013-07-11 18:58 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-17 10:11 - 2009-12-30 01:59 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-17 09:48 - 2015-02-12 18:24 - 00001751 _____ () C:\Users\Public\Desktop\Astroplus.lnk
2015-03-17 09:48 - 2015-02-12 18:24 - 00001741 _____ () C:\Users\Public\Desktop\Astroplus (classic Design).lnk
2015-03-17 09:48 - 2015-02-12 18:24 - 00000872 _____ () C:\Users\Public\Desktop\Planetary Hours.lnk
2015-03-17 09:48 - 2015-02-12 18:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Astrocontact Astroplus
2015-03-13 11:37 - 2014-11-05 20:06 - 00000000 ____D () C:\Users\Heiko\.gimp-2.8
2015-03-13 09:54 - 2014-11-05 20:21 - 00000000 ____D () C:\Users\Heiko\AppData\Local\gtk-2.0
2015-03-08 20:52 - 2010-09-23 09:08 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-03-06 21:40 - 2010-01-04 19:57 - 00000000 ____D () C:\Users\Heiko\AppData\Roaming\Skype
2015-03-06 08:17 - 2014-03-01 21:01 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-03-06 08:17 - 2010-01-04 19:57 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-06 08:17 - 2010-01-04 19:57 - 00000000 ____D () C:\ProgramData\Skype
2015-03-05 12:53 - 2009-07-14 18:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-04 02:17 - 2009-12-30 01:58 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-28 16:20 - 2014-06-26 19:33 - 00000000 ____D () C:\Program Files (x86)\Filecloud

==================== Files in the root of some directories =======

2010-01-27 08:43 - 2010-01-27 08:43 - 0000034 _____ () C:\Users\Heiko\AppData\Roaming\pcouffin.log
2010-01-27 08:42 - 2010-01-27 08:42 - 0082816 _____ (VSO Software) C:\Users\Heiko\AppData\Roaming\pcouffin.sys
2010-01-17 01:40 - 2010-01-17 01:40 - 0003584 _____ () C:\Users\Heiko\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-27 03:38 - 2013-10-27 03:38 - 0004096 ____H () C:\Users\Heiko\AppData\Local\keyfile3.drm
2015-03-24 09:18 - 2015-03-24 09:20 - 0014191 _____ () C:\Users\Heiko\AppData\Local\MyWinLockerInstaller.txt-20150324.log
2015-03-13 09:54 - 2015-03-13 09:54 - 0010484 _____ () C:\Users\Heiko\AppData\Local\recently-used.xbel
2010-06-11 23:01 - 2013-12-30 08:25 - 0017408 _____ () C:\Users\Heiko\AppData\Local\WebpageIcons.db
2014-01-08 21:39 - 2014-01-08 21:39 - 0000057 _____ () C:\ProgramData\Ament.ini
2009-11-14 21:25 - 2009-11-14 21:28 - 0008308 _____ () C:\ProgramData\ArcadeDeluxe3.log
2010-01-04 19:59 - 2010-01-04 19:59 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2009-10-29 18:58 - 2009-07-18 14:57 - 0036136 _____ (Oberon Media) C:\ProgramData\FullRemove.exe

Some content of TEMP:
====================
C:\Users\Heiko\AppData\Local\Temp\Quarantine.exe
C:\Users\Heiko\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-17 12:05

==================== End Of Log ============================

Addition

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Heiko at 2015-03-24 21:42:48
Running from C:\Users\Heiko\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Acer Arcade Deluxe (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 3.0.7006 - CyberLink Corp.)
Acer Arcade Deluxe (x32 Version: 3.0.7006 - CyberLink Corp.) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.63 - NewTech Infosystems)
Acer Crystal Eye webcam Ver:1.1.74.216 (HKLM-x32\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.74.216 - Chicony Electronics Co.,Ltd.)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3004 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3005 - Acer Incorporated)
Acer GridVista (HKLM-x32\...\GridVista) (Version: 3.01.0730 - Acer Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.02.3006 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.5.0715 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{82C9101B-36EC-5821-DD8B-05480074A0B8}) (Version: 8.0.873.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-Bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Astrocontact Astroplus (HKLM-x32\...\Astrocontact Astroplus_is1) (Version:  - Astrocontact Software)
ATI AVIVO64 Codecs (Version: 10.7.0.40702 - ATI Technologies Inc.) Hidden
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.2.2214 - AVAST Software)
Backup Manager Basic (x32 Version: 2.0.0.63 - NewTech Infosystems) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{96F70DF8-160F-4F9C-9B9E-2A9B439B4EB9}) (Version: 12.26.02 - Broadcom Corporation)
Bullzip PDF Printer 7.1.0.1082 (HKLM\...\Bullzip PDF Printer_is1) (Version:  - Bullzip)
CCS64 V3.8 (HKLM-x32\...\{B7B5A370-3DFF-4F0E-AE11-FD267C4938AA}) (Version: 1.0.0 - Computerbrains C.C.S.)
Cinergy DT USB XS Diversity V3.12.00.00a (HKLM-x32\...\Cinergy DT USB XS Diversity) (Version: 3.12.00.00a - )
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Computer Troubleshooters Calling Card (HKLM-x32\...\{C2835850-FCEB-4A1A-A213-57E7A9A8EC62}) (Version: 7.0.454 - LogMeIn, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-3175191187-1249783048-3626377888-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
DVD Region Killer (HKLM-x32\...\DVD Region Killer) (Version:  - Elaborate Bytes)
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
Filecloud (HKLM\...\Filecloud 2.0.0.562) (Version: 2.2.4.705 - Anchor)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Foxit PDF Editor (HKLM-x32\...\Foxit PDF Editor) (Version:  - )
Foxit PDF Preview Handler (HKLM-x32\...\{6FE22909-D0D6-4111-ABCE-7F8D986C4A2A}) (Version: 1.0.0 - Tim Heuer)
FUSSBALL MANAGER 09 (HKLM-x32\...\FUSSBALL MANAGER 09) (Version:  - Electronic Arts)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Gothic (HKLM-x32\...\{BBF10B37-4ED3-11D5-A818-00500435FC18}) (Version:  - )
Gothic III (HKLM-x32\...\{02B244A2-7F6A-42E8-A36F-8C385D7A1625}) (Version: 1.0.0 - JoWooD Productions Software AG)
Gothic_Patch (HKLM-x32\...\{302AC480-43D2-11D5-A818-00500435FC18}) (Version:  - )
GoToMeeting 4.8.0.723 (HKU\S-1-5-21-3175191187-1249783048-3626377888-1000\...\GoToMeeting) (Version: 4.8.0.723 - CitrixOnline)
Governor of Poker 2 Premium Edition v1.0 Multi (HKLM-x32\...\{8BF806C4-2D77-4F67-8435-D4BDCEB665A8}_is1) (Version:  - My Company, Inc.)
GPL Ghostscript Lite 8.70 (HKLM-x32\...\GPL Ghostscript Lite_is1) (Version:  - )
HiJackThis (HKLM-x32\...\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}) (Version: 1.0.0 - Trend Micro)
HMA! Pro VPN 2.8.6.0 (HKLM-x32\...\HMA! Pro VPN) (Version: 2.8.6.0 - Privax Ltd)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet 6700 - Grundlegende Software für das Gerät (HKLM\...\{9086D601-50B7-491D-A143-28193DADE36B}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6700 Hilfe (HKLM-x32\...\{E1AE0CB7-1333-4728-8520-CB3F88A252B4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Support Solutions Framework (HKLM-x32\...\{96D12EC9-720B-45FB-904C-36D6307A1C76}) (Version: 11.51.0048 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IBP 12.0.4 (HKLM-x32\...\IBP12_is1) (Version: 12.0.4 - Axandra GmbH)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3002 - Acer Incorporated)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
K-Lite Mega Codec Pack 10.3.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.3.5 - )
Launch Manager (HKLM-x32\...\LManager) (Version: 3.0.05 - Acer Inc.)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.1.94 - LSI Corporation)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MicroMachines V4 (HKLM-x32\...\{E4511CEC-2E60-4076-95B6-0E193269EB86}) (Version: 2.00.0000 - Codemasters)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Language Pack 2007 - German/Deutsch (HKLM-x32\...\OMUI.de-de) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Outlook 2013 (HKLM-x32\...\Office15.OUTLOOK) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{62F7DA7E-CCCB-439C-A760-00C3926E761F}) (Version: 9.7.0621 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 36.0.4 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 de)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVC80_x64 (Version: 1.0.1.0 - Nokia) Hidden
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86 (x32 Version: 1.0.1.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.627 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.627 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6623 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.12.6623 - NewTech Infosystems) Hidden
Open Systems Client (HKLM-x32\...\Open Systems Client) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Questpaket 4 Update 1 Deinstallation (HKLM-x32\...\G3QP231012008_is1) (Version: 4.1.0.0 - Humanforce)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5911 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30093 - Realtek Semiconductor Corp.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-001A-0000-0000-0000000FF1CE}_Office15.OUTLOOK_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.11.9874 - Skype Technologies S.A.)
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.6.0 - Synaptics Incorporated)
Telecom Broadband Assist (HKLM-x32\...\tcnz) (Version: BCM 7.1 - Telecom New Zealand)
TerraTec Home Cinema (HKLM-x32\...\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}) (Version: 6.25.6 - )
The Secret of Monkey Island: Special Edition (HKLM-x32\...\Steam App 32360) (Version:  - LucasArts)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
WinZip 16.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CD}) (Version: 16.0.9715 - WinZip Computing, S.L. )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3175191187-1249783048-3626377888-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Heiko\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3175191187-1249783048-3626377888-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\723\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3175191187-1249783048-3626377888-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Heiko\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3175191187-1249783048-3626377888-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Heiko\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3175191187-1249783048-3626377888-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Heiko\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3175191187-1249783048-3626377888-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Heiko\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

==================== Restore Points  =========================

21-03-2015 10:40:37 avast! antivirus system restore point
21-03-2015 18:49:06 Windows Update
24-03-2015 09:19:03 Removed MyWinLocker.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-12-31 00:56 - 2014-11-12 23:35 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0B0EFB60-E81C-4E52-9C52-81C67BF4F2BA} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-02] (Microsoft Corporation)
Task: {18FAB775-E45B-4AEB-B34E-55387F13BA0C} - System32\Tasks\{BB2DC1C3-8A57-456C-B7B7-F732E78670C3} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2015-01-23] (Skype Technologies S.A.)
Task: {37E4A83E-E6AB-4B7A-8972-68732ED21A7B} - System32\Tasks\HP AR Program Upload - 5726df83c48f49c582e89fe67edac45b49619e1230d046318938b356248442e8 => C:\Program Files\HP\HP Officejet 6700\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {38A400C5-2A73-47C5-B548-6200957378E4} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2015-03-21] (Avast Software s.r.o.)
Task: {3E4723B3-345A-4EEF-8241-DFF1B7ED18AC} - System32\Tasks\{8A97E6BB-AD56-407E-96B5-BCD32950B222} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2015-01-23] (Skype Technologies S.A.)
Task: {6112B9EE-63AF-48FF-8314-3985C3243D3A} - System32\Tasks\HP AR Program Upload - cf63165788e4407b8be8b23f288555044dfc0f37ab5947dd8b95350f5f7bf491 => C:\Program Files\HP\HP Officejet 6700\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {A2A69AF1-9240-46AE-8D0A-CD81D03F34CC} - System32\Tasks\HP AR Program Upload - cb1820fb8826424ebd96188620bcaffef3a19629a4ee44698a585c8e48dcce56 => C:\Program Files\HP\HP Officejet 6700\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {A583B008-7874-43FD-8102-F12905086FA8} - System32\Tasks\HP AR Program Upload - 8d5f0ca48f554248aa188d8e55c7bff935d294a91eb64ffe90c8498c2684203f => C:\Program Files\HP\HP Officejet 6700\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {A62F568E-D337-4057-9454-CE5EADF72A81} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-08] (Google Inc.)
Task: {A7450F14-BDB8-4643-BB1E-7C3CD9F92FB9} - System32\Tasks\HP AR Program Upload - 731408cb48a7498897219a734c7d22b3e8bdb04305dd4c9b9d750decff0e0102 => C:\Program Files\HP\HP Officejet 6700\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {BDD788AA-51BD-45C4-A742-2C8884E96AF6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-08] (Google Inc.)
Task: {D761B838-6B9D-4B39-9DB3-A3AA141D7099} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {DE6E116E-38FD-493F-9B7C-61C11A85146C} - System32\Tasks\{36C2BEF2-3ECB-485D-A883-9BEBE6DC51C6} => pcalua.exe -a "C:\Users\Heiko\Downloads\Datenbank\Zubehör\Brenner und Player\Divx Player\DivXInstaller.exe" -d "C:\Users\Heiko\Downloads\Datenbank\Zubehör\Brenner und Player\Divx Player"
Task: {E1EFEE42-2106-4354-9D06-FDF71A40DA7D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {E48D6CDB-88B5-4ADD-AF4E-B2EFB55F4986} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {E71D95D6-CB6B-4847-968E-50E936ECBB44} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {FBCDF857-C4B6-476D-9DC7-8FD207BA0273} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-02] (Apple Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-01-21 14:59 - 2015-01-21 14:59 - 08898728 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2009-12-31 04:56 - 2009-12-13 03:12 - 00166400 _____ () C:\Program Files\Zubehör\Winrar\rarext.dll
2009-11-14 21:25 - 2009-11-14 21:24 - 00200704 _____ () C:\Windows\PLFSetI.exe
2015-03-21 10:43 - 2015-03-21 10:43 - 00104400 _____ () C:\Program Files\Alwil Software\Avast5\log.dll
2015-03-21 10:43 - 2015-03-21 10:43 - 00081728 _____ () C:\Program Files\Alwil Software\Avast5\JsonRpcServer.dll
2015-03-24 08:03 - 2015-03-24 08:03 - 02922496 _____ () C:\Program Files\Alwil Software\Avast5\defs\15032301\algo.dll
2010-05-24 18:16 - 2010-05-24 18:16 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-05-24 18:09 - 2010-05-24 18:09 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2014-06-26 19:33 - 2012-06-15 01:36 - 00107520 _____ () C:\Program Files (x86)\Filecloud\bin\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-06-26 19:33 - 2014-10-30 11:55 - 00033280 _____ () C:\Program Files (x86)\Filecloud\bin\QtSolutions_SingleApplication-head.dll
2014-12-28 14:40 - 2014-09-12 00:46 - 00877056 _____ () C:\Program Files (x86)\Filecloud\bin\platforms\qwindows.dll
2014-12-28 14:40 - 2014-09-12 00:45 - 00024064 _____ () C:\Program Files (x86)\Filecloud\bin\imageformats\qico.dll
2015-03-21 10:43 - 2015-03-21 10:43 - 40540672 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll
2015-03-21 10:43 - 2015-03-21 10:43 - 01359872 _____ () C:\Program Files\Alwil Software\Avast5\libglesv2.dll
2015-03-21 10:43 - 2015-03-21 10:43 - 00212992 _____ () C:\Program Files\Alwil Software\Avast5\libegl.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:0B9176C0
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\ProgramData\Temp:5D7E5A8F
AlternateDataStreams: C:\ProgramData\Temp:ABE89FFE
AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3175191187-1249783048-3626377888-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Heiko\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: MobileConnect => %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
MSCONFIG\startupreg: NokiaMServer => C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-3175191187-1249783048-3626377888-500 - Administrator - Disabled)
Gast (S-1-5-21-3175191187-1249783048-3626377888-501 - Limited - Enabled) => C:\Users\Gast
Heiko (S-1-5-21-3175191187-1249783048-3626377888-1000 - Administrator - Enabled) => C:\Users\Heiko
HomeGroupUser$ (S-1-5-21-3175191187-1249783048-3626377888-1014 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/24/2015 09:21:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MobileMeServices.exe, Version: 1.6.65.0, Zeitstempel: 0x4cafa71a
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x1604
Startzeit der fehlerhaften Anwendung: 0xMobileMeServices.exe0
Pfad der fehlerhaften Anwendung: MobileMeServices.exe1
Pfad des fehlerhaften Moduls: MobileMeServices.exe2
Berichtskennung: MobileMeServices.exe3

Error: (03/24/2015 09:20:53 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: Heiko-Notebook)
Description: Die Anwendung oder der Dienst "MyWinLocker" konnte nicht neu gestartet werden.

Error: (03/24/2015 09:20:53 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: Heiko-Notebook)
Description: Die Anwendung oder der Dienst "EgisUpdate Release Application" konnte nicht neu gestartet werden.

Error: (03/24/2015 09:20:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MobileMeServices.exe, Version: 1.6.65.0, Zeitstempel: 0x4cafa71a
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x1420
Startzeit der fehlerhaften Anwendung: 0xMobileMeServices.exe0
Pfad der fehlerhaften Anwendung: MobileMeServices.exe1
Pfad des fehlerhaften Moduls: MobileMeServices.exe2
Berichtskennung: MobileMeServices.exe3

Error: (03/22/2015 10:21:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MobileMeServices.exe, Version: 1.6.65.0, Zeitstempel: 0x4cafa71a
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0xe070
Startzeit der fehlerhaften Anwendung: 0xMobileMeServices.exe0
Pfad der fehlerhaften Anwendung: MobileMeServices.exe1
Pfad des fehlerhaften Moduls: MobileMeServices.exe2
Berichtskennung: MobileMeServices.exe3

Error: (03/22/2015 10:21:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MobileMeServices.exe, Version: 1.6.65.0, Zeitstempel: 0x4cafa71a
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0xd908
Startzeit der fehlerhaften Anwendung: 0xMobileMeServices.exe0
Pfad der fehlerhaften Anwendung: MobileMeServices.exe1
Pfad des fehlerhaften Moduls: MobileMeServices.exe2
Berichtskennung: MobileMeServices.exe3

Error: (03/22/2015 10:00:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MobileMeServices.exe, Version: 1.6.65.0, Zeitstempel: 0x4cafa71a
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x6c14
Startzeit der fehlerhaften Anwendung: 0xMobileMeServices.exe0
Pfad der fehlerhaften Anwendung: MobileMeServices.exe1
Pfad des fehlerhaften Moduls: MobileMeServices.exe2
Berichtskennung: MobileMeServices.exe3

Error: (03/22/2015 09:59:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MobileMeServices.exe, Version: 1.6.65.0, Zeitstempel: 0x4cafa71a
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x9020
Startzeit der fehlerhaften Anwendung: 0xMobileMeServices.exe0
Pfad der fehlerhaften Anwendung: MobileMeServices.exe1
Pfad des fehlerhaften Moduls: MobileMeServices.exe2
Berichtskennung: MobileMeServices.exe3

Error: (03/22/2015 08:07:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MobileMeServices.exe, Version: 1.6.65.0, Zeitstempel: 0x4cafa71a
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x1dcc
Startzeit der fehlerhaften Anwendung: 0xMobileMeServices.exe0
Pfad der fehlerhaften Anwendung: MobileMeServices.exe1
Pfad des fehlerhaften Moduls: MobileMeServices.exe2
Berichtskennung: MobileMeServices.exe3

Error: (03/22/2015 08:07:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MobileMeServices.exe, Version: 1.6.65.0, Zeitstempel: 0x4cafa71a
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0xf48c
Startzeit der fehlerhaften Anwendung: 0xMobileMeServices.exe0
Pfad der fehlerhaften Anwendung: MobileMeServices.exe1
Pfad des fehlerhaften Moduls: MobileMeServices.exe2
Berichtskennung: MobileMeServices.exe3


System errors:
=============
Error: (03/24/2015 00:10:00 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (03/24/2015 00:08:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "HSSP Configuration Module" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (03/24/2015 00:07:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ElbyCDIO Driver" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (03/24/2015 00:07:37 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\ElbyCDIO.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (03/24/2015 00:07:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (03/24/2015 00:07:35 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Treiber atksgt.sys konnte nicht geladen werden.

Error: (03/24/2015 09:23:32 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\RegKill.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (03/24/2015 09:21:04 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {D3F6D4DB-A482-4648-8DBB-3565EBCB7A6B}

Error: (03/24/2015 09:18:27 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureCommand" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (03/24/2015 09:18:18 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5


Microsoft Office Sessions:
=========================
Error: (04/24/2014 03:37:42 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 140 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (04/24/2014 03:29:27 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7408 seconds with 900 seconds of active time.  This session ended with a crash.

Error: (04/24/2014 01:17:53 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 760 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (04/23/2014 08:56:29 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 736 seconds with 480 seconds of active time.  This session ended with a crash.

Error: (04/23/2014 08:25:26 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1443 seconds with 600 seconds of active time.  This session ended with a crash.

Error: (04/23/2014 04:37:04 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 550 seconds with 420 seconds of active time.  This session ended with a crash.

Error: (04/23/2014 04:03:40 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1954 seconds with 660 seconds of active time.  This session ended with a crash.

Error: (04/23/2014 03:06:43 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 863 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (04/23/2014 02:43:54 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 327 seconds with 240 seconds of active time.  This session ended with a crash.

Error: (04/23/2014 02:36:36 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2266 seconds with 660 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-02-03 23:16:26.588
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-02-03 23:16:26.244
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-12-30 03:16:20.035
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-12-30 03:16:20.008
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-12-30 03:16:19.444
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-12-30 03:16:19.426
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-12-29 00:42:37.523
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-12-29 00:42:37.508
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-12-29 00:42:36.915
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-12-29 00:42:36.899
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz
Percentage of memory in use: 41%
Total physical RAM: 4090.93 MB
Available physical RAM: 2402.6 MB
Total Pagefile: 8180.04 MB
Available Pagefile: 6107.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:285.3 GB) (Free:40.28 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 70077007)
Partition 1: (Not Active) - (Size=12.7 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=285.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================

zweiter teil folgt...

Vielen Dank

Kermit

Kermit1973 · 24.03.2015, 10:34

zweiter Teil...

Gmer Teil 1

Code:

ATTFilter

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-03-24 21:56:26
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\Heiko\AppData\Local\Temp\pxldiaog.sys


---- User code sections - GMER 2.1 ----

.text  C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                         0000000076ef1360 5 bytes JMP 0000000077050460
.text  C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                  0000000076ef13b0 5 bytes JMP 0000000077050450
.text  C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                  0000000076ef1510 5 bytes JMP 0000000077050370
.text  C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                       0000000076ef1560 5 bytes JMP 0000000077050470
.text  C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                             0000000076ef1570 5 bytes JMP 00000000770503e0
.text  C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                  0000000076ef1620 5 bytes JMP 0000000077050320
.text  C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                           0000000076ef1650 5 bytes JMP 00000000770503b0
.text  C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                              0000000076ef1670 5 bytes JMP 0000000077050390
.text  C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                    0000000076ef16b0 5 bytes JMP 00000000770502e0
.text  C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                  0000000076ef1730 5 bytes JMP 00000000770502d0
.text  C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                0000000076ef1750 5 bytes JMP 0000000077050310
.text  C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                 0000000076ef1790 5 bytes JMP 00000000770503c0
.text  C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                              0000000076ef17e0 5 bytes JMP 00000000770503f0
.text  C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                 0000000076ef1940 5 bytes JMP 0000000077050230
.text  C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                      0000000076ef1b00 5 bytes JMP 0000000077050480
.text  C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                     0000000076ef1b30 5 bytes JMP 00000000770503a0
.text  C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                              0000000076ef1c10 5 bytes JMP 00000000770502f0
.text  C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                           0000000076ef1c20 5 bytes JMP 0000000077050350
.text  C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                 0000000076ef1c80 5 bytes JMP 0000000077050290
.text  C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                              0000000076ef1d10 5 bytes JMP 00000000770502b0
.text  C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                               0000000076ef1d30 5 bytes JMP 00000000770503d0
.text  C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                  0000000076ef1d40 5 bytes JMP 0000000077050330
.text  C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                           0000000076ef1db0 5 bytes JMP 0000000077050410
.text  C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                              0000000076ef1de0 5 bytes JMP 0000000077050240
.text  C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                   0000000076ef20a0 5 bytes JMP 00000000770501e0
.text  C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                              0000000076ef2160 5 bytes JMP 0000000077050250
.text  C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                              0000000076ef2190 5 bytes JMP 0000000077050490
.text  C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                     0000000076ef21a0 5 bytes JMP 00000000770504a0
.text  C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                0000000076ef21d0 5 bytes JMP 0000000077050300
.text  C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                             0000000076ef21e0 5 bytes JMP 0000000077050360
.text  C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                   0000000076ef2240 5 bytes JMP 00000000770502a0
.text  C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                0000000076ef2290 5 bytes JMP 00000000770502c0
.text  C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                   0000000076ef22c0 5 bytes JMP 0000000077050380
.text  C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                    0000000076ef22d0 5 bytes JMP 0000000077050340
.text  C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                             0000000076ef25c0 5 bytes JMP 0000000077050440
.text  C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                            0000000076ef27c0 5 bytes JMP 0000000077050260
.text  C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                               0000000076ef27d0 5 bytes JMP 0000000077050270
.text  C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                             0000000076ef27e0 5 bytes JMP 0000000077050400
.text  C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                         0000000076ef29a0 5 bytes JMP 00000000770501f0
.text  C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                          0000000076ef29b0 5 bytes JMP 0000000077050210
.text  C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                               0000000076ef2a20 5 bytes JMP 0000000077050200
.text  C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                               0000000076ef2a80 5 bytes JMP 0000000077050420
.text  C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                0000000076ef2a90 5 bytes JMP 0000000077050430
.text  C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                           0000000076ef2aa0 5 bytes JMP 0000000077050220
.text  C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                   0000000076ef2b80 5 bytes JMP 0000000077050280
.text  C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                            0000000076ef1360 5 bytes JMP 0000000077050460
.text  C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                     0000000076ef13b0 5 bytes JMP 0000000077050450
.text  C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                     0000000076ef1510 5 bytes JMP 0000000077050370
.text  C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                          0000000076ef1560 5 bytes JMP 0000000077050470
.text  C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                0000000076ef1570 5 bytes JMP 00000000770503e0
.text  C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                     0000000076ef1620 5 bytes JMP 0000000077050320
.text  C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                              0000000076ef1650 5 bytes JMP 00000000770503b0
.text  C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                 0000000076ef1670 5 bytes JMP 0000000077050390
.text  C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                       0000000076ef16b0 5 bytes JMP 00000000770502e0
.text  C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                     0000000076ef1730 5 bytes JMP 00000000770502d0
.text  C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                   0000000076ef1750 5 bytes JMP 0000000077050310
.text  C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                    0000000076ef1790 5 bytes JMP 00000000770503c0
.text  C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                 0000000076ef17e0 5 bytes JMP 00000000770503f0
.text  C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                    0000000076ef1940 5 bytes JMP 0000000077050230
.text  C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                         0000000076ef1b00 5 bytes JMP 0000000077050480
.text  C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                        0000000076ef1b30 5 bytes JMP 00000000770503a0
.text  C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                 0000000076ef1c10 5 bytes JMP 00000000770502f0
.text  C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                              0000000076ef1c20 5 bytes JMP 0000000077050350
.text  C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                    0000000076ef1c80 5 bytes JMP 0000000077050290
.text  C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                 0000000076ef1d10 5 bytes JMP 00000000770502b0
.text  C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                  0000000076ef1d30 5 bytes JMP 00000000770503d0
.text  C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                     0000000076ef1d40 5 bytes JMP 0000000077050330
.text  C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                              0000000076ef1db0 5 bytes JMP 0000000077050410
.text  C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                 0000000076ef1de0 5 bytes JMP 0000000077050240
.text  C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                      0000000076ef20a0 5 bytes JMP 00000000770501e0
.text  C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                 0000000076ef2160 5 bytes JMP 0000000077050250
.text  C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                 0000000076ef2190 5 bytes JMP 0000000077050490
.text  C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                        0000000076ef21a0 5 bytes JMP 00000000770504a0
.text  C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                   0000000076ef21d0 5 bytes JMP 0000000077050300
.text  C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                0000000076ef21e0 5 bytes JMP 0000000077050360
.text  C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                      0000000076ef2240 5 bytes JMP 00000000770502a0
.text  C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                   0000000076ef2290 5 bytes JMP 00000000770502c0
.text  C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                      0000000076ef22c0 5 bytes JMP 0000000077050380
.text  C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                       0000000076ef22d0 5 bytes JMP 0000000077050340
.text  C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                0000000076ef25c0 5 bytes JMP 0000000077050440
.text  C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                               0000000076ef27c0 5 bytes JMP 0000000077050260
.text  C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                  0000000076ef27d0 5 bytes JMP 0000000077050270
.text  C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                0000000076ef27e0 5 bytes JMP 0000000077050400
.text  C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                            0000000076ef29a0 5 bytes JMP 00000000770501f0
.text  C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                             0000000076ef29b0 5 bytes JMP 0000000077050210
.text  C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                  0000000076ef2a20 5 bytes JMP 0000000077050200
.text  C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                  0000000076ef2a80 5 bytes JMP 0000000077050420
.text  C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                   0000000076ef2a90 5 bytes JMP 0000000077050430
.text  C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                              0000000076ef2aa0 5 bytes JMP 0000000077050220
.text  C:\Windows\system32\lsass.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                      0000000076ef2b80 5 bytes JMP 0000000077050280
.text  C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                          0000000076ef1360 5 bytes JMP 0000000077050460
.text  C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                   0000000076ef13b0 5 bytes JMP 0000000077050450
.text  C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                   0000000076ef1510 5 bytes JMP 0000000077050370
.text  C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                        0000000076ef1560 5 bytes JMP 0000000077050470
.text  C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                              0000000076ef1570 5 bytes JMP 00000000770503e0
.text  C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                   0000000076ef1620 5 bytes JMP 0000000077050320
.text  C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                            0000000076ef1650 5 bytes JMP 00000000770503b0
.text  C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                               0000000076ef1670 5 bytes JMP 0000000077050390
.text  C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                     0000000076ef16b0 5 bytes JMP 00000000770502e0
.text  C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                   0000000076ef1730 5 bytes JMP 00000000770502d0
.text  C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                 0000000076ef1750 5 bytes JMP 0000000077050310
.text  C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                  0000000076ef1790 5 bytes JMP 00000000770503c0
.text  C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                               0000000076ef17e0 5 bytes JMP 00000000770503f0
.text  C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                  0000000076ef1940 5 bytes JMP 0000000077050230
.text  C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                       0000000076ef1b00 5 bytes JMP 0000000077050480
.text  C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                      0000000076ef1b30 5 bytes JMP 00000000770503a0
.text  C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                               0000000076ef1c10 5 bytes JMP 00000000770502f0
.text  C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                            0000000076ef1c20 5 bytes JMP 0000000077050350
.text  C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                  0000000076ef1c80 5 bytes JMP 0000000077050290
.text  C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                               0000000076ef1d10 5 bytes JMP 00000000770502b0
.text  C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                0000000076ef1d30 5 bytes JMP 00000000770503d0
.text  C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                   0000000076ef1d40 5 bytes JMP 0000000077050330
.text  C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                            0000000076ef1db0 5 bytes JMP 0000000077050410
.text  C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                               0000000076ef1de0 5 bytes JMP 0000000077050240
.text  C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                    0000000076ef20a0 5 bytes JMP 00000000770501e0
.text  C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                               0000000076ef2160 5 bytes JMP 0000000077050250
.text  C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                               0000000076ef2190 5 bytes JMP 0000000077050490
.text  C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                      0000000076ef21a0 5 bytes JMP 00000000770504a0
.text  C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                 0000000076ef21d0 5 bytes JMP 0000000077050300
.text  C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                              0000000076ef21e0 5 bytes JMP 0000000077050360
.text  C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                    0000000076ef2240 5 bytes JMP 00000000770502a0
.text  C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                 0000000076ef2290 5 bytes JMP 00000000770502c0
.text  C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                    0000000076ef22c0 5 bytes JMP 0000000077050380
.text  C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                     0000000076ef22d0 5 bytes JMP 0000000077050340
.text  C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                              0000000076ef25c0 5 bytes JMP 0000000077050440
.text  C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                             0000000076ef27c0 5 bytes JMP 0000000077050260
.text  C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                0000000076ef27d0 5 bytes JMP 0000000077050270
.text  C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                              0000000076ef27e0 5 bytes JMP 0000000077050400
.text  C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                          0000000076ef29a0 5 bytes JMP 00000000770501f0
.text  C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                           0000000076ef29b0 5 bytes JMP 0000000077050210
.text  C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                0000000076ef2a20 5 bytes JMP 0000000077050200
.text  C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                0000000076ef2a80 5 bytes JMP 0000000077050420
.text  C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                 0000000076ef2a90 5 bytes JMP 0000000077050430
.text  C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                            0000000076ef2aa0 5 bytes JMP 0000000077050220
.text  C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                    0000000076ef2b80 5 bytes JMP 0000000077050280
.text  c:\Program Files\Microsoft Security Client\MsMpEng.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                  0000000076ef1360 5 bytes JMP 0000000100070460
.text  c:\Program Files\Microsoft Security Client\MsMpEng.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                           0000000076ef13b0 5 bytes JMP 0000000100070450
.text  c:\Program Files\Microsoft Security Client\MsMpEng.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                           0000000076ef1510 5 bytes JMP 0000000100070370
.text  c:\Program Files\Microsoft Security Client\MsMpEng.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                0000000076ef1560 5 bytes JMP 0000000100070470
.text  c:\Program Files\Microsoft Security Client\MsMpEng.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                      0000000076ef1570 5 bytes JMP 00000001000703e0
.text  c:\Program Files\Microsoft Security Client\MsMpEng.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                           0000000076ef1620 5 bytes JMP 0000000100070320
.text  c:\Program Files\Microsoft Security Client\MsMpEng.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                    0000000076ef1650 5 bytes JMP 00000001000703b0
.text  c:\Program Files\Microsoft Security Client\MsMpEng.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                       0000000076ef1670 5 bytes JMP 0000000100070390
.text  c:\Program Files\Microsoft Security Client\MsMpEng.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                             0000000076ef16b0 5 bytes JMP 00000001000702e0
.text  c:\Program Files\Microsoft Security Client\MsMpEng.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                           0000000076ef1730 5 bytes JMP 00000001000702d0
.text  c:\Program Files\Microsoft Security Client\MsMpEng.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                         0000000076ef1750 5 bytes JMP 0000000100070310
.text  c:\Program Files\Microsoft Security Client\MsMpEng.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                          0000000076ef1790 5 bytes JMP 00000001000703c0
.text  c:\Program Files\Microsoft Security Client\MsMpEng.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                       0000000076ef17e0 5 bytes JMP 00000001000703f0
.text  c:\Program Files\Microsoft Security Client\MsMpEng.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                          0000000076ef1940 5 bytes JMP 0000000100070230
.text  c:\Program Files\Microsoft Security Client\MsMpEng.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                               0000000076ef1b00 5 bytes JMP 0000000100070480
.text  c:\Program Files\Microsoft Security Client\MsMpEng.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                              0000000076ef1b30 5 bytes JMP 00000001000703a0
.text  c:\Program Files\Microsoft Security Client\MsMpEng.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                       0000000076ef1c10 5 bytes JMP 00000001000702f0
.text  c:\Program Files\Microsoft Security Client\MsMpEng.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                    0000000076ef1c20 5 bytes JMP 0000000100070350
.text  c:\Program Files\Microsoft Security Client\MsMpEng.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                          0000000076ef1c80 5 bytes JMP 0000000100070290
.text  c:\Program Files\Microsoft Security Client\MsMpEng.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                       0000000076ef1d10 5 bytes JMP 00000001000702b0
.text  c:\Program Files\Microsoft Security Client\MsMpEng.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                        0000000076ef1d30 5 bytes JMP 00000001000703d0
.text  c:\Program Files\Microsoft Security Client\MsMpEng.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                           0000000076ef1d40 5 bytes JMP 0000000100070330
.text  c:\Program Files\Microsoft Security Client\MsMpEng.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                    0000000076ef1db0 5 bytes JMP 0000000100070410
.text  c:\Program Files\Microsoft Security Client\MsMpEng.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                       0000000076ef1de0 5 bytes JMP 0000000100070240
.text  c:\Program Files\Microsoft Security Client\MsMpEng.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                            0000000076ef20a0 5 bytes JMP 00000001000701e0
.text  c:\Program Files\Microsoft Security Client\MsMpEng.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                       0000000076ef2160 5 bytes JMP 0000000100070250
.text  c:\Program Files\Microsoft Security Client\MsMpEng.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                       0000000076ef2190 5 bytes JMP 0000000100070490
.text  c:\Program Files\Microsoft Security Client\MsMpEng.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                              0000000076ef21a0 5 bytes JMP 00000001000704a0
.text  c:\Program Files\Microsoft Security Client\MsMpEng.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                         0000000076ef21d0 5 bytes JMP 0000000100070300
.text  c:\Program Files\Microsoft Security Client\MsMpEng.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                      0000000076ef21e0 5 bytes JMP 0000000100070360
.text  c:\Program Files\Microsoft Security Client\MsMpEng.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                            0000000076ef2240 5 bytes JMP 00000001000702a0
.text  c:\Program Files\Microsoft Security Client\MsMpEng.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                         0000000076ef2290 5 bytes JMP 00000001000702c0
.text  c:\Program Files\Microsoft Security Client\MsMpEng.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                            0000000076ef22c0 5 bytes JMP 0000000100070380
.text  c:\Program Files\Microsoft Security Client\MsMpEng.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                             0000000076ef22d0 5 bytes JMP 0000000100070340
.text  c:\Program Files\Microsoft Security Client\MsMpEng.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                      0000000076ef25c0 5 bytes JMP 0000000100070440
.text  c:\Program Files\Microsoft Security Client\MsMpEng.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                     0000000076ef27c0 5 bytes JMP 0000000100070260
.text  c:\Program Files\Microsoft Security Client\MsMpEng.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                        0000000076ef27d0 5 bytes JMP 0000000100070270
.text  c:\Program Files\Microsoft Security Client\MsMpEng.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                      0000000076ef27e0 5 bytes JMP 0000000100070400
.text  c:\Program Files\Microsoft Security Client\MsMpEng.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                  0000000076ef29a0 5 bytes JMP 00000001000701f0
.text  c:\Program Files\Microsoft Security Client\MsMpEng.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                   0000000076ef29b0 5 bytes JMP 0000000100070210
.text  c:\Program Files\Microsoft Security Client\MsMpEng.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                        0000000076ef2a20 5 bytes JMP 0000000100070200
.text  c:\Program Files\Microsoft Security Client\MsMpEng.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                        0000000076ef2a80 5 bytes JMP 0000000100070420
.text  c:\Program Files\Microsoft Security Client\MsMpEng.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                         0000000076ef2a90 5 bytes JMP 0000000100070430
.text  c:\Program Files\Microsoft Security Client\MsMpEng.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                    0000000076ef2aa0 5 bytes JMP 0000000100070220
.text  c:\Program Files\Microsoft Security Client\MsMpEng.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                            0000000076ef2b80 5 bytes JMP 0000000100070280
.text  C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                          0000000076ef1360 5 bytes JMP 0000000077050460
.text  C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                   0000000076ef13b0 5 bytes JMP 0000000077050450
.text  C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                   0000000076ef1510 5 bytes JMP 0000000077050370
.text  C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                        0000000076ef1560 5 bytes JMP 0000000077050470
.text  C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                              0000000076ef1570 5 bytes JMP 00000000770503e0
.text  C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                   0000000076ef1620 5 bytes JMP 0000000077050320
.text  C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                            0000000076ef1650 5 bytes JMP 00000000770503b0
.text  C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                               0000000076ef1670 5 bytes JMP 0000000077050390
.text  C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                     0000000076ef16b0 5 bytes JMP 00000000770502e0
.text  C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                   0000000076ef1730 5 bytes JMP 00000000770502d0
.text  C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                 0000000076ef1750 5 bytes JMP 0000000077050310
.text  C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                  0000000076ef1790 5 bytes JMP 00000000770503c0
.text  C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                               0000000076ef17e0 5 bytes JMP 00000000770503f0
.text  C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                  0000000076ef1940 5 bytes JMP 0000000077050230
.text  C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                       0000000076ef1b00 5 bytes JMP 0000000077050480
.text  C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                      0000000076ef1b30 5 bytes JMP 00000000770503a0
.text  C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                               0000000076ef1c10 5 bytes JMP 00000000770502f0
.text  C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                            0000000076ef1c20 5 bytes JMP 0000000077050350
.text  C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                  0000000076ef1c80 5 bytes JMP 0000000077050290
.text  C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                               0000000076ef1d10 5 bytes JMP 00000000770502b0
.text  C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                0000000076ef1d30 5 bytes JMP 00000000770503d0
.text  C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                   0000000076ef1d40 5 bytes JMP 0000000077050330
.text  C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                            0000000076ef1db0 5 bytes JMP 0000000077050410
.text  C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                               0000000076ef1de0 5 bytes JMP 0000000077050240
.text  C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                    0000000076ef20a0 5 bytes JMP 00000000770501e0
.text  C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                               0000000076ef2160 5 bytes JMP 0000000077050250
.text  C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                               0000000076ef2190 5 bytes JMP 0000000077050490
.text  C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                      0000000076ef21a0 5 bytes JMP 00000000770504a0
.text  C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                 0000000076ef21d0 5 bytes JMP 0000000077050300
.text  C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                              0000000076ef21e0 5 bytes JMP 0000000077050360
.text  C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                    0000000076ef2240 5 bytes JMP 00000000770502a0
.text  C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                 0000000076ef2290 5 bytes JMP 00000000770502c0
.text  C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                    0000000076ef22c0 5 bytes JMP 0000000077050380
.text  C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                     0000000076ef22d0 5 bytes JMP 0000000077050340
.text  C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                              0000000076ef25c0 5 bytes JMP 0000000077050440
.text  C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                             0000000076ef27c0 5 bytes JMP 0000000077050260
.text  C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                0000000076ef27d0 5 bytes JMP 0000000077050270
.text  C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                              0000000076ef27e0 5 bytes JMP 0000000077050400
.text  C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                          0000000076ef29a0 5 bytes JMP 00000000770501f0
.text  C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                           0000000076ef29b0 5 bytes JMP 0000000077050210
.text  C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                0000000076ef2a20 5 bytes JMP 0000000077050200
.text  C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                0000000076ef2a80 5 bytes JMP 0000000077050420
.text  C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                 0000000076ef2a90 5 bytes JMP 0000000077050430
.text  C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                            0000000076ef2aa0 5 bytes JMP 0000000077050220
.text  C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                    0000000076ef2b80 5 bytes JMP 0000000077050280
.text  C:\Windows\System32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                          0000000076ef1360 5 bytes JMP 0000000077050460
.text  C:\Windows\System32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                   0000000076ef13b0 5 bytes JMP 0000000077050450
.text  C:\Windows\System32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                   0000000076ef1510 5 bytes JMP 0000000077050370
.text  C:\Windows\System32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                        0000000076ef1560 5 bytes JMP 0000000077050470
.text  C:\Windows\System32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                              0000000076ef1570 5 bytes JMP 00000000770503e0
.text  C:\Windows\System32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                   0000000076ef1620 5 bytes JMP 0000000077050320
.text  C:\Windows\System32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                            0000000076ef1650 5 bytes JMP 00000000770503b0
.text  C:\Windows\System32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                               0000000076ef1670 5 bytes JMP 0000000077050390
.text  C:\Windows\System32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                     0000000076ef16b0 5 bytes JMP 00000000770502e0
.text  C:\Windows\System32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                   0000000076ef1730 5 bytes JMP 00000000770502d0
.text  C:\Windows\System32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                 0000000076ef1750 5 bytes JMP 0000000077050310
.text  C:\Windows\System32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                  0000000076ef1790 5 bytes JMP 00000000770503c0
.text  C:\Windows\System32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                               0000000076ef17e0 5 bytes JMP 00000000770503f0
.text  C:\Windows\System32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                  0000000076ef1940 5 bytes JMP 0000000077050230
.text  C:\Windows\System32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                       0000000076ef1b00 5 bytes JMP 0000000077050480
.text  C:\Windows\System32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                      0000000076ef1b30 5 bytes JMP 00000000770503a0
.text  C:\Windows\System32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                               0000000076ef1c10 5 bytes JMP 00000000770502f0
.text  C:\Windows\System32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                            0000000076ef1c20 5 bytes JMP 0000000077050350
.text  C:\Windows\System32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                  0000000076ef1c80 5 bytes JMP 0000000077050290
.text  C:\Windows\System32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                               0000000076ef1d10 5 bytes JMP 00000000770502b0
.text  C:\Windows\System32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                0000000076ef1d30 5 bytes JMP 00000000770503d0
.text  C:\Windows\System32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                   0000000076ef1d40 5 bytes JMP 0000000077050330
.text  C:\Windows\System32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                            0000000076ef1db0 5 bytes JMP 0000000077050410
.text  C:\Windows\System32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                               0000000076ef1de0 5 bytes JMP 0000000077050240
.text  C:\Windows\System32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                    0000000076ef20a0 5 bytes JMP 00000000770501e0
.text  C:\Windows\System32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                               0000000076ef2160 5 bytes JMP 0000000077050250
.text  C:\Windows\System32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                               0000000076ef2190 5 bytes JMP 0000000077050490
.text  C:\Windows\System32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                      0000000076ef21a0 5 bytes JMP 00000000770504a0
.text  C:\Windows\System32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                 0000000076ef21d0 5 bytes JMP 0000000077050300
.text  C:\Windows\System32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                              0000000076ef21e0 5 bytes JMP 0000000077050360
.text  C:\Windows\System32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                    0000000076ef2240 5 bytes JMP 00000000770502a0
.text  C:\Windows\System32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                 0000000076ef2290 5 bytes JMP 00000000770502c0
.text  C:\Windows\System32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                    0000000076ef22c0 5 bytes JMP 0000000077050380
.text  C:\Windows\System32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                     0000000076ef22d0 5 bytes JMP 0000000077050340
.text  C:\Windows\System32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                              0000000076ef25c0 5 bytes JMP 0000000077050440
.text  C:\Windows\System32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                             0000000076ef27c0 5 bytes JMP 0000000077050260
.text  C:\Windows\System32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                0000000076ef27d0 5 bytes JMP 0000000077050270
.text  C:\Windows\System32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                              0000000076ef27e0 5 bytes JMP 0000000077050400
.text  C:\Windows\System32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                          0000000076ef29a0 5 bytes JMP 00000000770501f0
.text  C:\Windows\System32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                           0000000076ef29b0 5 bytes JMP 0000000077050210
.text  C:\Windows\System32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                0000000076ef2a20 5 bytes JMP 0000000077050200
.text  C:\Windows\System32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                0000000076ef2a80 5 bytes JMP 0000000077050420
.text  C:\Windows\System32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                 0000000076ef2a90 5 bytes JMP 0000000077050430
.text  C:\Windows\System32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                            0000000076ef2aa0 5 bytes JMP 0000000077050220
.text  C:\Windows\System32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                    0000000076ef2b80 5 bytes JMP 0000000077050280
.text  C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                          0000000076ef1360 5 bytes JMP 0000000077050460
.text  C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                   0000000076ef13b0 5 bytes JMP 0000000077050450
.text  C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                   0000000076ef1510 5 bytes JMP 0000000077050370
.text  C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                        0000000076ef1560 5 bytes JMP 0000000077050470
.text  C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                              0000000076ef1570 5 bytes JMP 00000000770503e0
.text  C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                   0000000076ef1620 5 bytes JMP 0000000077050320
.text  C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                            0000000076ef1650 5 bytes JMP 00000000770503b0
.text  C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                               0000000076ef1670 5 bytes JMP 0000000077050390
.text  C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                     0000000076ef16b0 5 bytes JMP 00000000770502e0
.text  C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                   0000000076ef1730 5 bytes JMP 00000000770502d0
.text  C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                 0000000076ef1750 5 bytes JMP 0000000077050310
.text  C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                  0000000076ef1790 5 bytes JMP 00000000770503c0
.text  C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                               0000000076ef17e0 5 bytes JMP 00000000770503f0
.text  C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                  0000000076ef1940 5 bytes JMP 0000000077050230
.text  C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                       0000000076ef1b00 5 bytes JMP 0000000077050480
.text  C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                      0000000076ef1b30 5 bytes JMP 00000000770503a0
.text  C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                               0000000076ef1c10 5 bytes JMP 00000000770502f0
.text  C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                            0000000076ef1c20 5 bytes JMP 0000000077050350
.text  C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                  0000000076ef1c80 5 bytes JMP 0000000077050290
.text  C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                               0000000076ef1d10 5 bytes JMP 00000000770502b0
.text  C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                0000000076ef1d30 5 bytes JMP 00000000770503d0
.text  C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                   0000000076ef1d40 5 bytes JMP 0000000077050330
.text  C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                            0000000076ef1db0 5 bytes JMP 0000000077050410
.text  C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                               0000000076ef1de0 5 bytes JMP 0000000077050240
.text  C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                    0000000076ef20a0 5 bytes JMP 00000000770501e0
.text  C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                               0000000076ef2160 5 bytes JMP 0000000077050250
.text  C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                               0000000076ef2190 5 bytes JMP 0000000077050490
.text  C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                      0000000076ef21a0 5 bytes JMP 00000000770504a0
.text  C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                 0000000076ef21d0 5 bytes JMP 0000000077050300
.text  C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                              0000000076ef21e0 5 bytes JMP 0000000077050360
.text  C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                    0000000076ef2240 5 bytes JMP 00000000770502a0
.text  C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                 0000000076ef2290 5 bytes JMP 00000000770502c0
.text  C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                    0000000076ef22c0 5 bytes JMP 0000000077050380
.text  C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                     0000000076ef22d0 5 bytes JMP 0000000077050340
.text  C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                              0000000076ef25c0 5 bytes JMP 0000000077050440
.text  C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                             0000000076ef27c0 5 bytes JMP 0000000077050260
.text  C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                0000000076ef27d0 5 bytes JMP 0000000077050270
.text  C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                              0000000076ef27e0 5 bytes JMP 0000000077050400
.text  C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                          0000000076ef29a0 5 bytes JMP 00000000770501f0
.text  C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                           0000000076ef29b0 5 bytes JMP 0000000077050210
.text  C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                0000000076ef2a20 5 bytes JMP 0000000077050200
.text  C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                0000000076ef2a80 5 bytes JMP 0000000077050420
.text  C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                 0000000076ef2a90 5 bytes JMP 0000000077050430
.text  C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                            0000000076ef2aa0 5 bytes JMP 0000000077050220
.text  C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                    0000000076ef2b80 5 bytes JMP 0000000077050280
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                         0000000076ef1360 5 bytes JMP 0000000077050460
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                  0000000076ef13b0 5 bytes JMP 0000000077050450
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                  0000000076ef1510 5 bytes JMP 0000000077050370
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                       0000000076ef1560 5 bytes JMP 0000000077050470
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                             0000000076ef1570 5 bytes JMP 00000000770503e0
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                  0000000076ef1620 5 bytes JMP 0000000077050320
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                           0000000076ef1650 5 bytes JMP 00000000770503b0
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                              0000000076ef1670 5 bytes JMP 0000000077050390
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                    0000000076ef16b0 5 bytes JMP 00000000770502e0
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                  0000000076ef1730 5 bytes JMP 00000000770502d0
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                0000000076ef1750 5 bytes JMP 0000000077050310
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                 0000000076ef1790 5 bytes JMP 00000000770503c0
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                              0000000076ef17e0 5 bytes JMP 00000000770503f0
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                 0000000076ef1940 5 bytes JMP 0000000077050230
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                      0000000076ef1b00 5 bytes JMP 0000000077050480
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                     0000000076ef1b30 5 bytes JMP 00000000770503a0
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                              0000000076ef1c10 5 bytes JMP 00000000770502f0
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                           0000000076ef1c20 5 bytes JMP 0000000077050350
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                 0000000076ef1c80 5 bytes JMP 0000000077050290
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                              0000000076ef1d10 5 bytes JMP 00000000770502b0
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                               0000000076ef1d30 5 bytes JMP 00000000770503d0
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                  0000000076ef1d40 5 bytes JMP 0000000077050330
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                           0000000076ef1db0 5 bytes JMP 0000000077050410
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                              0000000076ef1de0 5 bytes JMP 0000000077050240
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                   0000000076ef20a0 5 bytes JMP 00000000770501e0
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                              0000000076ef2160 5 bytes JMP 0000000077050250
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                              0000000076ef2190 5 bytes JMP 0000000077050490
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                     0000000076ef21a0 5 bytes JMP 00000000770504a0
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                0000000076ef21d0 5 bytes JMP 0000000077050300
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                             0000000076ef21e0 5 bytes JMP 0000000077050360
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                   0000000076ef2240 5 bytes JMP 00000000770502a0
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                0000000076ef2290 5 bytes JMP 00000000770502c0
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                   0000000076ef22c0 5 bytes JMP 0000000077050380
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                    0000000076ef22d0 5 bytes JMP 0000000077050340
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                             0000000076ef25c0 5 bytes JMP 0000000077050440
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                            0000000076ef27c0 5 bytes JMP 0000000077050260
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                               0000000076ef27d0 5 bytes JMP 0000000077050270
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                             0000000076ef27e0 5 bytes JMP 0000000077050400
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                         0000000076ef29a0 5 bytes JMP 00000000770501f0
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                          0000000076ef29b0 5 bytes JMP 0000000077050210
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                               0000000076ef2a20 5 bytes JMP 0000000077050200
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                               0000000076ef2a80 5 bytes JMP 0000000077050420
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                0000000076ef2a90 5 bytes JMP 0000000077050430
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                           0000000076ef2aa0 5 bytes JMP 0000000077050220
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                   0000000076ef2b80 5 bytes JMP 0000000077050280
.text  C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                        0000000076ef1360 5 bytes JMP 0000000077050460
.text  C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                 0000000076ef13b0 5 bytes JMP 0000000077050450
.text  C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                 0000000076ef1510 5 bytes JMP 0000000077050370
.text  C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                      0000000076ef1560 5 bytes JMP 0000000077050470
.text  C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                            0000000076ef1570 5 bytes JMP 00000000770503e0
.text  C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                 0000000076ef1620 5 bytes JMP 0000000077050320
.text  C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                          0000000076ef1650 5 bytes JMP 00000000770503b0
.text  C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                             0000000076ef1670 5 bytes JMP 0000000077050390
.text  C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                   0000000076ef16b0 5 bytes JMP 00000000770502e0
.text  C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                 0000000076ef1730 5 bytes JMP 00000000770502d0
.text  C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                               0000000076ef1750 5 bytes JMP 0000000077050310
.text  C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                0000000076ef1790 5 bytes JMP 00000000770503c0
.text  C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                             0000000076ef17e0 5 bytes JMP 00000000770503f0
.text  C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                0000000076ef1940 5 bytes JMP 0000000077050230
.text  C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                     0000000076ef1b00 5 bytes JMP 0000000077050480
.text  C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                    0000000076ef1b30 5 bytes JMP 00000000770503a0
.text  C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                             0000000076ef1c10 5 bytes JMP 00000000770502f0
.text  C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                          0000000076ef1c20 5 bytes JMP 0000000077050350
.text  C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                0000000076ef1c80 5 bytes JMP 0000000077050290
.text  C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                             0000000076ef1d10 5 bytes JMP 00000000770502b0
.text  C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                              0000000076ef1d30 5 bytes JMP 00000000770503d0
.text  C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                 0000000076ef1d40 5 bytes JMP 0000000077050330
.text  C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                          0000000076ef1db0 5 bytes JMP 0000000077050410
.text  C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                             0000000076ef1de0 5 bytes JMP 0000000077050240
.text  C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                  0000000076ef20a0 5 bytes JMP 00000000770501e0
.text  C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                             0000000076ef2160 5 bytes JMP 0000000077050250
.text  C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                             0000000076ef2190 5 bytes JMP 0000000077050490
.text  C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                    0000000076ef21a0 5 bytes JMP 00000000770504a0
.text  C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                               0000000076ef21d0 5 bytes JMP 0000000077050300
.text  C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                            0000000076ef21e0 5 bytes JMP 0000000077050360
.text  C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                  0000000076ef2240 5 bytes JMP 00000000770502a0
.text  C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                               0000000076ef2290 5 bytes JMP 00000000770502c0
.text  C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                  0000000076ef22c0 5 bytes JMP 0000000077050380
.text  C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                   0000000076ef22d0 5 bytes JMP 0000000077050340
.text  C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                            0000000076ef25c0 5 bytes JMP 0000000077050440
.text  C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                           0000000076ef27c0 5 bytes JMP 0000000077050260
.text  C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                              0000000076ef27d0 5 bytes JMP 0000000077050270
.text  C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                            0000000076ef27e0 5 bytes JMP 0000000077050400
.text  C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                        0000000076ef29a0 5 bytes JMP 00000000770501f0
.text  C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                         0000000076ef29b0 5 bytes JMP 0000000077050210
.text  C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                              0000000076ef2a20 5 bytes JMP 0000000077050200
.text  C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                              0000000076ef2a80 5 bytes JMP 0000000077050420
.text  C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                               0000000076ef2a90 5 bytes JMP 0000000077050430
.text  C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                          0000000076ef2aa0 5 bytes JMP 0000000077050220
.text  C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                  0000000076ef2b80 5 bytes JMP 0000000077050280
.text  C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                         0000000076ef1360 5 bytes JMP 0000000077050460
.text  C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                  0000000076ef13b0 5 bytes JMP 0000000077050450
.text  C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                  0000000076ef1510 5 bytes JMP 0000000077050370
.text  C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                       0000000076ef1560 5 bytes JMP 0000000077050470
.text  C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                             0000000076ef1570 5 bytes JMP 00000000770503e0
.text  C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                  0000000076ef1620 5 bytes JMP 0000000077050320
.text  C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                           0000000076ef1650 5 bytes JMP 00000000770503b0
.text  C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                              0000000076ef1670 5 bytes JMP 0000000077050390
.text  C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                    0000000076ef16b0 5 bytes JMP 00000000770502e0
.text  C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                  0000000076ef1730 5 bytes JMP 00000000770502d0
.text  C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                0000000076ef1750 5 bytes JMP 0000000077050310
.text  C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                 0000000076ef1790 5 bytes JMP 00000000770503c0
.text  C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                              0000000076ef17e0 5 bytes JMP 00000000770503f0
.text  C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                 0000000076ef1940 5 bytes JMP 0000000077050230
.text  C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                      0000000076ef1b00 5 bytes JMP 0000000077050480
.text  C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                     0000000076ef1b30 5 bytes JMP 00000000770503a0
.text  C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                              0000000076ef1c10 5 bytes JMP 00000000770502f0
.text  C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                           0000000076ef1c20 5 bytes JMP 0000000077050350
.text  C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                 0000000076ef1c80 5 bytes JMP 0000000077050290
.text  C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                              0000000076ef1d10 5 bytes JMP 00000000770502b0
.text  C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                               0000000076ef1d30 5 bytes JMP 00000000770503d0
.text  C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                  0000000076ef1d40 5 bytes JMP 0000000077050330
.text  C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                           0000000076ef1db0 5 bytes JMP 0000000077050410
.text  C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                              0000000076ef1de0 5 bytes JMP 0000000077050240
.text  C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                   0000000076ef20a0 5 bytes JMP 00000000770501e0
.text  C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                              0000000076ef2160 5 bytes JMP 0000000077050250
.text  C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                              0000000076ef2190 5 bytes JMP 0000000077050490
.text  C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                     0000000076ef21a0 5 bytes JMP 00000000770504a0
.text  C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                0000000076ef21d0 5 bytes JMP 0000000077050300
.text  C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                             0000000076ef21e0 5 bytes JMP 0000000077050360
(end)

Kermit1973 · 24.03.2015, 10:36

... 3. Teil

Gmer Teil 2

Code:

ATTFilter

.text  C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                   0000000076ef2240 5 bytes JMP 00000000770502a0
.text  C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                0000000076ef2290 5 bytes JMP 00000000770502c0
.text  C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                   0000000076ef22c0 5 bytes JMP 0000000077050380
.text  C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                    0000000076ef22d0 5 bytes JMP 0000000077050340
.text  C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                             0000000076ef25c0 5 bytes JMP 0000000077050440
.text  C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                            0000000076ef27c0 5 bytes JMP 0000000077050260
.text  C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                               0000000076ef27d0 5 bytes JMP 0000000077050270
.text  C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                             0000000076ef27e0 5 bytes JMP 0000000077050400
.text  C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                         0000000076ef29a0 5 bytes JMP 00000000770501f0
.text  C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                          0000000076ef29b0 5 bytes JMP 0000000077050210
.text  C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                               0000000076ef2a20 5 bytes JMP 0000000077050200
.text  C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                               0000000076ef2a80 5 bytes JMP 0000000077050420
.text  C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                0000000076ef2a90 5 bytes JMP 0000000077050430
.text  C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                           0000000076ef2aa0 5 bytes JMP 0000000077050220
.text  C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                   0000000076ef2b80 5 bytes JMP 0000000077050280
.text  C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                         0000000076ef1360 5 bytes JMP 0000000100070460
.text  C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                  0000000076ef13b0 5 bytes JMP 0000000100070450
.text  C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                  0000000076ef1510 5 bytes JMP 0000000100070370
.text  C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                       0000000076ef1560 5 bytes JMP 0000000100070470
.text  C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                             0000000076ef1570 5 bytes JMP 00000001000703e0
.text  C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                  0000000076ef1620 5 bytes JMP 0000000100070320
.text  C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                           0000000076ef1650 5 bytes JMP 00000001000703b0
.text  C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                              0000000076ef1670 5 bytes JMP 0000000100070390
.text  C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                    0000000076ef16b0 5 bytes JMP 00000001000702e0
.text  C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                  0000000076ef1730 5 bytes JMP 00000001000702d0
.text  C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                0000000076ef1750 5 bytes JMP 0000000100070310
.text  C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                 0000000076ef1790 5 bytes JMP 00000001000703c0
.text  C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                              0000000076ef17e0 5 bytes JMP 00000001000703f0
.text  C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                 0000000076ef1940 5 bytes JMP 0000000100070230
.text  C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                      0000000076ef1b00 5 bytes JMP 0000000100070480
.text  C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                     0000000076ef1b30 5 bytes JMP 00000001000703a0
.text  C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                              0000000076ef1c10 5 bytes JMP 00000001000702f0
.text  C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                           0000000076ef1c20 5 bytes JMP 0000000100070350
.text  C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                 0000000076ef1c80 5 bytes JMP 0000000100070290
.text  C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                              0000000076ef1d10 5 bytes JMP 00000001000702b0
.text  C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                               0000000076ef1d30 5 bytes JMP 00000001000703d0
.text  C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                  0000000076ef1d40 5 bytes JMP 0000000100070330
.text  C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                           0000000076ef1db0 5 bytes JMP 0000000100070410
.text  C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                              0000000076ef1de0 5 bytes JMP 0000000100070240
.text  C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                   0000000076ef20a0 5 bytes JMP 00000001000701e0
.text  C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                              0000000076ef2160 5 bytes JMP 0000000100070250
.text  C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                              0000000076ef2190 5 bytes JMP 0000000100070490
.text  C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                     0000000076ef21a0 5 bytes JMP 00000001000704a0
.text  C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                0000000076ef21d0 5 bytes JMP 0000000100070300
.text  C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                             0000000076ef21e0 5 bytes JMP 0000000100070360
.text  C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                   0000000076ef2240 5 bytes JMP 00000001000702a0
.text  C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                0000000076ef2290 5 bytes JMP 00000001000702c0
.text  C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                   0000000076ef22c0 5 bytes JMP 0000000100070380
.text  C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                    0000000076ef22d0 5 bytes JMP 0000000100070340
.text  C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                             0000000076ef25c0 5 bytes JMP 0000000100070440
.text  C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                            0000000076ef27c0 5 bytes JMP 0000000100070260
.text  C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                               0000000076ef27d0 5 bytes JMP 0000000100070270
.text  C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                             0000000076ef27e0 5 bytes JMP 0000000100070400
.text  C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                         0000000076ef29a0 5 bytes JMP 00000001000701f0
.text  C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                          0000000076ef29b0 5 bytes JMP 0000000100070210
.text  C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                               0000000076ef2a20 5 bytes JMP 0000000100070200
.text  C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                               0000000076ef2a80 5 bytes JMP 0000000100070420
.text  C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                0000000076ef2a90 5 bytes JMP 0000000100070430
.text  C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                           0000000076ef2aa0 5 bytes JMP 0000000100070220
.text  C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                   0000000076ef2b80 5 bytes JMP 0000000100070280
.text  C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17      0000000074b31401 2 bytes JMP 762cb21b C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2388] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17        0000000074b31419 2 bytes JMP 762cb346 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17      0000000074b31431 2 bytes JMP 76348ea9 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42      0000000074b3144a 2 bytes CALL 762a48ad C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                * 9
.text  C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2388] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17         0000000074b314dd 2 bytes JMP 763487a2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17  0000000074b314f5 2 bytes JMP 76348978 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2388] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17         0000000074b3150d 2 bytes JMP 76348698 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17  0000000074b31525 2 bytes JMP 76348a62 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17        0000000074b3153d 2 bytes JMP 762bfca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2388] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17             0000000074b31555 2 bytes JMP 762c68ef C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17      0000000074b3156d 2 bytes JMP 76348f61 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17        0000000074b31585 2 bytes JMP 76348ac2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2388] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17           0000000074b3159d 2 bytes JMP 7634865c C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17        0000000074b315b5 2 bytes JMP 762bfd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17      0000000074b315cd 2 bytes JMP 762cb2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20  0000000074b316b2 2 bytes JMP 76348e24 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31  0000000074b316bd 2 bytes JMP 763485f1 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files\Common Files\Motive\pcCMService.exe[2504] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                    0000000076ef1360 5 bytes JMP 0000000077050460
.text  C:\Program Files\Common Files\Motive\pcCMService.exe[2504] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                             0000000076ef13b0 5 bytes JMP 0000000077050450
.text  C:\Program Files\Common Files\Motive\pcCMService.exe[2504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                             0000000076ef1510 5 bytes JMP 0000000077050370
.text  C:\Program Files\Common Files\Motive\pcCMService.exe[2504] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                  0000000076ef1560 5 bytes JMP 0000000077050470
.text  C:\Program Files\Common Files\Motive\pcCMService.exe[2504] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                        0000000076ef1570 5 bytes JMP 00000000770503e0
.text  C:\Program Files\Common Files\Motive\pcCMService.exe[2504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                             0000000076ef1620 5 bytes JMP 0000000077050320
.text  C:\Program Files\Common Files\Motive\pcCMService.exe[2504] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                      0000000076ef1650 5 bytes JMP 00000000770503b0
.text  C:\Program Files\Common Files\Motive\pcCMService.exe[2504] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                         0000000076ef1670 5 bytes JMP 0000000077050390
.text  C:\Program Files\Common Files\Motive\pcCMService.exe[2504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                               0000000076ef16b0 5 bytes JMP 00000000770502e0
.text  C:\Program Files\Common Files\Motive\pcCMService.exe[2504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                             0000000076ef1730 5 bytes JMP 00000000770502d0
.text  C:\Program Files\Common Files\Motive\pcCMService.exe[2504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                           0000000076ef1750 5 bytes JMP 0000000077050310
.text  C:\Program Files\Common Files\Motive\pcCMService.exe[2504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                            0000000076ef1790 5 bytes JMP 00000000770503c0
.text  C:\Program Files\Common Files\Motive\pcCMService.exe[2504] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                         0000000076ef17e0 5 bytes JMP 00000000770503f0
.text  C:\Program Files\Common Files\Motive\pcCMService.exe[2504] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                            0000000076ef1940 5 bytes JMP 0000000077050230
.text  C:\Program Files\Common Files\Motive\pcCMService.exe[2504] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                 0000000076ef1b00 5 bytes JMP 0000000077050480
.text  C:\Program Files\Common Files\Motive\pcCMService.exe[2504] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                0000000076ef1b30 5 bytes JMP 00000000770503a0
.text  C:\Program Files\Common Files\Motive\pcCMService.exe[2504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                         0000000076ef1c10 5 bytes JMP 00000000770502f0
.text  C:\Program Files\Common Files\Motive\pcCMService.exe[2504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                      0000000076ef1c20 5 bytes JMP 0000000077050350
.text  C:\Program Files\Common Files\Motive\pcCMService.exe[2504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                            0000000076ef1c80 5 bytes JMP 0000000077050290
.text  C:\Program Files\Common Files\Motive\pcCMService.exe[2504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                         0000000076ef1d10 5 bytes JMP 00000000770502b0
.text  C:\Program Files\Common Files\Motive\pcCMService.exe[2504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                          0000000076ef1d30 5 bytes JMP 00000000770503d0
.text  C:\Program Files\Common Files\Motive\pcCMService.exe[2504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                             0000000076ef1d40 5 bytes JMP 0000000077050330
.text  C:\Program Files\Common Files\Motive\pcCMService.exe[2504] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                      0000000076ef1db0 5 bytes JMP 0000000077050410
.text  C:\Program Files\Common Files\Motive\pcCMService.exe[2504] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                         0000000076ef1de0 5 bytes JMP 0000000077050240
.text  C:\Program Files\Common Files\Motive\pcCMService.exe[2504] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                              0000000076ef20a0 5 bytes JMP 00000000770501e0
.text  C:\Program Files\Common Files\Motive\pcCMService.exe[2504] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                         0000000076ef2160 5 bytes JMP 0000000077050250
.text  C:\Program Files\Common Files\Motive\pcCMService.exe[2504] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                         0000000076ef2190 5 bytes JMP 0000000077050490
.text  C:\Program Files\Common Files\Motive\pcCMService.exe[2504] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                0000000076ef21a0 5 bytes JMP 00000000770504a0
.text  C:\Program Files\Common Files\Motive\pcCMService.exe[2504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                           0000000076ef21d0 5 bytes JMP 0000000077050300
.text  C:\Program Files\Common Files\Motive\pcCMService.exe[2504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                        0000000076ef21e0 5 bytes JMP 0000000077050360
.text  C:\Program Files\Common Files\Motive\pcCMService.exe[2504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                              0000000076ef2240 5 bytes JMP 00000000770502a0
.text  C:\Program Files\Common Files\Motive\pcCMService.exe[2504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                           0000000076ef2290 5 bytes JMP 00000000770502c0
.text  C:\Program Files\Common Files\Motive\pcCMService.exe[2504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                              0000000076ef22c0 5 bytes JMP 0000000077050380
.text  C:\Program Files\Common Files\Motive\pcCMService.exe[2504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                               0000000076ef22d0 5 bytes JMP 0000000077050340
.text  C:\Program Files\Common Files\Motive\pcCMService.exe[2504] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                        0000000076ef25c0 5 bytes JMP 0000000077050440
.text  C:\Program Files\Common Files\Motive\pcCMService.exe[2504] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                       0000000076ef27c0 5 bytes JMP 0000000077050260
.text  C:\Program Files\Common Files\Motive\pcCMService.exe[2504] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                          0000000076ef27d0 5 bytes JMP 0000000077050270
.text  C:\Program Files\Common Files\Motive\pcCMService.exe[2504] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                        0000000076ef27e0 5 bytes JMP 0000000077050400
.text  C:\Program Files\Common Files\Motive\pcCMService.exe[2504] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                    0000000076ef29a0 5 bytes JMP 00000000770501f0
.text  C:\Program Files\Common Files\Motive\pcCMService.exe[2504] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                     0000000076ef29b0 5 bytes JMP 0000000077050210
.text  C:\Program Files\Common Files\Motive\pcCMService.exe[2504] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                          0000000076ef2a20 5 bytes JMP 0000000077050200
.text  C:\Program Files\Common Files\Motive\pcCMService.exe[2504] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                          0000000076ef2a80 5 bytes JMP 0000000077050420
.text  C:\Program Files\Common Files\Motive\pcCMService.exe[2504] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                           0000000076ef2a90 5 bytes JMP 0000000077050430
.text  C:\Program Files\Common Files\Motive\pcCMService.exe[2504] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                      0000000076ef2aa0 5 bytes JMP 0000000077050220
.text  C:\Program Files\Common Files\Motive\pcCMService.exe[2504] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                              0000000076ef2b80 5 bytes JMP 0000000077050280
.text  C:\Windows\system32\svchost.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                         0000000076ef1360 5 bytes JMP 0000000100070460
.text  C:\Windows\system32\svchost.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                  0000000076ef13b0 5 bytes JMP 0000000100070450
.text  C:\Windows\system32\svchost.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                  0000000076ef1510 5 bytes JMP 0000000100070370
.text  C:\Windows\system32\svchost.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                       0000000076ef1560 5 bytes JMP 0000000100070470
.text  C:\Windows\system32\svchost.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                             0000000076ef1570 5 bytes JMP 00000001000703e0
.text  C:\Windows\system32\svchost.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                  0000000076ef1620 5 bytes JMP 0000000100070320
.text  C:\Windows\system32\svchost.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                           0000000076ef1650 5 bytes JMP 00000001000703b0
.text  C:\Windows\system32\svchost.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                              0000000076ef1670 5 bytes JMP 0000000100070390
.text  C:\Windows\system32\svchost.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                    0000000076ef16b0 5 bytes JMP 00000001000702e0
.text  C:\Windows\system32\svchost.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                  0000000076ef1730 5 bytes JMP 00000001000702d0
.text  C:\Windows\system32\svchost.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                0000000076ef1750 5 bytes JMP 0000000100070310
.text  C:\Windows\system32\svchost.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                 0000000076ef1790 5 bytes JMP 00000001000703c0
.text  C:\Windows\system32\svchost.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                              0000000076ef17e0 5 bytes JMP 00000001000703f0
.text  C:\Windows\system32\svchost.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                 0000000076ef1940 5 bytes JMP 0000000100070230
.text  C:\Windows\system32\svchost.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                      0000000076ef1b00 5 bytes JMP 0000000100070480
.text  C:\Windows\system32\svchost.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                     0000000076ef1b30 5 bytes JMP 00000001000703a0
.text  C:\Windows\system32\svchost.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                              0000000076ef1c10 5 bytes JMP 00000001000702f0
.text  C:\Windows\system32\svchost.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                           0000000076ef1c20 5 bytes JMP 0000000100070350
.text  C:\Windows\system32\svchost.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                 0000000076ef1c80 5 bytes JMP 0000000100070290
.text  C:\Windows\system32\svchost.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                              0000000076ef1d10 5 bytes JMP 00000001000702b0
.text  C:\Windows\system32\svchost.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                               0000000076ef1d30 5 bytes JMP 00000001000703d0
.text  C:\Windows\system32\svchost.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                  0000000076ef1d40 5 bytes JMP 0000000100070330
.text  C:\Windows\system32\svchost.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                           0000000076ef1db0 5 bytes JMP 0000000100070410
.text  C:\Windows\system32\svchost.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                              0000000076ef1de0 5 bytes JMP 0000000100070240
.text  C:\Windows\system32\svchost.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                   0000000076ef20a0 5 bytes JMP 00000001000701e0
.text  C:\Windows\system32\svchost.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                              0000000076ef2160 5 bytes JMP 0000000100070250
.text  C:\Windows\system32\svchost.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                              0000000076ef2190 5 bytes JMP 0000000100070490
.text  C:\Windows\system32\svchost.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                     0000000076ef21a0 5 bytes JMP 00000001000704a0
.text  C:\Windows\system32\svchost.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                0000000076ef21d0 5 bytes JMP 0000000100070300
.text  C:\Windows\system32\svchost.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                             0000000076ef21e0 5 bytes JMP 0000000100070360
.text  C:\Windows\system32\svchost.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                   0000000076ef2240 5 bytes JMP 00000001000702a0
.text  C:\Windows\system32\svchost.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                0000000076ef2290 5 bytes JMP 00000001000702c0
.text  C:\Windows\system32\svchost.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                   0000000076ef22c0 5 bytes JMP 0000000100070380
.text  C:\Windows\system32\svchost.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                    0000000076ef22d0 5 bytes JMP 0000000100070340
.text  C:\Windows\system32\svchost.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                             0000000076ef25c0 5 bytes JMP 0000000100070440
.text  C:\Windows\system32\svchost.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                            0000000076ef27c0 5 bytes JMP 0000000100070260
.text  C:\Windows\system32\svchost.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                               0000000076ef27d0 5 bytes JMP 0000000100070270
.text  C:\Windows\system32\svchost.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                             0000000076ef27e0 5 bytes JMP 0000000100070400
.text  C:\Windows\system32\svchost.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                         0000000076ef29a0 5 bytes JMP 00000001000701f0
.text  C:\Windows\system32\svchost.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                          0000000076ef29b0 5 bytes JMP 0000000100070210
.text  C:\Windows\system32\svchost.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                               0000000076ef2a20 5 bytes JMP 0000000100070200
.text  C:\Windows\system32\svchost.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                               0000000076ef2a80 5 bytes JMP 0000000100070420
.text  C:\Windows\system32\svchost.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                0000000076ef2a90 5 bytes JMP 0000000100070430
.text  C:\Windows\system32\svchost.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                           0000000076ef2aa0 5 bytes JMP 0000000100070220
.text  C:\Windows\system32\svchost.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                   0000000076ef2b80 5 bytes JMP 0000000100070280
.text  C:\Windows\system32\SearchIndexer.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                   0000000076ef1360 5 bytes JMP 0000000077050460
.text  C:\Windows\system32\SearchIndexer.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                            0000000076ef13b0 5 bytes JMP 0000000077050450
.text  C:\Windows\system32\SearchIndexer.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                            0000000076ef1510 5 bytes JMP 0000000077050370
.text  C:\Windows\system32\SearchIndexer.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                 0000000076ef1560 5 bytes JMP 0000000077050470
.text  C:\Windows\system32\SearchIndexer.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                       0000000076ef1570 5 bytes JMP 00000000770503e0
.text  C:\Windows\system32\SearchIndexer.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                            0000000076ef1620 5 bytes JMP 0000000077050320
.text  C:\Windows\system32\SearchIndexer.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                     0000000076ef1650 5 bytes JMP 00000000770503b0
.text  C:\Windows\system32\SearchIndexer.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                        0000000076ef1670 5 bytes JMP 0000000077050390
.text  C:\Windows\system32\SearchIndexer.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                              0000000076ef16b0 5 bytes JMP 00000000770502e0
.text  C:\Windows\system32\SearchIndexer.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                            0000000076ef1730 5 bytes JMP 00000000770502d0
.text  C:\Windows\system32\SearchIndexer.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                          0000000076ef1750 5 bytes JMP 0000000077050310
.text  C:\Windows\system32\SearchIndexer.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                           0000000076ef1790 5 bytes JMP 00000000770503c0
.text  C:\Windows\system32\SearchIndexer.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                        0000000076ef17e0 5 bytes JMP 00000000770503f0
.text  C:\Windows\system32\SearchIndexer.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                           0000000076ef1940 5 bytes JMP 0000000077050230
.text  C:\Windows\system32\SearchIndexer.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                0000000076ef1b00 5 bytes JMP 0000000077050480
.text  C:\Windows\system32\SearchIndexer.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                               0000000076ef1b30 5 bytes JMP 00000000770503a0
.text  C:\Windows\system32\SearchIndexer.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                        0000000076ef1c10 5 bytes JMP 00000000770502f0
.text  C:\Windows\system32\SearchIndexer.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                     0000000076ef1c20 5 bytes JMP 0000000077050350
.text  C:\Windows\system32\SearchIndexer.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                           0000000076ef1c80 5 bytes JMP 0000000077050290
.text  C:\Windows\system32\SearchIndexer.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                        0000000076ef1d10 5 bytes JMP 00000000770502b0
.text  C:\Windows\system32\SearchIndexer.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                         0000000076ef1d30 5 bytes JMP 00000000770503d0
.text  C:\Windows\system32\SearchIndexer.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                            0000000076ef1d40 5 bytes JMP 0000000077050330
.text  C:\Windows\system32\SearchIndexer.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                     0000000076ef1db0 5 bytes JMP 0000000077050410
.text  C:\Windows\system32\SearchIndexer.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                        0000000076ef1de0 5 bytes JMP 0000000077050240
.text  C:\Windows\system32\SearchIndexer.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                             0000000076ef20a0 5 bytes JMP 00000000770501e0
.text  C:\Windows\system32\SearchIndexer.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                        0000000076ef2160 5 bytes JMP 0000000077050250
.text  C:\Windows\system32\SearchIndexer.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                        0000000076ef2190 5 bytes JMP 0000000077050490
.text  C:\Windows\system32\SearchIndexer.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                               0000000076ef21a0 5 bytes JMP 00000000770504a0
.text  C:\Windows\system32\SearchIndexer.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                          0000000076ef21d0 5 bytes JMP 0000000077050300
.text  C:\Windows\system32\SearchIndexer.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                       0000000076ef21e0 5 bytes JMP 0000000077050360
.text  C:\Windows\system32\SearchIndexer.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                             0000000076ef2240 5 bytes JMP 00000000770502a0
.text  C:\Windows\system32\SearchIndexer.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                          0000000076ef2290 5 bytes JMP 00000000770502c0
.text  C:\Windows\system32\SearchIndexer.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                             0000000076ef22c0 5 bytes JMP 0000000077050380
.text  C:\Windows\system32\SearchIndexer.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                              0000000076ef22d0 5 bytes JMP 0000000077050340
.text  C:\Windows\system32\SearchIndexer.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                       0000000076ef25c0 5 bytes JMP 0000000077050440
.text  C:\Windows\system32\SearchIndexer.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                      0000000076ef27c0 5 bytes JMP 0000000077050260
.text  C:\Windows\system32\SearchIndexer.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                         0000000076ef27d0 5 bytes JMP 0000000077050270
.text  C:\Windows\system32\SearchIndexer.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                       0000000076ef27e0 5 bytes JMP 0000000077050400
.text  C:\Windows\system32\SearchIndexer.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                   0000000076ef29a0 5 bytes JMP 00000000770501f0
.text  C:\Windows\system32\SearchIndexer.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                    0000000076ef29b0 5 bytes JMP 0000000077050210
.text  C:\Windows\system32\SearchIndexer.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                         0000000076ef2a20 5 bytes JMP 0000000077050200
.text  C:\Windows\system32\SearchIndexer.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                         0000000076ef2a80 5 bytes JMP 0000000077050420
.text  C:\Windows\system32\SearchIndexer.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                          0000000076ef2a90 5 bytes JMP 0000000077050430
.text  C:\Windows\system32\SearchIndexer.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                     0000000076ef2aa0 5 bytes JMP 0000000077050220
.text  C:\Windows\system32\SearchIndexer.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                             0000000076ef2b80 5 bytes JMP 0000000077050280
.text  C:\Windows\system32\taskhost.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                        0000000076ef1360 5 bytes JMP 0000000100060460
.text  C:\Windows\system32\taskhost.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                 0000000076ef13b0 5 bytes JMP 0000000100060450
.text  C:\Windows\system32\taskhost.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                 0000000076ef1510 5 bytes JMP 0000000100060370
.text  C:\Windows\system32\taskhost.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                      0000000076ef1560 5 bytes JMP 0000000100060470
.text  C:\Windows\system32\taskhost.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                            0000000076ef1570 5 bytes JMP 00000001000603e0
.text  C:\Windows\system32\taskhost.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                 0000000076ef1620 5 bytes JMP 0000000100060320
.text  C:\Windows\system32\taskhost.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                          0000000076ef1650 5 bytes JMP 00000001000603b0
.text  C:\Windows\system32\taskhost.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                             0000000076ef1670 5 bytes JMP 0000000100060390
.text  C:\Windows\system32\taskhost.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                   0000000076ef16b0 5 bytes JMP 00000001000602e0
.text  C:\Windows\system32\taskhost.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                 0000000076ef1730 5 bytes JMP 00000001000602d0
.text  C:\Windows\system32\taskhost.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                               0000000076ef1750 5 bytes JMP 0000000100060310
.text  C:\Windows\system32\taskhost.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                0000000076ef1790 5 bytes JMP 00000001000603c0
.text  C:\Windows\system32\taskhost.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                             0000000076ef17e0 5 bytes JMP 00000001000603f0
.text  C:\Windows\system32\taskhost.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                0000000076ef1940 5 bytes JMP 0000000100060230
.text  C:\Windows\system32\taskhost.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                     0000000076ef1b00 5 bytes JMP 0000000100060480
.text  C:\Windows\system32\taskhost.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                    0000000076ef1b30 5 bytes JMP 00000001000603a0
.text  C:\Windows\system32\taskhost.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                             0000000076ef1c10 5 bytes JMP 00000001000602f0
.text  C:\Windows\system32\taskhost.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                          0000000076ef1c20 5 bytes JMP 0000000100060350
.text  C:\Windows\system32\taskhost.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                0000000076ef1c80 5 bytes JMP 0000000100060290
.text  C:\Windows\system32\taskhost.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                             0000000076ef1d10 5 bytes JMP 00000001000602b0
.text  C:\Windows\system32\taskhost.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                              0000000076ef1d30 5 bytes JMP 00000001000603d0
.text  C:\Windows\system32\taskhost.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                 0000000076ef1d40 5 bytes JMP 0000000100060330
.text  C:\Windows\system32\taskhost.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                          0000000076ef1db0 5 bytes JMP 0000000100060410
.text  C:\Windows\system32\taskhost.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                             0000000076ef1de0 5 bytes JMP 0000000100060240
.text  C:\Windows\system32\taskhost.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                  0000000076ef20a0 5 bytes JMP 00000001000601e0
.text  C:\Windows\system32\taskhost.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                             0000000076ef2160 5 bytes JMP 0000000100060250
.text  C:\Windows\system32\taskhost.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                             0000000076ef2190 5 bytes JMP 0000000100060490
.text  C:\Windows\system32\taskhost.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                    0000000076ef21a0 5 bytes JMP 00000001000604a0
.text  C:\Windows\system32\taskhost.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                               0000000076ef21d0 5 bytes JMP 0000000100060300
.text  C:\Windows\system32\taskhost.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                            0000000076ef21e0 5 bytes JMP 0000000100060360
.text  C:\Windows\system32\taskhost.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                  0000000076ef2240 5 bytes JMP 00000001000602a0
.text  C:\Windows\system32\taskhost.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                               0000000076ef2290 5 bytes JMP 00000001000602c0
.text  C:\Windows\system32\taskhost.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                  0000000076ef22c0 5 bytes JMP 0000000100060380
.text  C:\Windows\system32\taskhost.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                   0000000076ef22d0 5 bytes JMP 0000000100060340
.text  C:\Windows\system32\taskhost.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                            0000000076ef25c0 5 bytes JMP 0000000100060440
.text  C:\Windows\system32\taskhost.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                           0000000076ef27c0 5 bytes JMP 0000000100060260
.text  C:\Windows\system32\taskhost.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                              0000000076ef27d0 5 bytes JMP 0000000100060270
.text  C:\Windows\system32\taskhost.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                            0000000076ef27e0 5 bytes JMP 0000000100060400
.text  C:\Windows\system32\taskhost.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                        0000000076ef29a0 5 bytes JMP 00000001000601f0
.text  C:\Windows\system32\taskhost.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                         0000000076ef29b0 5 bytes JMP 0000000100060210
.text  C:\Windows\system32\taskhost.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                              0000000076ef2a20 5 bytes JMP 0000000100060200
.text  C:\Windows\system32\taskhost.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                              0000000076ef2a80 5 bytes JMP 0000000100060420
.text  C:\Windows\system32\taskhost.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                               0000000076ef2a90 5 bytes JMP 0000000100060430
.text  C:\Windows\system32\taskhost.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                          0000000076ef2aa0 5 bytes JMP 0000000100060220
.text  C:\Windows\system32\taskhost.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                  0000000076ef2b80 5 bytes JMP 0000000100060280
.text  C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                             0000000076ef1360 5 bytes JMP 0000000077050460
.text  C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                      0000000076ef13b0 5 bytes JMP 0000000077050450
.text  C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                      0000000076ef1510 5 bytes JMP 0000000077050370
.text  C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                           0000000076ef1560 5 bytes JMP 0000000077050470
.text  C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                 0000000076ef1570 5 bytes JMP 00000000770503e0
.text  C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                      0000000076ef1620 5 bytes JMP 0000000077050320
.text  C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                               0000000076ef1650 5 bytes JMP 00000000770503b0
.text  C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                  0000000076ef1670 5 bytes JMP 0000000077050390
.text  C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                        0000000076ef16b0 5 bytes JMP 00000000770502e0
.text  C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                      0000000076ef1730 5 bytes JMP 00000000770502d0
.text  C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                    0000000076ef1750 5 bytes JMP 0000000077050310
.text  C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                     0000000076ef1790 5 bytes JMP 00000000770503c0
.text  C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                  0000000076ef17e0 5 bytes JMP 00000000770503f0
.text  C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                     0000000076ef1940 5 bytes JMP 0000000077050230
.text  C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                          0000000076ef1b00 5 bytes JMP 0000000077050480
.text  C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                         0000000076ef1b30 5 bytes JMP 00000000770503a0
.text  C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                  0000000076ef1c10 5 bytes JMP 00000000770502f0
.text  C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                               0000000076ef1c20 5 bytes JMP 0000000077050350
.text  C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                     0000000076ef1c80 5 bytes JMP 0000000077050290
.text  C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                  0000000076ef1d10 5 bytes JMP 00000000770502b0
.text  C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                   0000000076ef1d30 5 bytes JMP 00000000770503d0
.text  C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                      0000000076ef1d40 5 bytes JMP 0000000077050330
.text  C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                               0000000076ef1db0 5 bytes JMP 0000000077050410
.text  C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                  0000000076ef1de0 5 bytes JMP 0000000077050240
.text  C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                       0000000076ef20a0 5 bytes JMP 00000000770501e0
.text  C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                  0000000076ef2160 5 bytes JMP 0000000077050250
.text  C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                  0000000076ef2190 5 bytes JMP 0000000077050490
.text  C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                         0000000076ef21a0 5 bytes JMP 00000000770504a0
.text  C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                    0000000076ef21d0 5 bytes JMP 0000000077050300
.text  C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                 0000000076ef21e0 5 bytes JMP 0000000077050360
.text  C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                       0000000076ef2240 5 bytes JMP 00000000770502a0
.text  C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                    0000000076ef2290 5 bytes JMP 00000000770502c0
.text  C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                       0000000076ef22c0 5 bytes JMP 0000000077050380
.text  C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                        0000000076ef22d0 5 bytes JMP 0000000077050340
.text  C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                 0000000076ef25c0 5 bytes JMP 0000000077050440
.text  C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                0000000076ef27c0 5 bytes JMP 0000000077050260
.text  C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                   0000000076ef27d0 5 bytes JMP 0000000077050270
.text  C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                 0000000076ef27e0 5 bytes JMP 0000000077050400
.text  C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                             0000000076ef29a0 5 bytes JMP 00000000770501f0
.text  C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                              0000000076ef29b0 5 bytes JMP 0000000077050210
.text  C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                   0000000076ef2a20 5 bytes JMP 0000000077050200
.text  C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                   0000000076ef2a80 5 bytes JMP 0000000077050420
.text  C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                    0000000076ef2a90 5 bytes JMP 0000000077050430
.text  C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                               0000000076ef2aa0 5 bytes JMP 0000000077050220
.text  C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                       0000000076ef2b80 5 bytes JMP 0000000077050280
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                         0000000076ef1360 5 bytes JMP 0000000077050460
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                  0000000076ef13b0 5 bytes JMP 0000000077050450
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                  0000000076ef1510 5 bytes JMP 0000000077050370
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                       0000000076ef1560 5 bytes JMP 0000000077050470
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                             0000000076ef1570 5 bytes JMP 00000000770503e0
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                  0000000076ef1620 5 bytes JMP 0000000077050320
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                           0000000076ef1650 5 bytes JMP 00000000770503b0
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                              0000000076ef1670 5 bytes JMP 0000000077050390
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                    0000000076ef16b0 5 bytes JMP 00000000770502e0
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                  0000000076ef1730 5 bytes JMP 00000000770502d0
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                0000000076ef1750 5 bytes JMP 0000000077050310
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                 0000000076ef1790 5 bytes JMP 00000000770503c0
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                              0000000076ef17e0 5 bytes JMP 00000000770503f0
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                 0000000076ef1940 5 bytes JMP 0000000077050230
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                      0000000076ef1b00 5 bytes JMP 0000000077050480
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                     0000000076ef1b30 5 bytes JMP 00000000770503a0
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                              0000000076ef1c10 5 bytes JMP 00000000770502f0
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                           0000000076ef1c20 5 bytes JMP 0000000077050350
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                 0000000076ef1c80 5 bytes JMP 0000000077050290
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                              0000000076ef1d10 5 bytes JMP 00000000770502b0
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                               0000000076ef1d30 5 bytes JMP 00000000770503d0
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                  0000000076ef1d40 5 bytes JMP 0000000077050330
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                           0000000076ef1db0 5 bytes JMP 0000000077050410
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                              0000000076ef1de0 5 bytes JMP 0000000077050240
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                   0000000076ef20a0 5 bytes JMP 00000000770501e0
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                              0000000076ef2160 5 bytes JMP 0000000077050250
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                              0000000076ef2190 5 bytes JMP 0000000077050490
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                     0000000076ef21a0 5 bytes JMP 00000000770504a0
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                0000000076ef21d0 5 bytes JMP 0000000077050300
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                             0000000076ef21e0 5 bytes JMP 0000000077050360
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                   0000000076ef2240 5 bytes JMP 00000000770502a0
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                0000000076ef2290 5 bytes JMP 00000000770502c0
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                   0000000076ef22c0 5 bytes JMP 0000000077050380
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                    0000000076ef22d0 5 bytes JMP 0000000077050340
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                             0000000076ef25c0 5 bytes JMP 0000000077050440
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                            0000000076ef27c0 5 bytes JMP 0000000077050260
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                               0000000076ef27d0 5 bytes JMP 0000000077050270
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                             0000000076ef27e0 5 bytes JMP 0000000077050400
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                         0000000076ef29a0 5 bytes JMP 00000000770501f0
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                          0000000076ef29b0 5 bytes JMP 0000000077050210
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                               0000000076ef2a20 5 bytes JMP 0000000077050200
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                               0000000076ef2a80 5 bytes JMP 0000000077050420
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                0000000076ef2a90 5 bytes JMP 0000000077050430
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                           0000000076ef2aa0 5 bytes JMP 0000000077050220
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                   0000000076ef2b80 5 bytes JMP 0000000077050280
.text  C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                             0000000076ef1360 5 bytes JMP 0000000077050460
.text  C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                      0000000076ef13b0 5 bytes JMP 0000000077050450
.text  C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                      0000000076ef1510 5 bytes JMP 0000000077050370
.text  C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                           0000000076ef1560 5 bytes JMP 0000000077050470
.text  C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                 0000000076ef1570 5 bytes JMP 00000000770503e0
.text  C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                      0000000076ef1620 5 bytes JMP 0000000077050320
.text  C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                               0000000076ef1650 5 bytes JMP 00000000770503b0
.text  C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                  0000000076ef1670 5 bytes JMP 0000000077050390
.text  C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                        0000000076ef16b0 5 bytes JMP 00000000770502e0
.text  C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                      0000000076ef1730 5 bytes JMP 00000000770502d0
.text  C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                    0000000076ef1750 5 bytes JMP 0000000077050310
.text  C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                     0000000076ef1790 5 bytes JMP 00000000770503c0
.text  C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                  0000000076ef17e0 5 bytes JMP 00000000770503f0
.text  C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                     0000000076ef1940 5 bytes JMP 0000000077050230
.text  C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                          0000000076ef1b00 5 bytes JMP 0000000077050480
.text  C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                         0000000076ef1b30 5 bytes JMP 00000000770503a0
.text  C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                  0000000076ef1c10 5 bytes JMP 00000000770502f0
.text  C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                               0000000076ef1c20 5 bytes JMP 0000000077050350
.text  C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                     0000000076ef1c80 5 bytes JMP 0000000077050290
.text  C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                  0000000076ef1d10 5 bytes JMP 00000000770502b0
.text  C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                   0000000076ef1d30 5 bytes JMP 00000000770503d0
.text  C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                      0000000076ef1d40 5 bytes JMP 0000000077050330
.text  C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                               0000000076ef1db0 5 bytes JMP 0000000077050410
.text  C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                  0000000076ef1de0 5 bytes JMP 0000000077050240
.text  C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                       0000000076ef20a0 5 bytes JMP 00000000770501e0
.text  C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                  0000000076ef2160 5 bytes JMP 0000000077050250
.text  C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                  0000000076ef2190 5 bytes JMP 0000000077050490
.text  C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                         0000000076ef21a0 5 bytes JMP 00000000770504a0
.text  C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                    0000000076ef21d0 5 bytes JMP 0000000077050300
.text  C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                 0000000076ef21e0 5 bytes JMP 0000000077050360
.text  C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                       0000000076ef2240 5 bytes JMP 00000000770502a0
.text  C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                    0000000076ef2290 5 bytes JMP 00000000770502c0
.text  C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                       0000000076ef22c0 5 bytes JMP 0000000077050380
.text  C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                        0000000076ef22d0 5 bytes JMP 0000000077050340
.text  C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                 0000000076ef25c0 5 bytes JMP 0000000077050440
.text  C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                0000000076ef27c0 5 bytes JMP 0000000077050260
.text  C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                   0000000076ef27d0 5 bytes JMP 0000000077050270
.text  C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                 0000000076ef27e0 5 bytes JMP 0000000077050400
.text  C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                             0000000076ef29a0 5 bytes JMP 00000000770501f0
.text  C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                              0000000076ef29b0 5 bytes JMP 0000000077050210
.text  C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                   0000000076ef2a20 5 bytes JMP 0000000077050200
.text  C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                   0000000076ef2a80 5 bytes JMP 0000000077050420
.text  C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                    0000000076ef2a90 5 bytes JMP 0000000077050430
.text  C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                               0000000076ef2aa0 5 bytes JMP 0000000077050220
.text  C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                       0000000076ef2b80 5 bytes JMP 0000000077050280
.text  C:\Program Files\Microsoft Security Client\msseces.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                  0000000076ef1360 5 bytes JMP 0000000077050460
.text  C:\Program Files\Microsoft Security Client\msseces.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                           0000000076ef13b0 5 bytes JMP 0000000077050450
.text  C:\Program Files\Microsoft Security Client\msseces.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                           0000000076ef1510 5 bytes JMP 0000000077050370
.text  C:\Program Files\Microsoft Security Client\msseces.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                0000000076ef1560 5 bytes JMP 0000000077050470
.text  C:\Program Files\Microsoft Security Client\msseces.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                      0000000076ef1570 5 bytes JMP 00000000770503e0
.text  C:\Program Files\Microsoft Security Client\msseces.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                           0000000076ef1620 5 bytes JMP 0000000077050320
.text  C:\Program Files\Microsoft Security Client\msseces.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                    0000000076ef1650 5 bytes JMP 00000000770503b0
.text  C:\Program Files\Microsoft Security Client\msseces.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                       0000000076ef1670 5 bytes JMP 0000000077050390
.text  C:\Program Files\Microsoft Security Client\msseces.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                             0000000076ef16b0 5 bytes JMP 00000000770502e0
.text  C:\Program Files\Microsoft Security Client\msseces.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                           0000000076ef1730 5 bytes JMP 00000000770502d0
.text  C:\Program Files\Microsoft Security Client\msseces.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                         0000000076ef1750 5 bytes JMP 0000000077050310
.text  C:\Program Files\Microsoft Security Client\msseces.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                          0000000076ef1790 5 bytes JMP 00000000770503c0
.text  C:\Program Files\Microsoft Security Client\msseces.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                       0000000076ef17e0 5 bytes JMP 00000000770503f0
.text  C:\Program Files\Microsoft Security Client\msseces.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                          0000000076ef1940 5 bytes JMP 0000000077050230
.text  C:\Program Files\Microsoft Security Client\msseces.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                               0000000076ef1b00 5 bytes JMP 0000000077050480
.text  C:\Program Files\Microsoft Security Client\msseces.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                              0000000076ef1b30 5 bytes JMP 00000000770503a0
.text  C:\Program Files\Microsoft Security Client\msseces.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                       0000000076ef1c10 5 bytes JMP 00000000770502f0
.text  C:\Program Files\Microsoft Security Client\msseces.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                    0000000076ef1c20 5 bytes JMP 0000000077050350
.text  C:\Program Files\Microsoft Security Client\msseces.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                          0000000076ef1c80 5 bytes JMP 0000000077050290
.text  C:\Program Files\Microsoft Security Client\msseces.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                       0000000076ef1d10 5 bytes JMP 00000000770502b0
.text  C:\Program Files\Microsoft Security Client\msseces.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                        0000000076ef1d30 5 bytes JMP 00000000770503d0
.text  C:\Program Files\Microsoft Security Client\msseces.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                           0000000076ef1d40 5 bytes JMP 0000000077050330
.text  C:\Program Files\Microsoft Security Client\msseces.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                    0000000076ef1db0 5 bytes JMP 0000000077050410
.text  C:\Program Files\Microsoft Security Client\msseces.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                       0000000076ef1de0 5 bytes JMP 0000000077050240
.text  C:\Program Files\Microsoft Security Client\msseces.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                            0000000076ef20a0 5 bytes JMP 00000000770501e0
.text  C:\Program Files\Microsoft Security Client\msseces.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                       0000000076ef2160 5 bytes JMP 0000000077050250
.text  C:\Program Files\Microsoft Security Client\msseces.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                       0000000076ef2190 5 bytes JMP 0000000077050490
.text  C:\Program Files\Microsoft Security Client\msseces.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                              0000000076ef21a0 5 bytes JMP 00000000770504a0
.text  C:\Program Files\Microsoft Security Client\msseces.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                         0000000076ef21d0 5 bytes JMP 0000000077050300
.text  C:\Program Files\Microsoft Security Client\msseces.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                      0000000076ef21e0 5 bytes JMP 0000000077050360
.text  C:\Program Files\Microsoft Security Client\msseces.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                            0000000076ef2240 5 bytes JMP 00000000770502a0
.text  C:\Program Files\Microsoft Security Client\msseces.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                         0000000076ef2290 5 bytes JMP 00000000770502c0
.text  C:\Program Files\Microsoft Security Client\msseces.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                            0000000076ef22c0 5 bytes JMP 0000000077050380
.text  C:\Program Files\Microsoft Security Client\msseces.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                             0000000076ef22d0 5 bytes JMP 0000000077050340
.text  C:\Program Files\Microsoft Security Client\msseces.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                      0000000076ef25c0 5 bytes JMP 0000000077050440
.text  C:\Program Files\Microsoft Security Client\msseces.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                     0000000076ef27c0 5 bytes JMP 0000000077050260
.text  C:\Program Files\Microsoft Security Client\msseces.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                        0000000076ef27d0 5 bytes JMP 0000000077050270
.text  C:\Program Files\Microsoft Security Client\msseces.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                      0000000076ef27e0 5 bytes JMP 0000000077050400
.text  C:\Program Files\Microsoft Security Client\msseces.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                  0000000076ef29a0 5 bytes JMP 00000000770501f0
.text  C:\Program Files\Microsoft Security Client\msseces.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                   0000000076ef29b0 5 bytes JMP 0000000077050210
.text  C:\Program Files\Microsoft Security Client\msseces.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                        0000000076ef2a20 5 bytes JMP 0000000077050200
.text  C:\Program Files\Microsoft Security Client\msseces.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                        0000000076ef2a80 5 bytes JMP 0000000077050420
.text  C:\Program Files\Microsoft Security Client\msseces.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                         0000000076ef2a90 5 bytes JMP 0000000077050430
.text  C:\Program Files\Microsoft Security Client\msseces.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                    0000000076ef2aa0 5 bytes JMP 0000000077050220
.text  C:\Program Files\Microsoft Security Client\msseces.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                            0000000076ef2b80 5 bytes JMP 0000000077050280
.text  C:\Windows\System32\svchost.exe[248] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                          0000000076ef1360 5 bytes JMP 0000000077050460
.text  C:\Windows\System32\svchost.exe[248] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                   0000000076ef13b0 5 bytes JMP 0000000077050450
.text  C:\Windows\System32\svchost.exe[248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                   0000000076ef1510 5 bytes JMP 0000000077050370
.text  C:\Windows\System32\svchost.exe[248] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                        0000000076ef1560 5 bytes JMP 0000000077050470
.text  C:\Windows\System32\svchost.exe[248] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                              0000000076ef1570 5 bytes JMP 00000000770503e0
.text  C:\Windows\System32\svchost.exe[248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                   0000000076ef1620 5 bytes JMP 0000000077050320
.text  C:\Windows\System32\svchost.exe[248] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                            0000000076ef1650 5 bytes JMP 00000000770503b0
.text  C:\Windows\System32\svchost.exe[248] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                               0000000076ef1670 5 bytes JMP 0000000077050390
.text  C:\Windows\System32\svchost.exe[248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                     0000000076ef16b0 5 bytes JMP 00000000770502e0
.text  C:\Windows\System32\svchost.exe[248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                   0000000076ef1730 5 bytes JMP 00000000770502d0
.text  C:\Windows\System32\svchost.exe[248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                 0000000076ef1750 5 bytes JMP 0000000077050310
.text  C:\Windows\System32\svchost.exe[248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                  0000000076ef1790 5 bytes JMP 00000000770503c0
.text  C:\Windows\System32\svchost.exe[248] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                               0000000076ef17e0 5 bytes JMP 00000000770503f0
.text  C:\Windows\System32\svchost.exe[248] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                  0000000076ef1940 5 bytes JMP 0000000077050230
.text  C:\Windows\System32\svchost.exe[248] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                       0000000076ef1b00 5 bytes JMP 0000000077050480
.text  C:\Windows\System32\svchost.exe[248] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                      0000000076ef1b30 5 bytes JMP 00000000770503a0
.text  C:\Windows\System32\svchost.exe[248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                               0000000076ef1c10 5 bytes JMP 00000000770502f0
.text  C:\Windows\System32\svchost.exe[248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                            0000000076ef1c20 5 bytes JMP 0000000077050350
.text  C:\Windows\System32\svchost.exe[248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                  0000000076ef1c80 5 bytes JMP 0000000077050290
.text  C:\Windows\System32\svchost.exe[248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                               0000000076ef1d10 5 bytes JMP 00000000770502b0
.text  C:\Windows\System32\svchost.exe[248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                0000000076ef1d30 5 bytes JMP 00000000770503d0
.text  C:\Windows\System32\svchost.exe[248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                   0000000076ef1d40 5 bytes JMP 0000000077050330
.text  C:\Windows\System32\svchost.exe[248] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                            0000000076ef1db0 5 bytes JMP 0000000077050410
.text  C:\Windows\System32\svchost.exe[248] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                               0000000076ef1de0 5 bytes JMP 0000000077050240
.text  C:\Windows\System32\svchost.exe[248] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                    0000000076ef20a0 5 bytes JMP 00000000770501e0
.text  C:\Windows\System32\svchost.exe[248] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                               0000000076ef2160 5 bytes JMP 0000000077050250
.text  C:\Windows\System32\svchost.exe[248] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                               0000000076ef2190 5 bytes JMP 0000000077050490
.text  C:\Windows\System32\svchost.exe[248] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                      0000000076ef21a0 5 bytes JMP 00000000770504a0
.text  C:\Windows\System32\svchost.exe[248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                 0000000076ef21d0 5 bytes JMP 0000000077050300
.text  C:\Windows\System32\svchost.exe[248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                              0000000076ef21e0 5 bytes JMP 0000000077050360
.text  C:\Windows\System32\svchost.exe[248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                    0000000076ef2240 5 bytes JMP 00000000770502a0
.text  C:\Windows\System32\svchost.exe[248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                 0000000076ef2290 5 bytes JMP 00000000770502c0
.text  C:\Windows\System32\svchost.exe[248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                    0000000076ef22c0 5 bytes JMP 0000000077050380
.text  C:\Windows\System32\svchost.exe[248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                     0000000076ef22d0 5 bytes JMP 0000000077050340
.text  C:\Windows\System32\svchost.exe[248] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                              0000000076ef25c0 5 bytes JMP 0000000077050440
.text  C:\Windows\System32\svchost.exe[248] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                             0000000076ef27c0 5 bytes JMP 0000000077050260
.text  C:\Windows\System32\svchost.exe[248] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                0000000076ef27d0 5 bytes JMP 0000000077050270
.text  C:\Windows\System32\svchost.exe[248] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                              0000000076ef27e0 5 bytes JMP 0000000077050400
.text  C:\Windows\System32\svchost.exe[248] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                          0000000076ef29a0 5 bytes JMP 00000000770501f0
.text  C:\Windows\System32\svchost.exe[248] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                           0000000076ef29b0 5 bytes JMP 0000000077050210
.text  C:\Windows\System32\svchost.exe[248] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                0000000076ef2a20 5 bytes JMP 0000000077050200
.text  C:\Windows\System32\svchost.exe[248] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                0000000076ef2a80 5 bytes JMP 0000000077050420
.text  C:\Windows\System32\svchost.exe[248] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                 0000000076ef2a90 5 bytes JMP 0000000077050430
.text  C:\Windows\System32\svchost.exe[248] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                            0000000076ef2aa0 5 bytes JMP 0000000077050220
.text  C:\Windows\System32\svchost.exe[248] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                    0000000076ef2b80 5 bytes JMP 0000000077050280
.text  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3876] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                        0000000076ef1360 5 bytes JMP 0000000077050460
.text  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3876] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                 0000000076ef13b0 5 bytes JMP 0000000077050450
.text  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                 0000000076ef1510 5 bytes JMP 0000000077050370
.text  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3876] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                      0000000076ef1560 5 bytes JMP 0000000077050470
.text  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3876] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                            0000000076ef1570 5 bytes JMP 00000000770503e0
.text  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                 0000000076ef1620 5 bytes JMP 0000000077050320
.text  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3876] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                          0000000076ef1650 5 bytes JMP 00000000770503b0
.text  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3876] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                             0000000076ef1670 5 bytes JMP 0000000077050390
.text  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                   0000000076ef16b0 5 bytes JMP 00000000770502e0
.text  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                 0000000076ef1730 5 bytes JMP 00000000770502d0
.text  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                               0000000076ef1750 5 bytes JMP 0000000077050310
.text  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                0000000076ef1790 5 bytes JMP 00000000770503c0
.text  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3876] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                             0000000076ef17e0 5 bytes JMP 00000000770503f0
.text  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3876] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                0000000076ef1940 5 bytes JMP 0000000077050230
.text  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3876] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                     0000000076ef1b00 5 bytes JMP 0000000077050480
.text  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3876] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                    0000000076ef1b30 5 bytes JMP 00000000770503a0
.text  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                             0000000076ef1c10 5 bytes JMP 00000000770502f0
.text  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                          0000000076ef1c20 5 bytes JMP 0000000077050350
.text  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                0000000076ef1c80 5 bytes JMP 0000000077050290
.text  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                             0000000076ef1d10 5 bytes JMP 00000000770502b0
.text  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                              0000000076ef1d30 5 bytes JMP 00000000770503d0
.text  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                 0000000076ef1d40 5 bytes JMP 0000000077050330
.text  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3876] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                          0000000076ef1db0 5 bytes JMP 0000000077050410
.text  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3876] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                             0000000076ef1de0 5 bytes JMP 0000000077050240
.text  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3876] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                  0000000076ef20a0 5 bytes JMP 00000000770501e0
.text  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3876] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                             0000000076ef2160 5 bytes JMP 0000000077050250
.text  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3876] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                             0000000076ef2190 5 bytes JMP 0000000077050490
.text  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3876] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                    0000000076ef21a0 5 bytes JMP 00000000770504a0
.text  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                               0000000076ef21d0 5 bytes JMP 0000000077050300
.text  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                            0000000076ef21e0 5 bytes JMP 0000000077050360
.text  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                  0000000076ef2240 5 bytes JMP 00000000770502a0
.text  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                               0000000076ef2290 5 bytes JMP 00000000770502c0
.text  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                  0000000076ef22c0 5 bytes JMP 0000000077050380
.text  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                   0000000076ef22d0 5 bytes JMP 0000000077050340
.text  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3876] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                            0000000076ef25c0 5 bytes JMP 0000000077050440
.text  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3876] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                           0000000076ef27c0 5 bytes JMP 0000000077050260
.text  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3876] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                              0000000076ef27d0 5 bytes JMP 0000000077050270
.text  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3876] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                            0000000076ef27e0 5 bytes JMP 0000000077050400
.text  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3876] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                        0000000076ef29a0 5 bytes JMP 00000000770501f0
.text  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3876] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                         0000000076ef29b0 5 bytes JMP 0000000077050210
.text  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3876] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                              0000000076ef2a20 5 bytes JMP 0000000077050200
.text  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3876] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                              0000000076ef2a80 5 bytes JMP 0000000077050420
.text  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3876] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                               0000000076ef2a90 5 bytes JMP 0000000077050430
.text  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3876] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                          0000000076ef2aa0 5 bytes JMP 0000000077050220
.text  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3876] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                  0000000076ef2b80 5 bytes JMP 0000000077050280
.text  C:\Program Files\Alwil Software\Avast5\AvastUI.exe[5184] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter                              00000000762a8791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c4d987570df4                                                                        
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c4d987570df4 (not active ControlSet)                                                    

---- EOF - GMER 2.1 ----

Malwarebytes

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 23.03.2015
Suchlauf-Zeit: 20:57:44
Logdatei: Anti malwarebyte1.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.03.23.02
Rootkit Datenbank: v2015.02.25.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Heiko

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 512065
Verstrichene Zeit: 35 Min, 25 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 3
PUP.Optional.AirGlobe.A, HKU\S-1-5-21-3175191187-1249783048-3626377888-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{4E8BF48A-E271-46A9-AED9-F6CCE14E7D2E}, Keine Aktion durch Benutzer, [9955ba8e7515db5b00bd9b85e2211ae6], 
PUP.Optional.AirGlobe.A, HKU\S-1-5-21-3175191187-1249783048-3626377888-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{4E8BF48A-E271-46A9-AED9-F6CCE14E7D2E}, Keine Aktion durch Benutzer, [9955ba8e7515db5b00bd9b85e2211ae6], 
PUP.Optional.StormWatchApp.A, HKU\S-1-5-21-3175191187-1249783048-3626377888-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\StormWatchApp, Keine Aktion durch Benutzer, [b03ebd8bd9b1f343186d3a9118eb619f], 

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 2
PUP.Optional.SoftwareUpdater.A, C:\Program Files (x86)\SoftwareUpdater, Keine Aktion durch Benutzer, [935b65e31476fc3ace0f63622fd409f7], 
PUP.Optional.AirGlobe.A, C:\Users\Heiko\AppData\Local\Temp\Air Globe, Keine Aktion durch Benutzer, [2dc18bbd98f246f0c503446a0ff49868], 

Dateien: 8
PUP.Optional.Omniboxes.A, C:\Users\Heiko\AppData\Local\Temp\81427095085\0AB14RN2.exe, Keine Aktion durch Benutzer, [af3f20285f2b132349b085a79472ee12], 
PUP.Optional.OutBrowse, C:\Users\Heiko\AppData\Local\Temp\nsj6FA4.tmp\eor.dll, Keine Aktion durch Benutzer, [ae403a0e573343f3379d1ffb877b35cb], 
PUP.Optional.OutBrowse, C:\Users\Heiko\Downloads\installer_adobe_flash_player_English.exe, Keine Aktion durch Benutzer, [e50955f3addd38fee7edc85241c153ad], 
PUP.Optional.SoftwareUpdater.A, C:\Program Files (x86)\SoftwareUpdater\translations.xml, Keine Aktion durch Benutzer, [935b65e31476fc3ace0f63622fd409f7], 
PUP.Optional.SoftwareUpdater.A, C:\Program Files (x86)\SoftwareUpdater\AppsUpd4ter.exe.config, Keine Aktion durch Benutzer, [935b65e31476fc3ace0f63622fd409f7], 
PUP.Optional.SoftwareUpdater.A, C:\Program Files (x86)\SoftwareUpdater\config.xml, Keine Aktion durch Benutzer, [935b65e31476fc3ace0f63622fd409f7], 
PUP.Optional.SoftwareUpdater.A, C:\Program Files (x86)\SoftwareUpdater\Interop.Shell32.dll, Keine Aktion durch Benutzer, [935b65e31476fc3ace0f63622fd409f7], 
Trojan.Agent.KLFGen, C:\Users\Heiko\AppData\Local\Temp\bcgcabfdfcbg.exe, In Quarantäne, [846a1731a6e41620a835497050b33bc5], 

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)

Vielen Dank und Gruss

Kermit

schrauber · 25.03.2015, 19:18

hi,

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Kermit1973 · 26.03.2015, 02:47

Hallo Schrauber,

vielen Dank fuer deine Antwort... Ich habe beide scans laufen lassen es wurde aber nichts gefunden. Die Acer Warnmeldung popt trotzdem immer wieder auf auch wenn ich am Computer gar nichts mache...

Malwarebyte Anti Root kit

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.03.25.07
  rootkit: v2015.02.25.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17691
Heiko :: HEIKO-NOTEBOOK [administrator]

26.03.2015 12:46:53
mbar-log-2015-03-26 (12-46-53).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 525565
Time elapsed: 47 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

TDSS Killer

Code:

ATTFilter

14:05:55.0906 0x1420  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
14:06:03.0027 0x1420  ============================================================
14:06:03.0027 0x1420  Current date / time: 2015/03/26 14:06:03.0027
14:06:03.0027 0x1420  SystemInfo:
14:06:03.0027 0x1420  
14:06:03.0027 0x1420  OS Version: 6.1.7601 ServicePack: 1.0
14:06:03.0027 0x1420  Product type: Workstation
14:06:03.0027 0x1420  ComputerName: HEIKO-NOTEBOOK
14:06:03.0027 0x1420  UserName: Heiko
14:06:03.0027 0x1420  Windows directory: C:\Windows
14:06:03.0027 0x1420  System windows directory: C:\Windows
14:06:03.0027 0x1420  Running under WOW64
14:06:03.0027 0x1420  Processor architecture: Intel x64
14:06:03.0027 0x1420  Number of processors: 2
14:06:03.0027 0x1420  Page size: 0x1000
14:06:03.0027 0x1420  Boot type: Normal boot
14:06:03.0027 0x1420  ============================================================
14:06:03.0678 0x1420  KLMD registered as C:\Windows\system32\drivers\74628340.sys
14:06:04.0453 0x1420  System UUID: {33CAC0F4-97C9-E9AD-DA9A-7A8A86B5DC90}
14:06:05.0739 0x1420  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:06:05.0744 0x1420  ============================================================
14:06:05.0744 0x1420  \Device\Harddisk0\DR0:
14:06:05.0744 0x1420  MBR partitions:
14:06:05.0744 0x1420  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1964800, BlocksNum 0x32000
14:06:05.0744 0x1420  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1996800, BlocksNum 0x23A97AB0
14:06:05.0744 0x1420  ============================================================
14:06:05.0786 0x1420  C: <-> \Device\Harddisk0\DR0\Partition2
14:06:05.0786 0x1420  ============================================================
14:06:05.0786 0x1420  Initialize success
14:06:05.0786 0x1420  ============================================================
14:07:44.0589 0x11a0  ============================================================
14:07:44.0589 0x11a0  Scan started
14:07:44.0589 0x11a0  Mode: Manual; SigCheck; TDLFS; 
14:07:44.0589 0x11a0  ============================================================
14:07:44.0589 0x11a0  KSN ping started
14:07:47.0631 0x11a0  KSN ping finished: true
14:07:48.0692 0x11a0  ================ Scan system memory ========================
14:07:48.0692 0x11a0  System memory - ok
14:07:48.0692 0x11a0  ================ Scan services =============================
14:07:48.0926 0x11a0  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
14:07:49.0113 0x11a0  1394ohci - ok
14:07:49.0207 0x11a0  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
14:07:49.0269 0x11a0  ACPI - ok
14:07:49.0347 0x11a0  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
14:07:49.0457 0x11a0  AcpiPmi - ok
14:07:49.0659 0x11a0  [ 4C72FDD915D62EAEF149BD9C73AB9CF4, 8EA45A1B88DFD819F0ADA3AF36D464E1BF52574269592370E0CC8D0490680E1F ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:07:49.0691 0x11a0  AdobeARMservice - ok
14:07:49.0784 0x11a0  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
14:07:49.0815 0x11a0  adp94xx - ok
14:07:49.0847 0x11a0  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
14:07:49.0878 0x11a0  adpahci - ok
14:07:49.0909 0x11a0  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
14:07:49.0925 0x11a0  adpu320 - ok
14:07:49.0971 0x11a0  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
14:07:50.0159 0x11a0  AeLookupSvc - ok
14:07:50.0268 0x11a0  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
14:07:50.0408 0x11a0  AFD - ok
14:07:50.0502 0x11a0  [ B65F8DBA54F251906BBE8611B5A0E7AB, 9ADE347CB4E7C33D668DAC79A316C97C78D94D296B158F481F3E32F9DA4D647E ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe
14:07:50.0580 0x11a0  AgereModemAudio - ok
14:07:50.0689 0x11a0  [ AF4748EF93416159459769A24A0053AF, AE1C4E67E7555066436112C5A090DC5B49B264E3BA3ECF4CE2F1E9B799089B7D ] AgereSoftModem  C:\Windows\system32\DRIVERS\agrsm64.sys
14:07:50.0783 0x11a0  AgereSoftModem - ok
14:07:50.0861 0x11a0  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
14:07:50.0892 0x11a0  agp440 - ok
14:07:50.0939 0x11a0  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
14:07:51.0032 0x11a0  ALG - ok
14:07:51.0095 0x11a0  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
14:07:51.0126 0x11a0  aliide - ok
14:07:51.0204 0x11a0  [ D0D8877969011D1B0ED9C3C55A9A9108, DFF41D12EA353DFACDF5C1C227D2D44D659EB8C484829651C90F8684CE2B9E49 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
14:07:51.0329 0x11a0  AMD External Events Utility - ok
14:07:51.0360 0x11a0  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
14:07:51.0375 0x11a0  amdide - ok
14:07:51.0422 0x11a0  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
14:07:51.0531 0x11a0  AmdK8 - ok
14:07:51.0828 0x11a0  [ C5758BF1DFD762A5B17041FF061B7750, BA732E670536C73523DA0880485E5028C682FBEAF048F564EB626DA61364CAAD ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
14:07:52.0249 0x11a0  amdkmdag - ok
14:07:52.0311 0x11a0  [ 0E57258E5CC4CC7A9A9A877AFDF0CEC6, 2C3DCB347CD6DAF6F2C8A2531D5165F776855F05D1675A36B9D78BC2C8E0B324 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
14:07:52.0405 0x11a0  amdkmdap - ok
14:07:52.0452 0x11a0  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
14:07:52.0530 0x11a0  AmdPPM - ok
14:07:52.0608 0x11a0  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
14:07:52.0639 0x11a0  amdsata - ok
14:07:52.0686 0x11a0  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
14:07:52.0717 0x11a0  amdsbs - ok
14:07:52.0733 0x11a0  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
14:07:52.0764 0x11a0  amdxata - ok
14:07:52.0826 0x11a0  [ 4FC6E2C2FC50445450651F42E90CC0BD, BC04902B1A5A5C3354E1C4A5C69906ED7DF19F90286BE1AC4E4224E05ED36184 ] Apowersoft_AudioDevice C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys
14:07:52.0873 0x11a0  Apowersoft_AudioDevice - ok
14:07:52.0920 0x11a0  [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID           C:\Windows\system32\drivers\appid.sys
14:07:53.0013 0x11a0  AppID - ok
14:07:53.0060 0x11a0  [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
14:07:53.0138 0x11a0  AppIDSvc - ok
14:07:53.0201 0x11a0  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
14:07:53.0310 0x11a0  Appinfo - ok
14:07:53.0466 0x11a0  [ 612CB66D93ED0F2F21BB109840C7D813, 75484123DA27B8942B13148FCF061C75A08A50386A095143736B593E9C772173 ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:07:53.0497 0x11a0  Apple Mobile Device Service - ok
14:07:53.0544 0x11a0  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
14:07:53.0559 0x11a0  arc - ok
14:07:53.0606 0x11a0  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
14:07:53.0622 0x11a0  arcsas - ok
14:07:53.0809 0x11a0  [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:07:53.0840 0x11a0  aspnet_state - ok
14:07:53.0934 0x11a0  [ BA4B999D245287608A79C92CDAE6F3C1, 799CC0FB185FDF3438687184944E6F6AB6EE73B3B542542D3C13C0FF1A8C0276 ] aswHwid         C:\Windows\system32\drivers\aswHwid.sys
14:07:53.0965 0x11a0  aswHwid - ok
14:07:53.0981 0x11a0  [ 245D3A0670491E1F88759EC45C9F7314, 1FFBDDDC6FCD29770B439933EEB8BE1ABA9149193932B2481720E8E9F265A797 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
14:07:53.0996 0x11a0  aswMonFlt - ok
14:07:54.0059 0x11a0  [ BC18D5B42B19564BA09156410E1FB9BE, 0DA9636632462208AE4D360BFE5A8187644B036A0D43E981665D888A5363B953 ] aswRdr          C:\Windows\system32\drivers\aswRdr2.sys
14:07:54.0074 0x11a0  aswRdr - ok
14:07:54.0137 0x11a0  [ 713AFFD4E38553AEF04617C985B4030B, A09FBE4D49390024E8CF93352EACEB5AC53BEE5A4E5A76F5BE0341F8A002C4DD ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
14:07:54.0152 0x11a0  aswRvrt - ok
14:07:54.0261 0x11a0  [ 669F6B37965756E407B447272B5EE39F, FE2C0A8F96415191650485AED637A45B26E7B9A25A4BFB5D809844BD24FD6BA9 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
14:07:54.0371 0x11a0  aswSnx - ok
14:07:54.0417 0x11a0  [ 3A145C94A519E52FE7E99460DD0DF53C, 91E9544B1B72FCC32463BF34838DAA9F14DCABF3BE9FE9382087ACDB3B4FC598 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
14:07:54.0464 0x11a0  aswSP - ok
14:07:54.0542 0x11a0  [ 8CDA894FA86D03FB43063D5FD85EFCAE, 20D110ACC84300514557AB6E565CFA0101DA749559B52877A41A509E79314AF6 ] aswStm          C:\Windows\system32\drivers\aswStm.sys
14:07:54.0573 0x11a0  aswStm - ok
14:07:54.0651 0x11a0  [ 11644D8399F4AC8BB12C2364DCB87CB4, 828C3A03AB9D5F0650C7B90B7479CCAAD586B22BB7AC6DB7C91E8D9D80427DFB ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
14:07:54.0698 0x11a0  aswVmm - ok
14:07:54.0729 0x11a0  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
14:07:54.0807 0x11a0  AsyncMac - ok
14:07:54.0885 0x11a0  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
14:07:54.0917 0x11a0  atapi - ok
14:07:55.0057 0x11a0  [ E857EEE6B92AAA473EBB3465ADD8F7E7, 1C7E4737E649A025B3C4974A4F7D1353EAB85561FC8ED54E5C22A777E1A189B3 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
14:07:55.0275 0x11a0  athr - ok
14:07:55.0353 0x11a0  [ 24464B908E143D2561E9E452FEE97309, F5A24FEBAD1B1795A075130F7FFDD4EB76C8F1855FA1628A29CAFAF03C1C9183 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
14:07:55.0400 0x11a0  AtiHDAudioService - ok
14:07:55.0665 0x11a0  [ C5758BF1DFD762A5B17041FF061B7750, BA732E670536C73523DA0880485E5028C682FBEAF048F564EB626DA61364CAAD ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
14:07:55.0821 0x11a0  atikmdag - ok
14:07:55.0962 0x11a0  [ F88EF61BCD43ADDF2C9555430C16CD96, 7213FE9B9025DA33B0DEA7338B1E00555FCB88326CE26052C9FF16E72E4715AA ] atksgt          C:\Windows\system32\DRIVERS\atksgt.sys
14:07:56.0087 0x11a0  atksgt - ok
14:07:56.0180 0x11a0  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:07:56.0274 0x11a0  AudioEndpointBuilder - ok
14:07:56.0289 0x11a0  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
14:07:56.0321 0x11a0  AudioSrv - ok
14:07:56.0430 0x11a0  [ 35714DC1ADD995681D890D4382C75721, C1D10F2D47D348DCEA363B676E35A363FE8FA0E24295C4AD90F7EA37826A822D ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
14:07:56.0477 0x11a0  avast! Antivirus - ok
14:07:56.0523 0x11a0  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
14:07:56.0617 0x11a0  AxInstSV - ok
14:07:56.0664 0x11a0  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
14:07:56.0757 0x11a0  b06bdrv - ok
14:07:56.0820 0x11a0  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
14:07:56.0898 0x11a0  b57nd60a - ok
14:07:57.0007 0x11a0  [ 9E84A931DBEE0292E38ED672F6293A99, 2945EAF0AC091709E0C5508B45EC343EDE507AC2B08A2D7D64F286D38424CBC4 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
14:07:57.0132 0x11a0  BCM43XX - ok
14:07:57.0179 0x11a0  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
14:07:57.0257 0x11a0  BDESVC - ok
14:07:57.0272 0x11a0  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
14:07:57.0335 0x11a0  Beep - ok
14:07:57.0459 0x11a0  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
14:07:57.0600 0x11a0  BFE - ok
14:07:57.0709 0x11a0  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
14:07:57.0974 0x11a0  BITS - ok
14:07:58.0005 0x11a0  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
14:07:58.0037 0x11a0  blbdrive - ok
14:07:58.0161 0x11a0  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:07:58.0193 0x11a0  Bonjour Service - ok
14:07:58.0239 0x11a0  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
14:07:58.0333 0x11a0  bowser - ok
14:07:58.0380 0x11a0  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:07:58.0442 0x11a0  BrFiltLo - ok
14:07:58.0473 0x11a0  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:07:58.0536 0x11a0  BrFiltUp - ok
14:07:58.0583 0x11a0  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
14:07:58.0692 0x11a0  BridgeMP - ok
14:07:58.0739 0x11a0  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
14:07:58.0817 0x11a0  Browser - ok
14:07:58.0832 0x11a0  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
14:07:58.0910 0x11a0  Brserid - ok
14:07:58.0941 0x11a0  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
14:07:58.0988 0x11a0  BrSerWdm - ok
14:07:59.0035 0x11a0  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
14:07:59.0097 0x11a0  BrUsbMdm - ok
14:07:59.0113 0x11a0  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
14:07:59.0160 0x11a0  BrUsbSer - ok
14:07:59.0238 0x11a0  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
14:07:59.0316 0x11a0  BthEnum - ok
14:07:59.0347 0x11a0  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
14:07:59.0378 0x11a0  BTHMODEM - ok
14:07:59.0441 0x11a0  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
14:07:59.0519 0x11a0  BthPan - ok
14:07:59.0612 0x11a0  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
14:07:59.0737 0x11a0  BTHPORT - ok
14:07:59.0768 0x11a0  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
14:07:59.0831 0x11a0  bthserv - ok
14:07:59.0909 0x11a0  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
14:07:59.0987 0x11a0  BTHUSB - ok
14:08:00.0018 0x11a0  catchme - ok
14:08:00.0049 0x11a0  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
14:08:00.0111 0x11a0  cdfs - ok
14:08:00.0189 0x11a0  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
14:08:00.0267 0x11a0  cdrom - ok
14:08:00.0345 0x11a0  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
14:08:00.0439 0x11a0  CertPropSvc - ok
14:08:00.0455 0x11a0  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
14:08:00.0501 0x11a0  circlass - ok
14:08:00.0579 0x11a0  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
14:08:00.0642 0x11a0  CLFS - ok
14:08:00.0720 0x11a0  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:08:00.0735 0x11a0  clr_optimization_v2.0.50727_32 - ok
14:08:00.0813 0x11a0  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:08:00.0845 0x11a0  clr_optimization_v2.0.50727_64 - ok
14:08:00.0985 0x11a0  [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:08:01.0032 0x11a0  clr_optimization_v4.0.30319_32 - ok
14:08:01.0094 0x11a0  [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:08:01.0125 0x11a0  clr_optimization_v4.0.30319_64 - ok
14:08:01.0141 0x11a0  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
14:08:01.0188 0x11a0  CmBatt - ok
14:08:01.0235 0x11a0  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
14:08:01.0266 0x11a0  cmdide - ok
14:08:01.0344 0x11a0  [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG             C:\Windows\system32\Drivers\cng.sys
14:08:01.0422 0x11a0  CNG - ok
14:08:01.0469 0x11a0  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
14:08:01.0500 0x11a0  Compbatt - ok
14:08:01.0562 0x11a0  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
14:08:01.0640 0x11a0  CompositeBus - ok
14:08:01.0671 0x11a0  COMSysApp - ok
14:08:01.0687 0x11a0  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
14:08:01.0718 0x11a0  crcdisk - ok
14:08:01.0781 0x11a0  [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc        C:\Windows\system32\cryptsvc.dll
14:08:01.0859 0x11a0  CryptSvc - ok
14:08:01.0937 0x11a0  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
14:08:02.0093 0x11a0  DcomLaunch - ok
14:08:02.0139 0x11a0  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
14:08:02.0217 0x11a0  defragsvc - ok
14:08:02.0295 0x11a0  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
14:08:02.0358 0x11a0  DfsC - ok
14:08:02.0420 0x11a0  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
14:08:02.0529 0x11a0  Dhcp - ok
14:08:02.0576 0x11a0  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
14:08:02.0639 0x11a0  discache - ok
14:08:02.0670 0x11a0  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
14:08:02.0685 0x11a0  Disk - ok
14:08:02.0810 0x11a0  [ D5BCB77BE83CF99F508943945D46343D, 00C5624CE970A05075A19168643BF6E8FA60C764333ECEC088D7FFCA10547833 ] DKbFltr         C:\Windows\syswow64\Drivers\DKbFltr.sys
14:08:02.0826 0x11a0  DKbFltr - ok
14:08:02.0919 0x11a0  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
14:08:03.0013 0x11a0  Dnscache - ok
14:08:03.0075 0x11a0  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
14:08:03.0200 0x11a0  dot3svc - ok
14:08:03.0263 0x11a0  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
14:08:03.0387 0x11a0  DPS - ok
14:08:03.0481 0x11a0  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
14:08:03.0512 0x11a0  drmkaud - ok
14:08:03.0621 0x11a0  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
14:08:03.0715 0x11a0  DXGKrnl - ok
14:08:03.0746 0x11a0  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
14:08:03.0793 0x11a0  EapHost - ok
14:08:03.0949 0x11a0  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
14:08:04.0152 0x11a0  ebdrv - ok
14:08:04.0230 0x11a0  [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] EFS             C:\Windows\System32\lsass.exe
14:08:04.0245 0x11a0  EFS - ok
14:08:04.0386 0x11a0  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
14:08:04.0526 0x11a0  ehRecvr - ok
14:08:04.0573 0x11a0  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
14:08:04.0667 0x11a0  ehSched - ok
14:08:04.0698 0x11a0  ElbyCDIO - ok
14:08:04.0745 0x11a0  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
14:08:04.0838 0x11a0  elxstor - ok
14:08:04.0994 0x11a0  [ FB67AA8AC61B9365ADD546139A21BED6, DDE2053071ED1F7E634FF1A74DB0ACC7D0D19B0AD0CF37DE989FA91B93C76452 ] ePowerSvc       C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
14:08:05.0025 0x11a0  ePowerSvc - ok
14:08:05.0088 0x11a0  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
14:08:05.0135 0x11a0  ErrDev - ok
14:08:05.0244 0x11a0  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
14:08:05.0353 0x11a0  EventSystem - ok
14:08:05.0462 0x11a0  [ 251AF86E0A4DDF3A6B181ED5103B06B1, 1823E7C87F0D8972A89D71B1FB633C5D43744F9803E6A8B866F6EA610032437C ] ewusbnet        C:\Windows\system32\DRIVERS\ewusbnet.sys
14:08:05.0571 0x11a0  ewusbnet - ok
14:08:05.0634 0x11a0  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
14:08:05.0727 0x11a0  exfat - ok
14:08:05.0759 0x11a0  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
14:08:05.0837 0x11a0  fastfat - ok
14:08:05.0946 0x11a0  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
14:08:06.0102 0x11a0  Fax - ok
14:08:06.0149 0x11a0  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
14:08:06.0211 0x11a0  fdc - ok
14:08:06.0273 0x11a0  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
14:08:06.0336 0x11a0  fdPHost - ok
14:08:06.0367 0x11a0  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
14:08:06.0414 0x11a0  FDResPub - ok
14:08:06.0429 0x11a0  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
14:08:06.0461 0x11a0  FileInfo - ok
14:08:06.0476 0x11a0  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
14:08:06.0539 0x11a0  Filetrace - ok
14:08:06.0570 0x11a0  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
14:08:06.0617 0x11a0  flpydisk - ok
14:08:06.0695 0x11a0  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
14:08:06.0741 0x11a0  FltMgr - ok
14:08:06.0866 0x11a0  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
14:08:07.0022 0x11a0  FontCache - ok
14:08:07.0100 0x11a0  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:08:07.0116 0x11a0  FontCache3.0.0.0 - ok
14:08:07.0163 0x11a0  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
14:08:07.0178 0x11a0  FsDepends - ok
14:08:07.0225 0x11a0  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
14:08:07.0256 0x11a0  Fs_Rec - ok
14:08:07.0334 0x11a0  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
14:08:07.0381 0x11a0  fvevol - ok
14:08:07.0397 0x11a0  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
14:08:07.0428 0x11a0  gagp30kx - ok
14:08:07.0506 0x11a0  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:08:07.0521 0x11a0  GEARAspiWDM - ok
14:08:07.0631 0x11a0  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
14:08:07.0771 0x11a0  gpsvc - ok
14:08:07.0911 0x11a0  [ 816FD5A6F3C2F3D600900096632FC60E, D92401C4B56663F8A12B6390562608A125713408B00266C53844129679E48E9C ] Greg_Service    C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
14:08:07.0958 0x11a0  Greg_Service - ok
14:08:08.0083 0x11a0  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:08:08.0114 0x11a0  gupdate - ok
14:08:08.0130 0x11a0  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:08:08.0145 0x11a0  gupdatem - ok
14:08:08.0208 0x11a0  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
14:08:08.0301 0x11a0  hcw85cir - ok
14:08:08.0379 0x11a0  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:08:08.0457 0x11a0  HdAudAddService - ok
14:08:08.0551 0x11a0  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
14:08:08.0598 0x11a0  HDAudBus - ok
14:08:08.0629 0x11a0  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
14:08:08.0676 0x11a0  HidBatt - ok
14:08:08.0723 0x11a0  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
14:08:08.0754 0x11a0  HidBth - ok
14:08:08.0785 0x11a0  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
14:08:08.0832 0x11a0  HidIr - ok
14:08:08.0863 0x11a0  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\System32\hidserv.dll
14:08:08.0910 0x11a0  hidserv - ok
14:08:08.0957 0x11a0  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
14:08:09.0019 0x11a0  HidUsb - ok
14:08:09.0050 0x11a0  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
14:08:09.0175 0x11a0  hkmsvc - ok
14:08:09.0222 0x11a0  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:08:09.0347 0x11a0  HomeGroupListener - ok
14:08:09.0409 0x11a0  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:08:09.0471 0x11a0  HomeGroupProvider - ok
14:08:09.0503 0x11a0  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
14:08:09.0549 0x11a0  HpSAMD - ok
14:08:09.0737 0x11a0  [ B6639BF8236BDD3427B10C581332BE71, A6A9DB37BB83C70F01E7D99CA4891FD32F93A96C84215CFCC85AF41625C1023C ] HPSupportSolutionsFrameworkService C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
14:08:09.0768 0x11a0  HPSupportSolutionsFrameworkService - ok
14:08:09.0799 0x11a0  HsspConfig - ok
14:08:09.0893 0x11a0  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
14:08:10.0033 0x11a0  HTTP - ok
14:08:10.0111 0x11a0  [ 4B5C07DB91A0099272FAAE732E1152BD, E0408F85A2E1E310F5143A01A34456F120875D21E0E9D0A9F9EBC96514CFC47C ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
14:08:10.0142 0x11a0  hwdatacard - ok
14:08:10.0205 0x11a0  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
14:08:10.0236 0x11a0  hwpolicy - ok
14:08:10.0298 0x11a0  [ 9C13A2691AC410CC7469F298684DCA5D, 2B07FE759B479A36AB4DE185AF8B4295396A1F8674587721BE7C92FC31ADFF0D ] hwusbfake       C:\Windows\system32\DRIVERS\ewusbfake.sys
14:08:10.0345 0x11a0  hwusbfake - ok
14:08:10.0407 0x11a0  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
14:08:10.0423 0x11a0  i8042prt - ok
14:08:10.0501 0x11a0  [ 7548066DF68A8A1A56B043359F915F37, 6225DDE554E45858374CBD284A85A00F773089A667C08492187A637232B8BD9A ] IAANTMON        C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
14:08:10.0532 0x11a0  IAANTMON - ok
14:08:10.0579 0x11a0  [ 1D004CB1DA6323B1F55CAEF7F94B61D9, 8FFFB429BA46938724BBB87AB9B3EC77EA17C4B893BABDBDD38309F02963D405 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
14:08:10.0595 0x11a0  iaStor - ok
14:08:10.0673 0x11a0  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
14:08:10.0719 0x11a0  iaStorV - ok
14:08:10.0860 0x11a0  [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
14:08:10.0907 0x11a0  IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
14:08:14.0058 0x11a0  Detect skipped due to KSN trusted
14:08:14.0058 0x11a0  IDriverT - ok
14:08:14.0198 0x11a0  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:08:14.0245 0x11a0  idsvc - ok
14:08:14.0307 0x11a0  IEEtwCollectorService - ok
14:08:14.0588 0x11a0  [ A87261EF1546325B559374F5689CF5BC, 8DE48A8A13A32AAAC54CDDF58F3F61BE3E2802C1D9CA1CA98E57EB0D65FB6002 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
14:08:14.0994 0x11a0  igfx - ok
14:08:15.0041 0x11a0  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
14:08:15.0056 0x11a0  iirsp - ok
14:08:15.0165 0x11a0  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
14:08:15.0275 0x11a0  IKEEXT - ok
14:08:15.0415 0x11a0  [ 9AA6A93852E36FE76C3F7FC2904F3B01, F4E8E7FB956B59B450F1D830597EA0FBE8F99526EB0EAA886FA21761514C9B05 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:08:15.0587 0x11a0  IntcAzAudAddService - ok
14:08:15.0633 0x11a0  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
14:08:15.0649 0x11a0  intelide - ok
14:08:15.0696 0x11a0  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
14:08:15.0774 0x11a0  intelppm - ok
14:08:15.0836 0x11a0  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
14:08:15.0930 0x11a0  IPBusEnum - ok
14:08:15.0992 0x11a0  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:08:16.0086 0x11a0  IpFilterDriver - ok
14:08:16.0164 0x11a0  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
14:08:16.0242 0x11a0  iphlpsvc - ok
14:08:16.0289 0x11a0  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
14:08:16.0320 0x11a0  IPMIDRV - ok
14:08:16.0382 0x11a0  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
14:08:16.0491 0x11a0  IPNAT - ok
14:08:16.0554 0x11a0  [ A4857E8B1DEB9740FB5ADEDF05ED69E0, 24FC7A188D32B08CE4F10EEEF17F37C45DB5433158A7A97A07D43F6BEE58DFFC ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
14:08:16.0585 0x11a0  iPod Service - ok
14:08:16.0616 0x11a0  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
14:08:16.0694 0x11a0  IRENUM - ok
14:08:16.0741 0x11a0  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
14:08:16.0757 0x11a0  isapnp - ok
14:08:16.0819 0x11a0  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
14:08:16.0866 0x11a0  iScsiPrt - ok
14:08:16.0913 0x11a0  [ 249EE2D26CB1530F3BEDE0AC8B9E3099, 6EBF72DCCDC1EFCD9FE712B895D61359F46C2AF41F1EC47A3C486E79AA1BC026 ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
14:08:16.0944 0x11a0  k57nd60a - ok
14:08:16.0975 0x11a0  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
14:08:16.0991 0x11a0  kbdclass - ok
14:08:17.0037 0x11a0  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
14:08:17.0100 0x11a0  kbdhid - ok
14:08:17.0131 0x11a0  [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] KeyIso          C:\Windows\system32\lsass.exe
14:08:17.0147 0x11a0  KeyIso - ok
14:08:17.0209 0x11a0  [ 56ED3EE5FED6BF2FC1305CF872042868, 44F77AE3CD83284800FF106156ABCB63047327855E2535EE278289AF6F05579C ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
14:08:17.0256 0x11a0  KSecDD - ok
14:08:17.0271 0x11a0  [ 8BA90F480705D7153AD0060CCA62222A, B3E610DFAB382368114D026947084A72AFC4F5BF9C28317F411D4ED91E0B3192 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
14:08:17.0287 0x11a0  KSecPkg - ok
14:08:17.0318 0x11a0  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
14:08:17.0396 0x11a0  ksthunk - ok
14:08:17.0427 0x11a0  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
14:08:17.0505 0x11a0  KtmRm - ok
14:08:17.0537 0x11a0  [ 2AC603C3188C704CFCE353659AA7AD71, 0DAC2E8858221145FA35883BAE0D6484E60EB624158DE9F063FF209951CD1CDF ] L1E             C:\Windows\system32\DRIVERS\L1E62x64.sys
14:08:17.0552 0x11a0  L1E - ok
14:08:17.0615 0x11a0  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\System32\srvsvc.dll
14:08:17.0739 0x11a0  LanmanServer - ok
14:08:17.0802 0x11a0  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:08:17.0895 0x11a0  LanmanWorkstation - ok
14:08:17.0942 0x11a0  [ 8E4CA9AFD55EF6B509C80A8715ABF8C6, 45698605D17285D346D2052607AEF492EBD89E9625367C31584C7C84757EEFE0 ] lirsgt          C:\Windows\system32\DRIVERS\lirsgt.sys
14:08:18.0020 0x11a0  lirsgt - ok
14:08:18.0067 0x11a0  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
14:08:18.0176 0x11a0  lltdio - ok
14:08:18.0207 0x11a0  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
14:08:18.0332 0x11a0  lltdsvc - ok
14:08:18.0363 0x11a0  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
14:08:18.0426 0x11a0  lmhosts - ok
14:08:18.0504 0x11a0  [ 5DCD36FC4A6ECBF6E7F9B3BF7E0D0F55, 265BDBC10CC256CB35F2BF5A9A25246D1859400087370A2B629783B9D3F7D0D4 ] LPDSVC          C:\Windows\system32\lpdsvc.dll
14:08:18.0597 0x11a0  LPDSVC - ok
14:08:18.0644 0x11a0  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
14:08:18.0691 0x11a0  LSI_FC - ok
14:08:18.0707 0x11a0  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
14:08:18.0722 0x11a0  LSI_SAS - ok
14:08:18.0738 0x11a0  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:08:18.0753 0x11a0  LSI_SAS2 - ok
14:08:18.0785 0x11a0  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:08:18.0800 0x11a0  LSI_SCSI - ok
14:08:18.0847 0x11a0  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
14:08:18.0909 0x11a0  luafv - ok
14:08:18.0956 0x11a0  massfilter - ok
14:08:19.0034 0x11a0  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
14:08:19.0081 0x11a0  Mcx2Svc - ok
14:08:19.0097 0x11a0  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
14:08:19.0128 0x11a0  megasas - ok
14:08:19.0175 0x11a0  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
14:08:19.0206 0x11a0  MegaSR - ok
14:08:19.0299 0x11a0  [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
14:08:19.0331 0x11a0  Microsoft Office Groove Audit Service - ok
14:08:19.0362 0x11a0  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
14:08:19.0440 0x11a0  MMCSS - ok
14:08:19.0549 0x11a0  [ 062A6449D8556B98BD9E1AE48D295E89, 057EACA8FC69A685E157FD361CD0ADB5E0FD7C7FE92B64650D24A0FD6652146B ] mod7700         C:\Windows\system32\DRIVERS\mod7700.sys
14:08:19.0643 0x11a0  mod7700 - ok
14:08:19.0674 0x11a0  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
14:08:19.0736 0x11a0  Modem - ok
14:08:19.0814 0x11a0  [ 1862F31D3B42819F5F50EB2B9C1F37C5, 4D45BAF6177162D1E2A8B9F32AE7C429061119335D83AE34A6184DE7C34FDC9D ] MODRC           C:\Windows\system32\DRIVERS\modrc.sys
14:08:19.0845 0x11a0  MODRC - ok
14:08:19.0877 0x11a0  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
14:08:19.0923 0x11a0  monitor - ok
14:08:20.0001 0x11a0  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
14:08:20.0017 0x11a0  mouclass - ok
14:08:20.0064 0x11a0  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
14:08:20.0111 0x11a0  mouhid - ok
14:08:20.0173 0x11a0  [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
14:08:20.0204 0x11a0  mountmgr - ok
14:08:20.0313 0x11a0  [ 0A68B3E37961CEC327EED518F6D62530, EDEB16545ECDDEA2ADFF73E4DF3E9FD87E4B7126C8CFB037ABAF883D157103DE ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:08:20.0345 0x11a0  MozillaMaintenance - ok
14:08:20.0454 0x11a0  [ FBA4CDA6B3B00D7A116DCC2B5C7E9790, FE909159323290555971F031E7911DCCD035B873E630A230A660C13D57719206 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
14:08:20.0501 0x11a0  MpFilter - ok
14:08:20.0563 0x11a0  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
14:08:20.0594 0x11a0  mpio - ok
14:08:20.0641 0x11a0  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
14:08:20.0688 0x11a0  mpsdrv - ok
14:08:20.0766 0x11a0  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
14:08:20.0906 0x11a0  MpsSvc - ok
14:08:21.0000 0x11a0  [ 9BD4DCB5412921864A7AACDEDFBD1923, 46DEE9B9414D26203B62F0D6CAEBF37A3CEFD118556129547B2C5FC7B6FDBA05 ] MREMP50         C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
14:08:21.0031 0x11a0  MREMP50 - detected UnsignedFile.Multi.Generic ( 1 )
14:08:24.0167 0x11a0  Detect skipped due to KSN trusted
14:08:24.0167 0x11a0  MREMP50 - ok
14:08:24.0291 0x11a0  [ C2758DF79C83A0D12A5599A040CA1818, 236641D2AD596CDC53AE8407F7A7AA02719764CCC7E6D5C547F41FE7C1D67BB5 ] MREMP50a64      C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS
14:08:24.0338 0x11a0  MREMP50a64 - ok
14:08:24.0338 0x11a0  MREMPR5 - ok
14:08:24.0354 0x11a0  MRENDIS5 - ok
14:08:24.0416 0x11a0  [ 07C02C892E8E1A72D6BF35004F0E9C5E, 09ECD59AADF08E2AA0C1BAF5D3D7CBB0948153E531E1F82ECACD43F14F88106B ] MRESP50         C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
14:08:24.0447 0x11a0  MRESP50 - detected UnsignedFile.Multi.Generic ( 1 )
14:08:27.0599 0x11a0  Detect skipped due to KSN trusted
14:08:27.0599 0x11a0  MRESP50 - ok
14:08:27.0645 0x11a0  [ 38BD5B32E0722752BE8465D2A6DA43D9, EE009F141D77A858C84B4294F4FF51ECA400D48B3AD735FAC99EEF4E3E00E9EE ] MRESP50a64      C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS
14:08:27.0692 0x11a0  MRESP50a64 - ok
14:08:27.0755 0x11a0  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
14:08:27.0864 0x11a0  MRxDAV - ok
14:08:27.0926 0x11a0  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
14:08:28.0020 0x11a0  mrxsmb - ok
14:08:28.0082 0x11a0  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:08:28.0160 0x11a0  mrxsmb10 - ok
14:08:28.0191 0x11a0  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:08:28.0238 0x11a0  mrxsmb20 - ok
14:08:28.0301 0x11a0  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
14:08:28.0316 0x11a0  msahci - ok
14:08:28.0379 0x11a0  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
14:08:28.0394 0x11a0  msdsm - ok
14:08:28.0425 0x11a0  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
14:08:28.0488 0x11a0  MSDTC - ok
14:08:28.0550 0x11a0  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
14:08:28.0628 0x11a0  Msfs - ok
14:08:28.0659 0x11a0  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
14:08:28.0722 0x11a0  mshidkmdf - ok
14:08:28.0784 0x11a0  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
14:08:28.0815 0x11a0  msisadrv - ok
14:08:28.0862 0x11a0  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
14:08:28.0971 0x11a0  MSiSCSI - ok
14:08:28.0971 0x11a0  msiserver - ok
14:08:29.0003 0x11a0  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
14:08:29.0096 0x11a0  MSKSSRV - ok
14:08:29.0190 0x11a0  [ F46BA4E7F4A34295B20917CD77F6CEC9, 1A91AC1AC1FBFC6922D0430D752240A91C9001373B1F84F960FDE0AC062A411A ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
14:08:29.0221 0x11a0  MsMpSvc - ok
14:08:29.0252 0x11a0  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
14:08:29.0315 0x11a0  MSPCLOCK - ok
14:08:29.0330 0x11a0  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
14:08:29.0377 0x11a0  MSPQM - ok
14:08:29.0439 0x11a0  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
14:08:29.0502 0x11a0  MsRPC - ok
14:08:29.0564 0x11a0  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
14:08:29.0595 0x11a0  mssmbios - ok
14:08:29.0611 0x11a0  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
14:08:29.0658 0x11a0  MSTEE - ok
14:08:29.0673 0x11a0  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
14:08:29.0705 0x11a0  MTConfig - ok
14:08:29.0736 0x11a0  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
14:08:29.0767 0x11a0  Mup - ok
14:08:29.0829 0x11a0  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
14:08:29.0939 0x11a0  napagent - ok
14:08:30.0001 0x11a0  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
14:08:30.0079 0x11a0  NativeWifiP - ok
14:08:30.0157 0x11a0  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
14:08:30.0266 0x11a0  NDIS - ok
14:08:30.0282 0x11a0  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
14:08:30.0344 0x11a0  NdisCap - ok
14:08:30.0375 0x11a0  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
14:08:30.0453 0x11a0  NdisTapi - ok
14:08:30.0516 0x11a0  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
14:08:30.0578 0x11a0  Ndisuio - ok
14:08:30.0625 0x11a0  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
14:08:30.0719 0x11a0  NdisWan - ok
14:08:30.0781 0x11a0  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
14:08:30.0875 0x11a0  NDProxy - ok
14:08:30.0953 0x11a0  [ 2334DC48997BA203B794DF3EE70521DB, 832F4EC1586C9669F2D54AB3B212943E43B87A33B24DCC8CDAD6A0264291EE2F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
14:08:30.0999 0x11a0  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
14:08:34.0182 0x11a0  Detect skipped due to KSN trusted
14:08:34.0182 0x11a0  Net Driver HPZ12 - ok
14:08:34.0260 0x11a0  [ EE00C544C025958AF50C7B199F3C8595, D774DB020D9C46D1AA0B2DB9FA2C36C4A9C38D904CC6929695321D32ACA0D4D1 ] Netaapl         C:\Windows\system32\DRIVERS\netaapl64.sys
14:08:34.0338 0x11a0  Netaapl - ok
14:08:34.0385 0x11a0  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
14:08:34.0478 0x11a0  NetBIOS - ok
14:08:34.0541 0x11a0  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
14:08:34.0634 0x11a0  NetBT - ok
14:08:34.0650 0x11a0  [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] Netlogon        C:\Windows\system32\lsass.exe
14:08:34.0665 0x11a0  Netlogon - ok
14:08:34.0712 0x11a0  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
14:08:34.0821 0x11a0  Netman - ok
14:08:34.0962 0x11a0  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:08:34.0977 0x11a0  NetMsmqActivator - ok
14:08:35.0009 0x11a0  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:08:35.0040 0x11a0  NetPipeActivator - ok
14:08:35.0071 0x11a0  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
14:08:35.0211 0x11a0  netprofm - ok
14:08:35.0243 0x11a0  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:08:35.0274 0x11a0  NetTcpActivator - ok
14:08:35.0274 0x11a0  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:08:35.0305 0x11a0  NetTcpPortSharing - ok
14:08:35.0601 0x11a0  [ 4D85A450EDEF10C38882182753A49AAE, FB6C2D91B2CF834315498BB31F931E2A49066A3158A588FD705F59628DF2F8FC ] NETw5s64        C:\Windows\system32\DRIVERS\NETw5s64.sys
14:08:36.0007 0x11a0  NETw5s64 - ok
14:08:36.0491 0x11a0  [ 98CF53F7B23F77D082805D5DBBD99A4E, 84285D0192B945262F69FE902C76519741425BD7C674364D6E11F96D2BC38B10 ] NETwNs64        C:\Windows\system32\DRIVERS\Netwsw00.sys
14:08:37.0052 0x11a0  NETwNs64 - ok
14:08:37.0115 0x11a0  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
14:08:37.0130 0x11a0  nfrd960 - ok
14:08:37.0224 0x11a0  [ E10B84385C3FEEF4BDE8E6A980535522, 56D9E47B76CDABE45E64C9E74DCBCC2F7C07A44519ED938BD730018C48445614 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
14:08:37.0271 0x11a0  NisDrv - ok
14:08:37.0333 0x11a0  [ 9BF50324444C46997C2492D505B47F2D, 42C74456C64F7D688E0911255746BD2A52A3590AED22B24F7E385760D720B8E9 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
14:08:37.0364 0x11a0  NisSrv - ok
14:08:37.0442 0x11a0  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
14:08:37.0520 0x11a0  NlaSvc - ok
14:08:37.0551 0x11a0  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
14:08:37.0598 0x11a0  Npfs - ok
14:08:37.0629 0x11a0  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
14:08:37.0692 0x11a0  nsi - ok
14:08:37.0723 0x11a0  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
14:08:37.0785 0x11a0  nsiproxy - ok
14:08:37.0926 0x11a0  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
14:08:38.0019 0x11a0  Ntfs - ok
14:08:38.0129 0x11a0  [ 6FD534EDE2905D3C3257CFDD881F9705, 4055EFA3B75D6E0CE5F8E6AAE7DC8856D757CDBD4BD0FB6690F8837364F207D9 ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
14:08:38.0160 0x11a0  NTI IScheduleSvc - ok
14:08:38.0238 0x11a0  [ FD324CCE1D4D5BB5AF65F8E55B462C7E, 901287499F33EFD3B1EE6CBDAD4E4DD342DC62FCDCCEF5375CB9D7B0673EE1E6 ] NTIBackupSvc    C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
14:08:38.0253 0x11a0  NTIBackupSvc - ok
14:08:38.0285 0x11a0  [ 64DDD0DEE976302F4BD93E5EFCC2F013, 19F54B4549999EF96FAE1B2B97973F281304843ADE0CF5823574453AB41E3E9C ] NTIDrvr         C:\Windows\system32\drivers\NTIDrvr.sys
14:08:38.0300 0x11a0  NTIDrvr - ok
14:08:38.0331 0x11a0  [ 3F6268A2EC33CD38CF75C880AF8DED42, 6CA4A527878042C3BB40A7C0F4F9434827C7E60F989EB7C39BBAD0F270404EEE ] NTISchedulerSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
14:08:38.0363 0x11a0  NTISchedulerSvc - ok
14:08:38.0378 0x11a0  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
14:08:38.0425 0x11a0  Null - ok
14:08:38.0487 0x11a0  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
14:08:38.0519 0x11a0  nvraid - ok
14:08:38.0581 0x11a0  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
14:08:38.0597 0x11a0  nvstor - ok
14:08:38.0675 0x11a0  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
14:08:38.0706 0x11a0  nv_agp - ok
14:08:38.0815 0x11a0  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:08:38.0877 0x11a0  odserv - ok
14:08:38.0940 0x11a0  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
14:08:38.0971 0x11a0  ohci1394 - ok
14:08:39.0096 0x11a0  [ 2BA1E814DCBCDB16CDA4B18A0417F88F, 1A9D41092395786B94926652A4C0E36AFD35CB840D086999339410079451636E ] OpenVPNService  C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe
14:08:39.0174 0x11a0  OpenVPNService - ok
14:08:39.0236 0x11a0  [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:08:39.0267 0x11a0  ose - ok
14:08:39.0579 0x11a0  [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:08:39.0845 0x11a0  osppsvc - ok
14:08:39.0923 0x11a0  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
14:08:40.0032 0x11a0  p2pimsvc - ok
14:08:40.0079 0x11a0  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
14:08:40.0157 0x11a0  p2psvc - ok
14:08:40.0203 0x11a0  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
14:08:40.0266 0x11a0  Parport - ok
14:08:40.0328 0x11a0  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
14:08:40.0359 0x11a0  partmgr - ok
14:08:40.0406 0x11a0  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll
14:08:40.0469 0x11a0  PcaSvc - ok
14:08:40.0547 0x11a0  [ 0CA8EC66D00C75BA5009FDE8BD6F45DC, E39BE29DF975FDD6FDFBBA989479CCCAD8E6E63A7CAEA37D63DD511F6B44E1A3 ] pcCMService64   C:\Program Files\Common Files\Motive\pcCMService.exe
14:08:40.0625 0x11a0  pcCMService64 - detected UnsignedFile.Multi.Generic ( 1 )
14:08:43.0745 0x11a0  Detect skipped due to KSN trusted
14:08:43.0745 0x11a0  pcCMService64 - ok
14:08:43.0760 0x11a0  pccsmcfd - ok
14:08:43.0776 0x11a0  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
14:08:43.0807 0x11a0  pci - ok
14:08:43.0869 0x11a0  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
14:08:43.0901 0x11a0  pciide - ok
14:08:43.0947 0x11a0  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
14:08:43.0963 0x11a0  pcmcia - ok
14:08:44.0025 0x11a0  [ 1458F126F56A71673DE7EE968061E7BE, 173E7809A02BA874A99DC5FF4C1278DE70C2F1464E7963C18FCCFA2D452A8A5B ] pcServiceHost   C:\Program Files\Common Files\Motive\pcServiceHost.exe
14:08:44.0088 0x11a0  pcServiceHost - detected UnsignedFile.Multi.Generic ( 1 )
14:08:47.0177 0x11a0  Detect skipped due to KSN trusted
14:08:47.0177 0x11a0  pcServiceHost - ok
14:08:47.0239 0x11a0  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
14:08:47.0270 0x11a0  pcw - ok
14:08:47.0348 0x11a0  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
14:08:47.0457 0x11a0  PEAUTH - ok
14:08:47.0567 0x11a0  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
14:08:47.0629 0x11a0  PerfHost - ok
14:08:47.0738 0x11a0  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
14:08:47.0910 0x11a0  pla - ok
14:08:48.0019 0x11a0  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
14:08:48.0113 0x11a0  PlugPlay - ok
14:08:48.0175 0x11a0  [ AC78DF349F0E4CFB8B667C0CFFF83CCE, 7E635AA2E7350FCA0C954E697F1480A6204920AEFBCF06B90FFA02398DA82822 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
14:08:48.0222 0x11a0  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
14:08:51.0405 0x11a0  Detect skipped due to KSN trusted
14:08:51.0405 0x11a0  Pml Driver HPZ12 - ok
14:08:51.0452 0x11a0  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
14:08:51.0546 0x11a0  PNRPAutoReg - ok
14:08:51.0577 0x11a0  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
14:08:51.0608 0x11a0  PNRPsvc - ok
14:08:51.0670 0x11a0  [ 4F0878FD62D5F7444C5F1C4C66D9D293, B381217D6202C06EE992EBDE061FA20376FF71F698022D0A80168CCD1059453C ] Point64         C:\Windows\system32\DRIVERS\point64.sys
14:08:51.0686 0x11a0  Point64 - ok
14:08:51.0764 0x11a0  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
14:08:51.0858 0x11a0  PolicyAgent - ok
14:08:51.0889 0x11a0  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
14:08:51.0967 0x11a0  Power - ok
14:08:52.0029 0x11a0  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
14:08:52.0076 0x11a0  PptpMiniport - ok
14:08:52.0107 0x11a0  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
14:08:52.0138 0x11a0  Processor - ok
14:08:52.0201 0x11a0  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
14:08:52.0357 0x11a0  ProfSvc - ok
14:08:52.0404 0x11a0  [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:08:52.0435 0x11a0  ProtectedStorage - ok
14:08:52.0497 0x11a0  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
14:08:52.0560 0x11a0  Psched - ok
14:08:52.0638 0x11a0  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
14:08:52.0747 0x11a0  ql2300 - ok
14:08:52.0762 0x11a0  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
14:08:52.0778 0x11a0  ql40xx - ok
14:08:52.0825 0x11a0  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
14:08:52.0887 0x11a0  QWAVE - ok
14:08:52.0903 0x11a0  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
14:08:52.0934 0x11a0  QWAVEdrv - ok
14:08:52.0950 0x11a0  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
14:08:53.0012 0x11a0  RasAcd - ok
14:08:53.0059 0x11a0  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
14:08:53.0121 0x11a0  RasAgileVpn - ok
14:08:53.0137 0x11a0  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
14:08:53.0199 0x11a0  RasAuto - ok
14:08:53.0246 0x11a0  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
14:08:53.0355 0x11a0  Rasl2tp - ok
14:08:53.0433 0x11a0  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
14:08:53.0527 0x11a0  RasMan - ok
14:08:53.0574 0x11a0  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
14:08:53.0636 0x11a0  RasPppoe - ok
14:08:53.0667 0x11a0  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
14:08:53.0731 0x11a0  RasSstp - ok
14:08:53.0809 0x11a0  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
14:08:53.0902 0x11a0  rdbss - ok
14:08:53.0933 0x11a0  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
14:08:53.0980 0x11a0  rdpbus - ok
14:08:54.0011 0x11a0  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
14:08:54.0074 0x11a0  RDPCDD - ok
14:08:54.0121 0x11a0  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
14:08:54.0183 0x11a0  RDPENCDD - ok
14:08:54.0214 0x11a0  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
14:08:54.0245 0x11a0  RDPREFMP - ok
14:08:54.0370 0x11a0  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
14:08:54.0464 0x11a0  RdpVideoMiniport - ok
14:08:54.0526 0x11a0  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
14:08:54.0573 0x11a0  RDPWD - ok
14:08:54.0651 0x11a0  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
14:08:54.0667 0x11a0  rdyboost - ok
14:08:54.0698 0x11a0  RegKill - ok
14:08:54.0729 0x11a0  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
14:08:54.0776 0x11a0  RemoteAccess - ok
14:08:54.0823 0x11a0  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
14:08:54.0947 0x11a0  RemoteRegistry - ok
14:08:55.0010 0x11a0  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
14:08:55.0025 0x11a0  RFCOMM - ok
14:08:55.0072 0x11a0  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
14:08:55.0135 0x11a0  RpcEptMapper - ok
14:08:55.0166 0x11a0  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
14:08:55.0197 0x11a0  RpcLocator - ok
14:08:55.0275 0x11a0  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
14:08:55.0337 0x11a0  RpcSs - ok
14:08:55.0384 0x11a0  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
14:08:55.0462 0x11a0  rspndr - ok
14:08:55.0509 0x11a0  [ 2DB8116D52B19216812C4E6D5D837810, 00A524FF80DE69B6B6CA767C90723E833891C006AB43E65A1F6F14C38B8F2427 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
14:08:55.0603 0x11a0  RSUSBSTOR - ok
14:08:55.0618 0x11a0  RtsUIR - ok
14:08:55.0649 0x11a0  [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] SamSs           C:\Windows\system32\lsass.exe
14:08:55.0665 0x11a0  SamSs - ok
14:08:55.0727 0x11a0  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
14:08:55.0743 0x11a0  sbp2port - ok
14:08:55.0805 0x11a0  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
14:08:55.0883 0x11a0  SCardSvr - ok
14:08:55.0946 0x11a0  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
14:08:56.0008 0x11a0  scfilter - ok
14:08:56.0102 0x11a0  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
14:08:56.0211 0x11a0  Schedule - ok
14:08:56.0273 0x11a0  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
14:08:56.0320 0x11a0  SCPolicySvc - ok
14:08:56.0367 0x11a0  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
14:08:56.0445 0x11a0  SDRSVC - ok
14:08:56.0476 0x11a0  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
14:08:56.0554 0x11a0  secdrv - ok
14:08:56.0601 0x11a0  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
14:08:56.0648 0x11a0  seclogon - ok
14:08:56.0679 0x11a0  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\system32\sens.dll
14:08:56.0741 0x11a0  SENS - ok
14:08:56.0773 0x11a0  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
14:08:56.0835 0x11a0  SensrSvc - ok
14:08:56.0882 0x11a0  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
14:08:56.0929 0x11a0  Serenum - ok
14:08:56.0975 0x11a0  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
14:08:57.0007 0x11a0  Serial - ok
14:08:57.0085 0x11a0  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
14:08:57.0131 0x11a0  sermouse - ok
14:08:57.0194 0x11a0  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
14:08:57.0256 0x11a0  SessionEnv - ok
14:08:57.0319 0x11a0  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
14:08:57.0350 0x11a0  sffdisk - ok
14:08:57.0381 0x11a0  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
14:08:57.0428 0x11a0  sffp_mmc - ok
14:08:57.0459 0x11a0  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
14:08:57.0506 0x11a0  sffp_sd - ok
14:08:57.0553 0x11a0  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
14:08:57.0599 0x11a0  sfloppy - ok
14:08:57.0677 0x11a0  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
14:08:57.0802 0x11a0  SharedAccess - ok
14:08:57.0880 0x11a0  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:08:57.0958 0x11a0  ShellHWDetection - ok
14:08:57.0989 0x11a0  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:08:58.0005 0x11a0  SiSRaid2 - ok
14:08:58.0036 0x11a0  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
14:08:58.0067 0x11a0  SiSRaid4 - ok
14:08:58.0192 0x11a0  [ A9C057A9463C25490CF99EA8DF8A4B35, 8F4D1C40D0F17EDBF84ED455B8946F782C7552383F0A07E410A9B6CFF7F51D63 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
14:08:58.0223 0x11a0  SkypeUpdate - ok
14:08:58.0286 0x11a0  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
14:08:58.0364 0x11a0  Smb - ok
14:08:58.0426 0x11a0  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
14:08:58.0489 0x11a0  SNMPTRAP - ok
14:08:58.0535 0x11a0  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
14:08:58.0551 0x11a0  spldr - ok
14:08:58.0645 0x11a0  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
14:08:58.0738 0x11a0  Spooler - ok
14:08:58.0941 0x11a0  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
14:08:59.0159 0x11a0  sppsvc - ok
14:08:59.0206 0x11a0  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
14:08:59.0300 0x11a0  sppuinotify - ok
14:08:59.0378 0x11a0  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
14:08:59.0487 0x11a0  srv - ok
14:08:59.0549 0x11a0  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
14:08:59.0627 0x11a0  srv2 - ok
14:08:59.0690 0x11a0  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
14:08:59.0721 0x11a0  srvnet - ok
14:08:59.0830 0x11a0  [ 8F8324ED1DE63FFC7B1A02CD2D963C72, E58603F81DEAFF1D45CB83FB6E625E6A13868741B833B1C9E60D672179D18EE0 ] ssadbus         C:\Windows\system32\DRIVERS\ssadbus.sys
14:08:59.0939 0x11a0  ssadbus - ok
14:09:00.0002 0x11a0  [ 58221EFCB74167B73667F0024C661CE0, D9B67A8897B4DC3E4729187F17ABEB4710CF57440D718E17ED828439198D34DB ] ssadmdfl        C:\Windows\system32\DRIVERS\ssadmdfl.sys
14:09:00.0127 0x11a0  ssadmdfl - ok
14:09:00.0205 0x11a0  [ 4DA7C71BFAC5AD71255B7E4CAB980163, 4CC0F9C8E96ECEF36EEB021E448A9734B63512D030516DC38B1A2EEAA1043AEC ] ssadmdm         C:\Windows\system32\DRIVERS\ssadmdm.sys
14:09:00.0251 0x11a0  ssadmdm - ok
14:09:00.0298 0x11a0  [ D33D1BD3EC0E766211A234F56A12726D, 53EEAA94865554F8422D111D717B548DF553B5B8647D2A45F3718BF4AEEBEC27 ] ssadserd        C:\Windows\system32\DRIVERS\ssadserd.sys
14:09:00.0361 0x11a0  ssadserd - ok
14:09:00.0407 0x11a0  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
14:09:00.0470 0x11a0  SSDPSRV - ok
14:09:00.0517 0x11a0  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
14:09:00.0579 0x11a0  SstpSvc - ok
14:09:00.0673 0x11a0  StarOpen - ok
14:09:00.0782 0x11a0  [ DB0768632C680B7C0D3AA92D80416893, BEC3CF4F1CB150AC7C4647DD7C0D5D62B10824308E44467CD77CA3427A46FB20 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
14:09:00.0829 0x11a0  Steam Client Service - ok
14:09:00.0860 0x11a0  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
14:09:00.0891 0x11a0  stexstor - ok
14:09:00.0953 0x11a0  [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
14:09:01.0016 0x11a0  StillCam - ok
14:09:01.0109 0x11a0  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
14:09:01.0203 0x11a0  stisvc - ok
14:09:01.0250 0x11a0  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
14:09:01.0281 0x11a0  swenum - ok
14:09:01.0343 0x11a0  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
14:09:01.0453 0x11a0  swprv - ok
14:09:01.0952 0x11a0  [ BA7DBDCE2373EFAC4EF9EB1DEE273E45, 789D71DFCDE94F289F78464E4EE28E7C55E29E145C69BF733032A2B7F190DD60 ] SyncedTool      C:\Program Files (x86)\Filecloud\bin\agent_service.exe
14:09:02.0186 0x11a0  SyncedTool - ok
14:09:02.0295 0x11a0  [ ED6D1424E5B0C21A57B28DD8508D6843, EF3BBBBD376F22520060BC6D637CDF79E2D8B43A95E746FC1463E7CDC407C2D9 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
14:09:02.0373 0x11a0  SynTP - ok
14:09:02.0498 0x11a0  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
14:09:02.0669 0x11a0  SysMain - ok
14:09:02.0732 0x11a0  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:09:02.0825 0x11a0  TabletInputService - ok
14:09:02.0903 0x11a0  [ 3C32FF010F869BC184DF71290477384E, 55CFCEC7F026C6E2E96A2FBE846AB513BB12BB0348735274FE1B71AF019C837B ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
14:09:02.0966 0x11a0  tap0901 - ok
14:09:03.0028 0x11a0  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
14:09:03.0106 0x11a0  TapiSrv - ok
14:09:03.0137 0x11a0  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
14:09:03.0184 0x11a0  TBS - ok
14:09:03.0325 0x11a0  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
14:09:03.0418 0x11a0  Tcpip - ok
14:09:03.0512 0x11a0  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
14:09:03.0574 0x11a0  TCPIP6 - ok
14:09:03.0652 0x11a0  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
14:09:03.0668 0x11a0  tcpipreg - ok
14:09:03.0699 0x11a0  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
14:09:03.0730 0x11a0  TDPIPE - ok
14:09:03.0808 0x11a0  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
14:09:03.0824 0x11a0  TDTCP - ok
14:09:03.0902 0x11a0  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
14:09:03.0949 0x11a0  tdx - ok
14:09:04.0011 0x11a0  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
14:09:04.0027 0x11a0  TermDD - ok
14:09:04.0105 0x11a0  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
14:09:04.0229 0x11a0  TermService - ok
14:09:04.0276 0x11a0  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
14:09:04.0307 0x11a0  Themes - ok
14:09:04.0339 0x11a0  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
14:09:04.0385 0x11a0  THREADORDER - ok
14:09:04.0432 0x11a0  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
14:09:04.0495 0x11a0  TrkWks - ok
14:09:04.0573 0x11a0  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:09:04.0635 0x11a0  TrustedInstaller - ok
14:09:04.0713 0x11a0  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
14:09:04.0760 0x11a0  tssecsrv - ok
14:09:04.0853 0x11a0  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
14:09:04.0916 0x11a0  TsUsbFlt - ok
14:09:05.0009 0x11a0  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
14:09:05.0087 0x11a0  tunnel - ok
14:09:05.0134 0x11a0  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
14:09:05.0150 0x11a0  uagp35 - ok
14:09:05.0212 0x11a0  [ 2E22C1FD397A5A9FFEF55E9D1FC96C00, 4646712B3F3AF6188DBCE1A95D92261E8B15E9583FE5DD538EC884F48B51759D ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
14:09:05.0228 0x11a0  UBHelper - ok
14:09:05.0306 0x11a0  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
14:09:05.0369 0x11a0  udfs - ok
14:09:05.0432 0x11a0  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
14:09:05.0494 0x11a0  UI0Detect - ok
14:09:05.0525 0x11a0  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
14:09:05.0556 0x11a0  uliagpkx - ok
14:09:05.0619 0x11a0  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
14:09:05.0666 0x11a0  umbus - ok
14:09:05.0744 0x11a0  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
14:09:05.0790 0x11a0  UmPass - ok
14:09:05.0946 0x11a0  [ 70DDE3A86DBEB1D6C3C30AD687B1877A, 2DAE797240DB8F521F1C9D1171524790052E186B060D58A1B102FBFFC80CE48E ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
14:09:05.0962 0x11a0  Updater Service - ok
14:09:06.0009 0x11a0  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
14:09:06.0102 0x11a0  upnphost - ok
14:09:06.0134 0x11a0  upperdev - ok
14:09:06.0196 0x11a0  [ 5C3BE22E485B9BF11FCEFDC676C728D0, F55061066ECF6920D56518A677BB538C18B7F1BB150ED6DB3591408F44E8D53A ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
14:09:07.0740 0x11a0  USBAAPL64 - ok
14:09:07.0850 0x11a0  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
14:09:07.0881 0x11a0  usbaudio - ok
14:09:07.0928 0x11a0  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
14:09:08.0006 0x11a0  usbccgp - ok
14:09:08.0021 0x11a0  USBCCID - ok
14:09:08.0099 0x11a0  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
14:09:08.0193 0x11a0  usbcir - ok
14:09:08.0224 0x11a0  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
14:09:08.0271 0x11a0  usbehci - ok
14:09:08.0349 0x11a0  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
14:09:08.0442 0x11a0  usbhub - ok
14:09:08.0474 0x11a0  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
14:09:08.0505 0x11a0  usbohci - ok
14:09:08.0536 0x11a0  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
14:09:08.0598 0x11a0  usbprint - ok
14:09:08.0661 0x11a0  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\drivers\usbscan.sys
14:09:08.0739 0x11a0  usbscan - ok
14:09:08.0833 0x11a0  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:09:08.0896 0x11a0  USBSTOR - ok
14:09:08.0927 0x11a0  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
14:09:08.0974 0x11a0  usbuhci - ok
14:09:09.0052 0x11a0  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
14:09:09.0130 0x11a0  usbvideo - ok
14:09:09.0161 0x11a0  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
14:09:09.0223 0x11a0  UxSms - ok
14:09:09.0255 0x11a0  [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] VaultSvc        C:\Windows\system32\lsass.exe
14:09:09.0286 0x11a0  VaultSvc - ok
14:09:09.0333 0x11a0  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
14:09:09.0364 0x11a0  vdrvroot - ok
14:09:09.0442 0x11a0  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
14:09:09.0551 0x11a0  vds - ok
14:09:09.0567 0x11a0  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
14:09:09.0582 0x11a0  vga - ok
14:09:09.0613 0x11a0  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
14:09:09.0660 0x11a0  VgaSave - ok
14:09:09.0723 0x11a0  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
14:09:09.0754 0x11a0  vhdmp - ok
14:09:09.0816 0x11a0  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
14:09:09.0847 0x11a0  viaide - ok
14:09:09.0863 0x11a0  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
14:09:09.0879 0x11a0  volmgr - ok
14:09:09.0972 0x11a0  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
14:09:10.0019 0x11a0  volmgrx - ok
14:09:10.0050 0x11a0  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
14:09:10.0081 0x11a0  volsnap - ok
14:09:10.0113 0x11a0  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
14:09:10.0144 0x11a0  vsmraid - ok
14:09:10.0269 0x11a0  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
14:09:10.0425 0x11a0  VSS - ok
14:09:10.0440 0x11a0  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
14:09:10.0471 0x11a0  vwifibus - ok
14:09:10.0487 0x11a0  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
14:09:10.0503 0x11a0  vwififlt - ok
14:09:10.0534 0x11a0  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
14:09:10.0581 0x11a0  vwifimp - ok
14:09:10.0643 0x11a0  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
14:09:10.0752 0x11a0  W32Time - ok
14:09:10.0799 0x11a0  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
14:09:10.0846 0x11a0  WacomPen - ok
14:09:10.0908 0x11a0  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
14:09:10.0955 0x11a0  WANARP - ok
14:09:10.0971 0x11a0  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
14:09:11.0017 0x11a0  Wanarpv6 - ok
14:09:11.0142 0x11a0  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
14:09:11.0251 0x11a0  WatAdminSvc - ok
14:09:11.0392 0x11a0  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
14:09:11.0595 0x11a0  wbengine - ok
14:09:11.0657 0x11a0  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
14:09:11.0735 0x11a0  WbioSrvc - ok
14:09:11.0797 0x11a0  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
14:09:11.0891 0x11a0  wcncsvc - ok
14:09:11.0922 0x11a0  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:09:11.0969 0x11a0  WcsPlugInService - ok
14:09:12.0000 0x11a0  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
14:09:12.0016 0x11a0  Wd - ok
14:09:12.0125 0x11a0  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
14:09:12.0203 0x11a0  Wdf01000 - ok
14:09:12.0281 0x11a0  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
14:09:12.0328 0x11a0  WdiServiceHost - ok
14:09:12.0343 0x11a0  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
14:09:12.0359 0x11a0  WdiSystemHost - ok
14:09:12.0437 0x11a0  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
14:09:12.0546 0x11a0  WebClient - ok
14:09:12.0609 0x11a0  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
14:09:12.0687 0x11a0  Wecsvc - ok
14:09:12.0702 0x11a0  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
14:09:12.0765 0x11a0  wercplsupport - ok
14:09:12.0796 0x11a0  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
14:09:12.0843 0x11a0  WerSvc - ok
14:09:12.0874 0x11a0  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
14:09:12.0921 0x11a0  WfpLwf - ok
14:09:12.0936 0x11a0  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
14:09:12.0952 0x11a0  WIMMount - ok
14:09:12.0983 0x11a0  WinDefend - ok
14:09:12.0999 0x11a0  WinHttpAutoProxySvc - ok
14:09:13.0092 0x11a0  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
14:09:13.0155 0x11a0  Winmgmt - ok
14:09:13.0311 0x11a0  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
14:09:13.0498 0x11a0  WinRM - ok
14:09:13.0592 0x11a0  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
14:09:13.0638 0x11a0  WinUsb - ok
14:09:13.0716 0x11a0  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
14:09:13.0857 0x11a0  Wlansvc - ok
14:09:14.0138 0x11a0  [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:09:14.0200 0x11a0  wlidsvc - ok
14:09:14.0294 0x11a0  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
14:09:14.0340 0x11a0  WmiAcpi - ok
14:09:14.0387 0x11a0  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
14:09:14.0403 0x11a0  wmiApSrv - ok
14:09:14.0481 0x11a0  WMPNetworkSvc - ok
14:09:14.0512 0x11a0  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
14:09:14.0574 0x11a0  WPCSvc - ok
14:09:14.0652 0x11a0  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
14:09:14.0684 0x11a0  WPDBusEnum - ok
14:09:14.0730 0x11a0  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
14:09:14.0808 0x11a0  ws2ifsl - ok
14:09:14.0840 0x11a0  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\system32\wscsvc.dll
14:09:14.0902 0x11a0  wscsvc - ok
14:09:14.0964 0x11a0  [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
14:09:15.0042 0x11a0  WSDPrintDevice - ok
14:09:15.0136 0x11a0  [ 4A2A5C50DD1A63577D3ACA94269FBC7F, F75C1906D431CF871AD954218DF32A0F206E45FF49332DEF9F13C0A36A407047 ] WSDScan         C:\Windows\system32\drivers\WSDScan.sys
14:09:15.0198 0x11a0  WSDScan - ok
14:09:15.0261 0x11a0  WSearch - ok
14:09:15.0464 0x11a0  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
14:09:15.0604 0x11a0  wuauserv - ok
14:09:15.0666 0x11a0  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
14:09:15.0760 0x11a0  WudfPf - ok
14:09:15.0822 0x11a0  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
14:09:15.0916 0x11a0  WUDFRd - ok
14:09:16.0010 0x11a0  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
14:09:16.0088 0x11a0  wudfsvc - ok
14:09:16.0166 0x11a0  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
14:09:16.0259 0x11a0  WwanSvc - ok
14:09:16.0290 0x11a0  ZTEusbmdm6k - ok
14:09:16.0290 0x11a0  ZTEusbnmea - ok
14:09:16.0322 0x11a0  ZTEusbser6k - ok
14:09:16.0431 0x11a0  [ 74983ADDCA2D9618512C088D856D6615, C4592EFC1206BD813221814FD529AD38ED26E4AE086613EB95D3D5E20448A1F0 ] {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl
14:09:16.0462 0x11a0  {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} - ok
14:09:16.0524 0x11a0  ================ Scan global ===============================
14:09:16.0540 0x11a0  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
14:09:16.0602 0x11a0  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
14:09:16.0634 0x11a0  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
14:09:16.0665 0x11a0  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
14:09:16.0696 0x11a0  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
14:09:16.0727 0x11a0  [ Global ] - ok
14:09:16.0727 0x11a0  ================ Scan MBR ==================================
14:09:16.0758 0x11a0  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
14:09:17.0211 0x11a0  \Device\Harddisk0\DR0 - ok
14:09:17.0211 0x11a0  ================ Scan VBR ==================================
14:09:17.0226 0x11a0  [ D19E75605B72E7E5422E5A81ECB30E4D ] \Device\Harddisk0\DR0\Partition1
14:09:17.0226 0x11a0  \Device\Harddisk0\DR0\Partition1 - ok
14:09:17.0226 0x11a0  [ 402A08552B5030E7EED1FDFA75B69F3F ] \Device\Harddisk0\DR0\Partition2
14:09:17.0226 0x11a0  \Device\Harddisk0\DR0\Partition2 - ok
14:09:17.0226 0x11a0  ================ Scan generic autorun ======================
14:09:17.0289 0x11a0  [ 5AF1E9600E3FF841E522703A4993ED0C, 5189530793747C40B0E3548DA40058989C88A69C593C3E54E6548CFB89B9CE10 ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
14:09:17.0320 0x11a0  IAAnotif - ok
14:09:17.0320 0x11a0  mwlDaemon - ok
14:09:17.0679 0x11a0  [ 901A91A3527F4F5212CF6B03C21DAD82, 246BF06652DEA48DCC486496587E08FCA3F45A0EDEFFAE13251514CE6C46ED4B ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
14:09:17.0882 0x11a0  RtHDVCpl - ok
14:09:17.0913 0x11a0  SynTPEnh - ok
14:09:17.0944 0x11a0  [ 0D3DFFA8BA3E63592FC2C652CF3B0E9C, B5237E04006436F5C1A156D46BC0FC8F5FFFF049A04A66170FDF934A971F512E ] C:\Windows\PLFSetI.exe
14:09:17.0944 0x11a0  PLFSetI - detected UnsignedFile.Multi.Generic ( 1 )
14:09:21.0064 0x11a0  Detect skipped due to KSN trusted
14:09:21.0064 0x11a0  PLFSetI - ok
14:09:21.0173 0x11a0  [ E64270B5DB7218E60AD62ED0C52E3A09, E9CC0CA9A19868C34EC782FA9F45617DB81C791393BED68EBF8E38BE2C27F8FA ] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
14:09:21.0204 0x11a0  Acer ePower Management - ok
14:09:21.0407 0x11a0  [ 5B72629C8144D1A96490D4C090D28DA1, 114891B9E7E05D2B86C8E3CD7B4096088491E338C3B1902F9352D40B47DD418C ] c:\Program Files\Microsoft IntelliPoint\ipoint.exe
14:09:21.0470 0x11a0  IntelliPoint - ok
14:09:21.0641 0x11a0  [ 705677A1FD2006CF00D066BF87DE96FF, C4768859290D3486E7BF7C2D1525C99DDF85CB97ECF7D13386E391E531F4A1DB ] C:\Program Files\tcnz\pcTrayApp.exe
14:09:21.0782 0x11a0  tcnz_McciTrayApp - detected UnsignedFile.Multi.Generic ( 1 )
14:09:27.0912 0x11a0  Detect skipped due to KSN trusted
14:09:27.0912 0x11a0  tcnz_McciTrayApp - ok
14:09:28.0053 0x11a0  [ 87A4BA086E5B5DF0F36E3F6D7234D701, EE26338497E016A95CB5970777B7B7AC8FAEF4E491713D729EDEFBCDC9FBF4A4 ] c:\Program Files\Microsoft Security Client\msseces.exe
14:09:28.0100 0x11a0  MSC - ok
14:09:28.0146 0x11a0  [ D0B542256A968DFCB8896C140FCE6047, 3F92A9871B521BCCCDFE6D9BFF88930B26C5DB86F6F6578554A3F2ECC5C5EBA0 ] C:\Program Files\iTunes\iTunesHelper.exe
14:09:28.0162 0x11a0  iTunesHelper - ok
14:09:28.0256 0x11a0  [ BCDFB6FAFD26A7FD8BF907E27F51B7A3, F136E13D2C94D3BAE9333C8F99D8A55719C7D1050702DDE491F0AA88C3E27375 ] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
14:09:28.0271 0x11a0  BackupManagerTray - ok
14:09:28.0380 0x11a0  [ 56D1890D74A8999F756E338210846AF1, 9A5F771B4665D3735B04DD5FBDCED18B1BE99CD97AD4F92B3835CC51E3F5E191 ] C:\Program Files (x86)\Launch Manager\LManager.exe
14:09:28.0427 0x11a0  LManager - ok
14:09:28.0474 0x11a0  [ D93B31DAEF7F116CE8192E266D557912, 60A42914D537CD6EA523F772D131C9EF9534E00628C4C9B8DDF9FBDD9ADD3319 ] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
14:09:28.0505 0x11a0  ArcadeDeluxeAgent - ok
14:09:28.0552 0x11a0  [ 7D9EDDB07E9EB30D399E630D94DFBCC7, 7D21E54DEA5B5A2B0FDE06E639427FFD071F9BE3C8BC62FC1AE4CD0173DDCC93 ] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
14:09:28.0568 0x11a0  PlayMovie - ok
14:09:28.0646 0x11a0  [ 0E34B7BB1FCF22BCC1E394D16F9E992B, 382CA8E6BAC301E2F277F8EDA03D263FF71272796A8EED582C36294EEE9191F9 ] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
14:09:28.0677 0x11a0  GrooveMonitor - ok
14:09:28.0786 0x11a0  [ 3FBBF6092C4EF5F50302707063E853EF, 70BF8FCDE0A793A66ACB65FA8C2B8C5872C3167DA95D6232A2520628F3768913 ] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
14:09:28.0817 0x11a0  AppleSyncNotifier - ok
14:09:28.0880 0x11a0  [ 9F60097061F79620C9C59FF37A61D852, 9B94C00CAA1F4DF95485F994576DA68B30635C628CFE3D6AE1811E6FEB1A56CA ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
14:09:28.0895 0x11a0  APSDaemon - ok
14:09:29.0020 0x11a0  [ 38D8776F8EC474667A939B2309F9C75F, C4FE2B6E26407D1945E15468EA87AA1196D7F30A9F8A33BBD8BABEB806F5428B ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
14:09:29.0098 0x11a0  StartCCC - ok
14:09:29.0098 0x11a0  AMD AVT - ok
14:09:29.0394 0x11a0  [ 938FA6F63B210FB8EF5A7B2FC1229431, 545DDA9C32DF14B50688F8192A345FE66D2DB3F8763ECBF85B38AC829E49E1D9 ] C:\Program Files\Alwil Software\Avast5\AvastUI.exe
14:09:29.0550 0x11a0  AvastUI.exe - ok
14:09:29.0597 0x11a0  [ 56193BCE4DFD8879AEDEB26B71A0A583, F4DA975054B885F8B74819D830BCBFE2EFF53D3461CB09775BEA1127DBEB86DB ] C:\Program Files (x86)\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe
14:09:29.0613 0x11a0  RegKillElbyCheck - detected UnsignedFile.Multi.Generic ( 1 )
14:09:32.0733 0x11a0  Detect skipped due to KSN trusted
14:09:32.0733 0x11a0  RegKillElbyCheck - ok
14:09:32.0764 0x11a0  [ D7A308808A2AB81B0FB21D31D27994FE, 564883317D3F3137C856FE6D7B298BB105EA9F143D0928EBE19353F41442345F ] C:\Program Files (x86)\Elaborate Bytes\DVD Region Killer\RegKillTray.exe
14:09:32.0811 0x11a0  RegKillTray - detected UnsignedFile.Multi.Generic ( 1 )
14:09:38.0942 0x11a0  Detect skipped due to KSN trusted
14:09:38.0942 0x11a0  RegKillTray - ok
14:09:39.0066 0x11a0  [ 34D296AFC913E302953C70463EF09A48, BC413307CBC56C039EE8A05B51A56E14EF59678FBB33815AEB320078056C8CE7 ] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
14:09:39.0098 0x11a0  HP Software Update - ok
14:09:39.0300 0x11a0  [ 9F1121525EA1FF13F78AABD9157F3AF9, A955D6EF3CFD26CE57C7A3F3B7D6E96A804A32A5C5CD9AC42B4EAE7C30C4D8A7 ] C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe
14:09:39.0363 0x11a0  Remote Control Editor - ok
14:09:39.0425 0x11a0  [ EC58C1A9A3281CE0C8FCC05BDBFECB37, 3738BBC112346B32F686F1CB4B4AAD89B06AA1F8FB2D333BC2D2F554212A0A59 ] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
14:09:39.0456 0x11a0  iCloudServices - ok
14:09:39.0456 0x11a0  Waiting for KSN requests completion. In queue: 179
14:09:40.0470 0x11a0  Waiting for KSN requests completion. In queue: 179
14:09:41.0484 0x11a0  Waiting for KSN requests completion. In queue: 179
14:09:42.0498 0x11a0  Waiting for KSN requests completion. In queue: 179
14:09:43.0512 0x11a0  Waiting for KSN requests completion. In queue: 176
14:09:44.0558 0x11a0  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.7.205.0 ), 0x61000 ( enabled : updated )
14:09:44.0604 0x11a0  AV detected via SS2: avast! Antivirus, C:\Program Files\Alwil Software\Avast5\VisthAux.exe ( 10.2.2214.845 ), 0x41000 ( enabled : updated )
14:09:44.0604 0x11a0  Win FW state via NFP2: enabled
14:09:47.0740 0x11a0  ============================================================
14:09:47.0740 0x11a0  Scan finished
14:09:47.0740 0x11a0  ============================================================
14:09:47.0740 0x05c4  Detected object count: 0
14:09:47.0740 0x05c4  Actual detected object count: 0
14:41:39.0211 0x0794  Deinitialize success

Viele Grüße

Kermit

schrauber · 26.03.2015, 17:07

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Kermit1973 · 27.03.2015, 01:04

Hallo Schrauber,

es folgt der Combo Fix Log...

Code:

ATTFilter

ComboFix 15-03-25.01 - Heiko 27.03.2015  12:10:35.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4091.2446 [GMT 13:00]
ausgeführt von:: c:\users\Heiko\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-02-26 bis 2015-03-26  ))))))))))))))))))))))))))))))
.
.
2015-03-26 23:23 . 2015-03-26 23:23	--------	d-----w-	c:\users\Public\AppData\Local\temp
2015-03-26 11:33 . 2015-03-26 11:33	75888	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{77449F94-0B5E-4AAA-94AE-547EDDD64B79}\offreg.dll
2015-03-25 23:58 . 2015-03-25 23:53	1187344	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{69B1A062-88AE-4CF2-87C4-0AB487109FC4}\gapaengine.dll
2015-03-25 23:53 . 2015-03-14 10:02	12002392	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{77449F94-0B5E-4AAA-94AE-547EDDD64B79}\mpengine.dll
2015-03-25 23:46 . 2015-03-26 01:03	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-03-24 09:01 . 2015-01-29 09:07	11910896	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-03-24 08:41 . 2015-03-24 08:43	--------	d-----w-	C:\FRST
2015-03-23 07:52 . 2015-03-23 07:52	778928	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-03-23 07:52 . 2015-03-23 07:52	142512	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-03-23 07:26 . 2015-03-23 07:27	--------	d-----w-	c:\users\Heiko\AppData\Local\Opera Software
2015-03-23 07:26 . 2015-03-23 07:27	--------	d-----w-	c:\users\Heiko\AppData\Roaming\Opera Software
2015-03-23 07:23 . 2015-03-23 07:27	--------	d-----w-	c:\program files (x86)\Opera
2015-03-20 21:43 . 2015-03-20 21:43	364472	----a-w-	c:\windows\system32\aswBoot.exe
2015-03-20 21:43 . 2015-03-20 21:43	43112	----a-w-	c:\windows\avastSS.scr
2015-03-17 02:46 . 2015-03-23 10:47	--------	d-----w-	C:\AdwCleaner
2015-03-16 20:48 . 2004-03-08 11:00	440352	----a-w-	c:\windows\SysWow64\MSHFLXGD.OCX
2015-03-16 20:35 . 2015-01-17 02:48	1067520	----a-w-	c:\windows\system32\msctf.dll
2015-03-16 20:35 . 2015-01-17 02:30	828928	----a-w-	c:\windows\SysWow64\msctf.dll
2015-03-16 20:33 . 2015-02-03 03:12	3209728	----a-w-	c:\windows\SysWow64\mf.dll
2015-03-16 20:32 . 2015-02-03 03:34	693176	----a-w-	c:\windows\system32\winload.efi
2015-03-16 20:31 . 2015-02-03 03:12	374784	----a-w-	c:\windows\SysWow64\AudioEng.dll
2015-03-16 20:30 . 2015-02-03 03:30	17920	----a-w-	c:\windows\system32\appidcertstorecheck.exe
2015-03-16 20:22 . 2015-03-06 05:42	341504	----a-w-	c:\windows\system32\schannel.dll
2015-03-16 20:21 . 2015-03-06 05:10	17408	----a-w-	c:\windows\SysWow64\credssp.dll
2015-03-16 20:21 . 2015-03-06 05:42	28160	----a-w-	c:\windows\system32\secur32.dll
2015-03-16 20:21 . 2015-03-06 05:10	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2015-03-16 20:21 . 2015-03-06 05:09	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2015-03-16 20:21 . 2015-03-06 05:36	686080	----a-w-	c:\windows\system32\adtschema.dll
2015-03-16 20:21 . 2015-03-06 05:06	686080	----a-w-	c:\windows\SysWow64\adtschema.dll
2015-03-16 20:21 . 2015-03-06 05:07	146432	----a-w-	c:\windows\SysWow64\msaudite.dll
2015-03-16 20:21 . 2015-03-06 05:38	146432	----a-w-	c:\windows\system32\msaudite.dll
2015-03-16 20:21 . 2015-03-06 05:39	60416	----a-w-	c:\windows\system32\msobjs.dll
2015-03-16 20:21 . 2015-03-06 05:07	60416	----a-w-	c:\windows\SysWow64\msobjs.dll
2015-03-16 20:17 . 2015-02-03 03:31	1424896	----a-w-	c:\windows\system32\WindowsCodecs.dll
2015-03-16 20:17 . 2015-02-03 03:12	1230848	----a-w-	c:\windows\SysWow64\WindowsCodecs.dll
2015-03-16 20:17 . 2015-02-20 03:29	372224	----a-w-	c:\windows\system32\atmfd.dll
2015-03-16 20:16 . 2015-02-20 03:09	299008	----a-w-	c:\windows\SysWow64\atmfd.dll
2015-03-16 20:16 . 2015-02-20 04:41	41984	----a-w-	c:\windows\system32\lpk.dll
2015-03-16 20:16 . 2015-02-20 04:40	46080	----a-w-	c:\windows\system32\atmlib.dll
2015-03-16 20:16 . 2015-02-20 04:13	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2015-03-16 20:16 . 2015-02-20 04:40	14336	----a-w-	c:\windows\system32\dciman32.dll
2015-03-16 20:16 . 2015-02-20 04:13	10240	----a-w-	c:\windows\SysWow64\dciman32.dll
2015-03-16 20:16 . 2015-02-20 04:40	100864	----a-w-	c:\windows\system32\fontsub.dll
2015-03-16 20:16 . 2015-02-20 04:13	70656	----a-w-	c:\windows\SysWow64\fontsub.dll
2015-03-16 20:16 . 2015-02-20 04:12	25600	----a-w-	c:\windows\SysWow64\lpk.dll
2015-03-16 20:16 . 2015-02-13 05:22	14177280	----a-w-	c:\windows\system32\shell32.dll
2015-03-16 20:13 . 2015-02-03 03:31	215552	----a-w-	c:\windows\system32\ubpm.dll
2015-03-16 20:13 . 2015-02-03 03:12	171520	----a-w-	c:\windows\SysWow64\ubpm.dll
2015-03-16 20:13 . 2015-01-31 03:48	3179520	----a-w-	c:\windows\system32\rdpcorets.dll
2015-03-16 20:13 . 2015-01-30 23:56	243200	----a-w-	c:\windows\system32\rdpudd.dll
2015-03-16 20:13 . 2015-01-31 03:48	16384	----a-w-	c:\windows\system32\RdpGroupPolicyExtension.dll
2015-03-16 20:12 . 2015-02-26 03:25	3204096	----a-w-	c:\windows\system32\win32k.sys
2015-03-16 19:52 . 2015-02-04 03:16	465920	----a-w-	c:\windows\system32\WMPhoto.dll
2015-03-16 19:52 . 2015-02-04 02:54	417792	----a-w-	c:\windows\SysWow64\WMPhoto.dll
2015-03-08 07:52 . 2015-03-08 07:52	--------	d-----w-	c:\program files (x86)\iTunes
2015-03-08 07:52 . 2015-03-08 07:52	--------	d-----w-	c:\program files\iPod
2015-03-08 07:52 . 2015-03-08 07:53	--------	d-----w-	c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-03-08 07:52 . 2015-03-08 07:53	--------	d-----w-	c:\program files\iTunes
2015-03-05 19:17 . 2015-03-05 19:17	--------	d-----w-	c:\program files (x86)\Common Files\Skype
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-25 23:46 . 2014-06-06 21:26	136408	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-25 23:43 . 2014-06-06 21:25	107736	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-03-20 21:43 . 2013-12-29 08:47	136752	----a-w-	c:\windows\system32\drivers\aswStm.sys
2015-03-20 21:43 . 2013-03-13 22:09	268640	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2015-03-20 21:43 . 2009-12-29 20:01	441728	----a-w-	c:\windows\system32\drivers\aswSP.sys
2015-03-20 21:43 . 2014-04-27 03:11	29168	----a-w-	c:\windows\system32\drivers\aswHwid.sys
2015-03-20 21:43 . 2013-03-13 22:09	65736	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2015-03-20 21:43 . 2009-12-29 20:01	88408	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2015-03-20 21:43 . 2012-02-25 08:27	93528	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2015-03-20 21:42 . 2011-03-13 18:00	1047320	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2015-03-16 21:11 . 2009-12-29 12:59	122905848	----a-w-	c:\windows\system32\MRT.exe
2015-03-03 13:17 . 2009-12-29 12:58	295552	------w-	c:\windows\system32\MpSigStub.exe
2015-02-17 02:29 . 2015-02-17 02:29	1247912	----a-w-	c:\windows\SysWow64\FM20.DLL
2015-01-24 07:05 . 2014-11-18 23:42	98216	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-01-09 03:14 . 2015-02-11 21:52	91136	----a-w-	c:\windows\system32\wdi.dll
2015-01-09 03:14 . 2015-02-11 21:52	950272	----a-w-	c:\windows\system32\perftrack.dll
2015-01-09 03:14 . 2015-02-11 21:52	29696	----a-w-	c:\windows\system32\powertracker.dll
2015-01-09 02:48 . 2015-02-11 21:52	76800	----a-w-	c:\windows\SysWow64\wdi.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\Heiko\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\Heiko\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\Heiko\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Remote Control Editor"="c:\program files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe" [2011-11-09 1844296]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2014-10-17 43816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-05-24 265984]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1094736]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-10-06 419112]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-10-05 181480]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-02-12 60712]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 641664]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2015-03-20 5511352]
"RegKillElbyCheck"="c:\program files (x86)\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe" [2002-11-02 45056]
"RegKillTray"="c:\program files (x86)\Elaborate Bytes\DVD Region Killer\RegKillTray.exe" [2002-11-27 49152]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-10-02 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-12-17 508800]
.
c:\users\Heiko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet 6700\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN39QCRG4M05RQ;CONNECTION=NW;MONITOR=1; [2009-7-14 45568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Filecloud.lnk - c:\program files (x86)\Filecloud\bin\agent_gui.exe --config "c:\program files (x86)\Filecloud\conf\config.ini" [2014-6-26 7598264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HsspConfig;HSSP Configuration Module;c:\windows\system32\CfgSrvc.exe;c:\windows\SYSNATIVE\CfgSrvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys;c:\windows\SYSNATIVE\drivers\Apowersoft_AudioDevice.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbfake.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 MODRC;Cinergy DT USB XS Diversity IR Service;c:\windows\system32\DRIVERS\modrc.sys;c:\windows\SYSNATIVE\DRIVERS\modrc.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RegKill;RegKill;c:\windows\system32\Drivers\RegKill.sys;c:\windows\SYSNATIVE\Drivers\RegKill.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys;c:\windows\SYSNATIVE\DRIVERS\Rts516xIR.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};Power Control [2009/11/14 09:27];c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl;c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe;c:\program files (x86)\Acer\Registration\GregHSRW.exe [x]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [x]
S2 pcCMService64;pcCMService64;c:\program files\Common Files\Motive\pcCMService.exe;c:\program files\Common Files\Motive\pcCMService.exe [x]
S2 pcServiceHost;pcServiceHost;c:\program files\Common Files\Motive\pcServiceHost.exe;c:\program files\Common Files\Motive\pcServiceHost.exe [x]
S2 SyncedTool;Filecloud Service;c:\program files (x86)\Filecloud\bin\agent_service.exe ;c:\program files (x86)\Filecloud\bin\agent_service.exe  [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-03-21 21:07	1061704	----a-w-	c:\program files (x86)\Google\Chrome\Application\41.0.2272.101\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-07 21:22]
.
2015-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-07 21:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-01-21 02:03	2334928	----a-w-	c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-01-21 02:03	2334928	----a-w-	c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-01-21 02:03	2334928	----a-w-	c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-03-20 21:43	722400	----a-w-	c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AnchorOverlayAttention]
@="{40D1DAA7-9CB5-4DB7-8610-A814EDB003A5}"
[HKEY_CLASSES_ROOT\CLSID\{40D1DAA7-9CB5-4DB7-8610-A814EDB003A5}]
2015-02-26 18:44	4184248	----a-w-	c:\program files (x86)\Filecloud\bin\x64\anchoroverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AnchorOverlayLockedSynced]
@="{5B05543A-73D8-4D80-97F9-13F471224DD8}"
[HKEY_CLASSES_ROOT\CLSID\{5B05543A-73D8-4D80-97F9-13F471224DD8}]
2015-02-26 18:44	4184248	----a-w-	c:\program files (x86)\Filecloud\bin\x64\anchoroverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AnchorOverlayLockedSyncing]
@="{1C514AC9-A6B4-4692-A18E-9A2EE0B4E277}"
[HKEY_CLASSES_ROOT\CLSID\{1C514AC9-A6B4-4692-A18E-9A2EE0B4E277}]
2015-02-26 18:44	4184248	----a-w-	c:\program files (x86)\Filecloud\bin\x64\anchoroverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AnchorOverlaySynced]
@="{56E89524-684C-4352-B350-F97A7377DD64}"
[HKEY_CLASSES_ROOT\CLSID\{56E89524-684C-4352-B350-F97A7377DD64}]
2015-02-26 18:44	4184248	----a-w-	c:\program files (x86)\Filecloud\bin\x64\anchoroverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AnchorOverlaySyncing]
@="{C6B3FD8D-C629-4A7F-AF73-9ABB59AF029D}"
[HKEY_CLASSES_ROOT\CLSID\{C6B3FD8D-C629-4A7F-AF73-9ABB59AF029D}]
2015-02-26 18:44	4184248	----a-w-	c:\program files (x86)\Filecloud\bin\x64\anchoroverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\Heiko\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\Heiko\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\Heiko\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\Heiko\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-06 8060960]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-11-14 200704]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"tcnz_McciTrayApp"="c:\program files\tcnz\pcTrayApp.exe" [2013-07-25 2782720]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-01-29 1332296]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-02-12 169768]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.spiegel.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: agentware.net
Trusted Zone: rundumsorglos.net\mail
Trusted Zone: sabre.com
TCP: DhcpNameServer = 192.168.1.254 0.0.0.0
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
DPF: {2D36AF92-04D3-11D8-B719-0000865F231B} - hxxps://my.sabre.com/jars/TMinReqX.dll
FF - ProfilePath - c:\users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\532md588.default-1422251137045\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
ShellIconOverlayIdentifiers-{23939489-8B41-45ec-90F3-BD36A9644006} - (no file)
ShellIconOverlayIdentifiers-{23939488-8B41-45ec-90F3-BD36A9644006} - (no file)
HKLM-Run-mwlDaemon - c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Open Systems Client - c:\windows\ISUN0407.EXE
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3175191187-1249783048-3626377888-1000\Software\SecuROM\License information*]
"datasecu"=hex:c4,50,f1,5a,26,4a,68,6f,ea,47,94,2e,b0,09,0d,c3,65,b7,b2,40,e3,
   5c,e5,c6,ee,90,31,06,4d,74,b9,63,8d,4a,ad,4d,7e,a4,3a,09,4a,ba,b3,77,35,6d,\
"rkeysecu"=hex:15,6c,01,a7,f3,08,cc,a5,1f,4f,d9,17,3b,e9,80,0a
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-03-27  12:28:31
ComboFix-quarantined-files.txt  2015-03-26 23:28
.
Vor Suchlauf: 22 Verzeichnis(se), 34.074.013.696 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 33.853.222.912 Bytes frei
.
- - End Of File - - EA4A18DBE3CB481B34A9BFA15D6808C0
5C616939100B85E558DA92B899A0FC36

Viele Gruesse

Kermit

schrauber · 27.03.2015, 19:26

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Kermit1973 · 28.03.2015, 20:33

Hallo Schrauber,

anbei die gewünschten Logs...

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 28.03.2015
Suchlauf-Zeit: 11:11:54
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.4.1018
Malware Datenbank: v2015.03.27.10
Rootkit Datenbank: v2015.03.26.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Heiko

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 530861
Verstrichene Zeit: 35 Min, 3 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)

Adwcleaner

Code:

ATTFilter

# AdwCleaner v4.113 - Bericht erstellt 28/03/2015 um 13:47:06
# Aktualisiert 22/03/2015 von Xplode
# Datenbank : 2015-03-27.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Heiko - HEIKO-NOTEBOOK
# Gestarted von : C:\Users\Heiko\Desktop\adwcleaner_4.113.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17689


-\\ Mozilla Firefox v36.0.4 (x86 de)


-\\ Google Chrome v41.0.2272.101


*************************

AdwCleaner[R0].txt - [1225 Bytes] - [17/03/2015 15:46:36]
AdwCleaner[R1].txt - [1850 Bytes] - [23/03/2015 23:40:20]
AdwCleaner[R2].txt - [1070 Bytes] - [28/03/2015 11:50:32]
AdwCleaner[R3].txt - [1130 Bytes] - [28/03/2015 13:17:21]
AdwCleaner[S0].txt - [1457 Bytes] - [17/03/2015 18:55:31]
AdwCleaner[S1].txt - [1731 Bytes] - [23/03/2015 23:47:21]
AdwCleaner[S2].txt - [1053 Bytes] - [28/03/2015 13:47:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1112  Bytes] ##########

JRT

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.6 (03.22.2015:1)
OS: Windows 7 Home Premium x64
Ran by Heiko on 28.03.2015 at 13:58:35,64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\Windows\wininit.ini"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\flexnet"
Successfully deleted: [Folder] "C:\Users\Heiko\AppData\Roaming\flexnet"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28.03.2015 at 14:05:00,97
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

und FRST

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Heiko (administrator) on HEIKO-NOTEBOOK on 29-03-2015 08:28:37
Running from C:\Users\Heiko\Desktop
Loaded Profiles: Heiko (Available profiles: Heiko & Gast)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avast Software s.r.o.) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcServiceHost.exe
(eFolder) C:\Program Files (x86)\Filecloud\bin\agent_service.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Windows\PLFSetI.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Alcatel-Lucent) C:\Program Files\tcnz\pcTrayApp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Elgato Systems) C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(eFolder) C:\Program Files (x86)\Filecloud\bin\agent_gui.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(Acer Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicatorCom.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Avast Software s.r.o.) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avast Software s.r.o.) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8060960 2009-08-06] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-18] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2009-11-14] ()
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [823840 2009-10-01] (Acer Incorporated)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-02] (Microsoft Corporation)
HKLM\...\Run: [tcnz_McciTrayApp] => C:\Program Files\tcnz\pcTrayApp.exe [2782720 2013-07-26] (Alcatel-Lucent)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-05-24] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1094736 2009-11-02] (Dritek System Inc.)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] => C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [419112 2009-10-07] (CyberLink Corp.)
HKLM-x32\...\Run: [PlayMovie] => C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [181480 2009-10-06] (Acer Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-27] (Microsoft Corporation)
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-28] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641664 2012-04-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [10752 2012-02-21] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5511352 2015-03-21] (Avast Software s.r.o.)
HKLM-x32\...\Run: [RegKillElbyCheck] => C:\Program Files (x86)\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe [45056 2002-11-02] (Elaborate Bytes AG)
HKLM-x32\...\Run: [RegKillTray] => C:\Program Files (x86)\Elaborate Bytes\DVD Region Killer\RegKillTray.exe [49152 2002-11-28] (Elaborate Bytes)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKU\S-1-5-21-3175191187-1249783048-3626377888-1000\...\Run: [Remote Control Editor] => C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe [1844296 2011-11-10] (Elgato Systems)
HKU\S-1-5-21-3175191187-1249783048-3626377888-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-3175191187-1249783048-3626377888-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> c:\windows\system32\ACER.SCR [438272 2009-07-08] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Filecloud.lnk
ShortcutTarget: Filecloud.lnk -> C:\Program Files (x86)\Filecloud\bin\agent_gui.exe (eFolder)
Startup: C:\Users\Heiko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet 6700\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [00-Zukmo-SyncFileModified] -> {23939489-8B41-45ec-90F3-BD36A9644006} =>  No File
ShellIconOverlayIdentifiers: [00-Zukmo-SyncFileSuccess] -> {23939488-8B41-45ec-90F3-BD36A9644006} =>  No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShA64.dll (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [AnchorOverlayAttention] -> {40D1DAA7-9CB5-4DB7-8610-A814EDB003A5} => C:\Program Files (x86)\Filecloud\bin\x64\anchoroverlay.dll (eFolder)
ShellIconOverlayIdentifiers: [AnchorOverlayLockedSynced] -> {5B05543A-73D8-4D80-97F9-13F471224DD8} => C:\Program Files (x86)\Filecloud\bin\x64\anchoroverlay.dll (eFolder)
ShellIconOverlayIdentifiers: [AnchorOverlayLockedSyncing] -> {1C514AC9-A6B4-4692-A18E-9A2EE0B4E277} => C:\Program Files (x86)\Filecloud\bin\x64\anchoroverlay.dll (eFolder)
ShellIconOverlayIdentifiers: [AnchorOverlaySynced] -> {56E89524-684C-4352-B350-F97A7377DD64} => C:\Program Files (x86)\Filecloud\bin\x64\anchoroverlay.dll (eFolder)
ShellIconOverlayIdentifiers: [AnchorOverlaySyncing] -> {C6B3FD8D-C629-4A7F-AF73-9ABB59AF029D} => C:\Program Files (x86)\Filecloud\bin\x64\anchoroverlay.dll (eFolder)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Heiko\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Heiko\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Heiko\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Heiko\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3175191187-1249783048-3626377888-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3175191187-1249783048-3626377888-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3175191187-1249783048-3626377888-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.spiegel.de/
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3175191187-1249783048-3626377888-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll [2015-03-21] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-27] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-24] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2015-03-21] (Avast Software s.r.o.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-24] (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll [2011-06-25] (TerraTec Electronic GmbH)
DPF: HKLM-x32 {2D36AF92-04D3-11D8-B719-0000865F231B} https://my.sabre.com/jars/TMinReqX.dll
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-04-09] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 0.0.0.0

FireFox:
========
FF ProfilePath: C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\532md588.default-1422251137045
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-23] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-23] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2013-07-26] (Alcatel-Lucent)
FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll [2013-07-26] (Alcatel-Lucent)
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer -> C:\Windows\system32\TVUAx\npTVUAx.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-11] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-11] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npDivxPlayerPlugin.dll [2009-11-14] (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-27] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-10-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-10-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-10-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-10-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-10-26] (Apple Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-03-22]
FF Extension: Motive Extension - C:\Program Files (x86)\Mozilla Firefox\extensions\mcciwbch@motive.com.xpi [2015-03-22]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-03-14]

Chrome: 
=======
CHR Profile: C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-08]
CHR Extension: (Google Drive) - C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-08]
CHR Extension: (YouTube) - C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-08]
CHR Extension: (Google Search) - C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-08]
CHR Extension: (Motive Extension) - C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec [2014-03-12]
CHR Extension: (Avast Online Security) - C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-10]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-17]
CHR Extension: (Google Wallet) - C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-08]
CHR Extension: (Gmail) - C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-08]
CHR HKLM-x32\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx [2014-03-12]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2015-03-18]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [343336 2015-03-21] (Avast Software s.r.o.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-14] (Microsoft Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
S3 OpenVPNService; C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe [37176 2014-04-15] (The OpenVPN Project)
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460288 2013-07-26] (Alcatel-Lucent) [File not signed]
R2 pcServiceHost; C:\Program Files\Common Files\Motive\pcServiceHost.exe [342528 2013-07-26] (Alcatel-Lucent) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SyncedTool; C:\Program Files (x86)\Filecloud\bin\agent_service.exe [8190648 2015-02-27] (eFolder)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 HsspConfig; C:\Windows\system32\CfgSrvc.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31968 2012-10-08] (Wondershare)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-03-21] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-03-21] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-03-21] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-03-21] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-03-21] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [441728 2015-03-21] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-03-21] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [268640 2015-03-21] ()
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310984 2010-12-30] ()
S2 ElbyCDIO; C:\Windows\SysWOW64\Drivers\ElbyCDIO.sys [16320 2002-11-30] (Elaborate Bytes AG) [File not signed]
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [132608 2009-06-30] (Huawei Technologies Co., Ltd.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [42696 2010-12-30] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [631360 2009-11-17] (DiBcom SA)
S3 MODRC; C:\Windows\System32\DRIVERS\modrc.sys [23744 2009-11-17] (DiBcom S.A.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2013-07-26] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2013-07-26] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2013-07-26] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2013-07-26] (Printing Communications Assoc., Inc. (PCAUSA))
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S3 RegKill; C:\Windows\SysWOW64\Drivers\RegKill.sys [6400 2002-11-28] (Elaborate Bytes) [File not signed]
S3 StarOpen; No ImagePath
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl [146928 2009-10-06] (CyberLink Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 upperdev; system32\DRIVERS\usbser_lowerfltx64.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-28 14:05 - 2015-03-28 14:05 - 00000814 _____ () C:\Users\Heiko\Desktop\JRT.txt
2015-03-28 13:56 - 2015-03-28 13:57 - 01388782 _____ (Thisisu) C:\Users\Heiko\Desktop\JRT.exe
2015-03-28 13:54 - 2015-03-28 13:54 - 00001192 _____ () C:\Users\Heiko\Desktop\AdwCleaner[S2].txt
2015-03-28 11:49 - 2015-03-28 11:49 - 00001207 _____ () C:\Users\Heiko\Desktop\mbam.txt
2015-03-28 11:07 - 2015-03-28 11:09 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Heiko\Desktop\mbam-setup-2.1.4.1018.exe
2015-03-27 12:39 - 2015-03-27 12:39 - 00028301 _____ () C:\Users\Heiko\Desktop\combofix.txt
2015-03-27 12:28 - 2015-03-27 12:28 - 00028301 _____ () C:\ComboFix.txt
2015-03-27 12:06 - 2015-03-27 12:28 - 00000000 ____D () C:\Qoobox
2015-03-27 12:06 - 2011-06-26 19:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-27 12:06 - 2010-11-08 06:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-27 12:06 - 2009-04-20 17:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-27 12:06 - 2000-08-31 13:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-27 12:06 - 2000-08-31 13:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-27 12:06 - 2000-08-31 13:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-27 12:06 - 2000-08-31 13:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-27 12:06 - 2000-08-31 13:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-27 11:58 - 2015-03-27 11:58 - 00276216 _____ () C:\Windows\Minidump\032715-36629-01.dmp
2015-03-27 11:55 - 2015-03-27 11:56 - 05615749 ____R (Swearware) C:\Users\Heiko\Desktop\ComboFix.exe
2015-03-26 14:05 - 2015-03-26 14:05 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Heiko\Desktop\tdsskiller.exe
2015-03-26 12:46 - 2015-03-26 14:03 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-26 12:43 - 2015-03-26 14:03 - 00000000 ____D () C:\Users\Heiko\Desktop\mbar
2015-03-26 12:40 - 2015-03-26 12:42 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Heiko\Desktop\mbar-1.09.1.1004.exe
2015-03-24 21:59 - 2015-03-24 22:01 - 00003356 _____ () C:\Users\Heiko\Desktop\Anti malwarebyte1.txt
2015-03-24 21:58 - 2015-03-24 21:57 - 00194854 _____ () C:\Users\Heiko\Desktop\gmer.txt
2015-03-24 21:57 - 2015-03-24 21:57 - 00194854 _____ () C:\Users\Heiko\Documents\gmer.txt
2015-03-24 21:42 - 2015-03-24 21:43 - 00044339 _____ () C:\Users\Heiko\Desktop\Addition.txt
2015-03-24 21:41 - 2015-03-29 08:28 - 00027495 _____ () C:\Users\Heiko\Desktop\FRST.txt
2015-03-24 21:41 - 2015-03-29 08:28 - 00000000 ____D () C:\FRST
2015-03-24 21:40 - 2015-03-24 21:40 - 00000472 _____ () C:\Users\Heiko\Desktop\defogger_disable.log
2015-03-24 21:40 - 2015-03-24 21:40 - 00000000 _____ () C:\Users\Heiko\defogger_reenable
2015-03-24 21:38 - 2015-03-24 21:39 - 00380416 _____ () C:\Users\Heiko\Desktop\Gmer-19357.exe
2015-03-24 21:38 - 2015-03-24 21:38 - 02095616 _____ (Farbar) C:\Users\Heiko\Desktop\FRST64.exe
2015-03-24 21:38 - 2015-03-24 21:38 - 01135104 _____ (Farbar) C:\Users\Heiko\Desktop\FRST.exe
2015-03-24 21:37 - 2015-03-24 21:37 - 00050477 _____ () C:\Users\Heiko\Desktop\Defogger.exe
2015-03-24 09:18 - 2015-03-24 09:20 - 00014191 _____ () C:\Users\Heiko\AppData\Local\MyWinLockerInstaller.txt-20150324.log
2015-03-24 00:02 - 2015-03-24 00:02 - 00276016 _____ () C:\Windows\Minidump\032415-22682-01.dmp
2015-03-23 20:56 - 2015-03-28 11:49 - 02168320 _____ () C:\Users\Heiko\Desktop\adwcleaner_4.113.exe
2015-03-23 20:52 - 2015-03-23 20:52 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-23 20:52 - 2015-03-23 20:52 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-23 20:26 - 2015-03-23 20:27 - 00000000 ____D () C:\Users\Heiko\AppData\Roaming\Opera Software
2015-03-23 20:26 - 2015-03-23 20:27 - 00000000 ____D () C:\Users\Heiko\AppData\Local\Opera Software
2015-03-23 20:23 - 2015-03-23 20:27 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-03-22 10:41 - 2015-03-22 10:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-21 10:43 - 2015-03-21 10:43 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-03-21 10:43 - 2015-03-21 10:43 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-03-21 10:33 - 2015-03-21 10:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-03-17 15:46 - 2015-03-28 13:47 - 00000000 ____D () C:\AdwCleaner
2015-03-17 09:48 - 2004-03-09 00:00 - 00440352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSHFLXGD.OCX
2015-03-17 09:35 - 2015-01-17 15:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-17 09:35 - 2015-01-17 15:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-17 09:34 - 2015-02-24 16:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-17 09:34 - 2015-02-24 15:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-17 09:34 - 2015-02-21 14:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-17 09:34 - 2015-02-21 13:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-17 09:34 - 2015-02-21 13:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-17 09:34 - 2015-02-21 13:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-17 09:34 - 2015-02-21 13:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-17 09:34 - 2015-02-21 12:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-17 09:34 - 2015-02-21 12:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-17 09:34 - 2015-02-20 16:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-17 09:34 - 2015-02-20 16:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-17 09:34 - 2015-02-20 15:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-17 09:34 - 2015-02-20 15:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-17 09:34 - 2015-02-20 15:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-17 09:34 - 2015-02-20 15:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-17 09:34 - 2015-02-20 15:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-17 09:34 - 2015-02-20 15:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-17 09:34 - 2015-02-20 15:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-17 09:34 - 2015-02-20 15:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-17 09:34 - 2015-02-20 15:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-17 09:34 - 2015-02-20 15:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-17 09:34 - 2015-02-20 15:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-17 09:34 - 2015-02-20 15:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-17 09:34 - 2015-02-20 15:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-17 09:34 - 2015-02-20 15:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-17 09:34 - 2015-02-20 15:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-17 09:34 - 2015-02-20 15:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-17 09:34 - 2015-02-20 15:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-17 09:34 - 2015-02-20 15:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-17 09:34 - 2015-02-20 15:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-17 09:34 - 2015-02-20 15:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-17 09:34 - 2015-02-20 15:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-17 09:34 - 2015-02-20 15:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-17 09:34 - 2015-02-20 15:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-17 09:34 - 2015-02-20 15:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-17 09:34 - 2015-02-20 15:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-17 09:34 - 2015-02-20 14:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-17 09:34 - 2015-02-20 14:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-17 09:34 - 2015-02-20 14:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-17 09:34 - 2015-02-20 14:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-17 09:34 - 2015-02-20 14:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-17 09:34 - 2015-02-20 14:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-17 09:34 - 2015-02-20 14:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-17 09:34 - 2015-02-20 14:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-17 09:34 - 2015-02-20 14:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-17 09:34 - 2015-02-20 14:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-17 09:34 - 2015-02-20 14:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-17 09:34 - 2015-02-20 14:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-17 09:34 - 2015-02-20 14:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-17 09:34 - 2015-02-20 14:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-17 09:34 - 2015-02-20 14:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-17 09:34 - 2015-02-20 14:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-17 09:34 - 2015-02-20 14:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-17 09:34 - 2015-02-20 14:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-17 09:34 - 2015-02-20 13:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-17 09:34 - 2015-02-20 13:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-17 09:33 - 2015-02-03 16:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-17 09:33 - 2015-02-03 16:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-17 09:33 - 2015-02-03 16:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-17 09:33 - 2015-02-03 16:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-17 09:33 - 2015-02-03 16:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-17 09:33 - 2015-02-03 16:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-17 09:33 - 2015-02-03 16:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-17 09:33 - 2015-02-03 16:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-17 09:33 - 2015-02-03 16:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-17 09:33 - 2015-02-03 16:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-17 09:33 - 2015-02-03 16:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-17 09:33 - 2015-02-03 16:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-17 09:33 - 2015-02-03 16:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-17 09:33 - 2015-02-03 16:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-17 09:32 - 2015-02-03 16:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-17 09:32 - 2015-02-03 16:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-17 09:32 - 2015-02-03 16:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-17 09:32 - 2015-02-03 16:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-17 09:32 - 2015-02-03 16:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-17 09:32 - 2015-02-03 16:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-17 09:32 - 2015-02-03 16:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-17 09:32 - 2015-02-03 16:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-17 09:32 - 2015-02-03 16:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-17 09:32 - 2015-02-03 16:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-17 09:32 - 2015-02-03 16:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-17 09:32 - 2015-02-03 16:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-17 09:32 - 2015-02-03 16:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-17 09:32 - 2015-02-03 16:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-17 09:32 - 2015-02-03 16:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-17 09:32 - 2015-02-03 16:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-17 09:32 - 2015-02-03 16:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-17 09:32 - 2015-02-03 16:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-17 09:32 - 2015-02-03 16:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-17 09:32 - 2015-02-03 16:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-17 09:32 - 2015-02-03 16:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-17 09:32 - 2015-02-03 16:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-17 09:32 - 2015-02-03 16:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-17 09:32 - 2015-02-03 16:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-17 09:32 - 2015-02-03 16:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-17 09:32 - 2015-02-03 16:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-17 09:32 - 2015-02-03 16:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-17 09:32 - 2015-02-03 16:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-17 09:32 - 2015-02-03 16:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-17 09:32 - 2015-02-03 16:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-17 09:32 - 2015-02-03 16:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-17 09:32 - 2015-02-03 16:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-17 09:32 - 2015-02-03 16:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-17 09:32 - 2015-02-03 16:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-17 09:32 - 2015-02-03 16:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-17 09:32 - 2014-11-01 11:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-17 09:31 - 2015-02-03 16:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-17 09:31 - 2015-02-03 16:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-17 09:31 - 2015-02-03 16:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-17 09:31 - 2015-02-03 16:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-17 09:31 - 2015-02-03 16:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-17 09:31 - 2015-02-03 16:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-17 09:31 - 2015-02-03 16:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-17 09:31 - 2015-02-03 16:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-17 09:31 - 2015-02-03 16:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-17 09:31 - 2015-02-03 16:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-17 09:31 - 2015-02-03 16:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-17 09:31 - 2015-02-03 16:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-17 09:31 - 2015-02-03 16:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-17 09:31 - 2015-02-03 16:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-17 09:31 - 2015-02-03 16:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-17 09:31 - 2015-02-03 16:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-17 09:31 - 2015-02-03 16:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-17 09:31 - 2015-02-03 16:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-17 09:31 - 2015-02-03 16:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-17 09:31 - 2015-02-03 16:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-17 09:31 - 2015-02-03 16:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-17 09:31 - 2015-02-03 16:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-17 09:31 - 2015-02-03 16:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-17 09:31 - 2015-02-03 16:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-17 09:31 - 2015-02-03 16:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-17 09:30 - 2015-02-03 16:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-17 09:30 - 2015-02-03 16:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-17 09:30 - 2015-02-03 16:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-17 09:30 - 2015-02-03 16:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-17 09:30 - 2015-02-03 16:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-17 09:30 - 2015-02-03 16:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-17 09:30 - 2015-02-03 16:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-17 09:30 - 2015-02-03 16:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-17 09:30 - 2015-02-03 16:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-17 09:30 - 2015-02-03 16:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-17 09:30 - 2015-02-03 16:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-17 09:30 - 2015-02-03 16:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-17 09:30 - 2015-02-03 16:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-17 09:30 - 2015-02-03 16:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-17 09:30 - 2015-02-03 15:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-17 09:22 - 2015-03-06 18:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-17 09:22 - 2015-03-06 18:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-17 09:22 - 2015-03-06 18:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-17 09:22 - 2015-03-06 18:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-17 09:22 - 2015-03-06 18:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-17 09:22 - 2015-03-06 18:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-17 09:22 - 2015-03-06 18:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-17 09:22 - 2015-03-06 18:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-17 09:22 - 2015-03-06 18:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-17 09:22 - 2015-03-06 18:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-17 09:22 - 2015-03-06 18:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-17 09:22 - 2015-03-06 18:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-17 09:22 - 2015-03-06 18:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-17 09:22 - 2015-03-06 18:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-17 09:22 - 2015-03-06 18:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-17 09:22 - 2015-03-06 18:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-17 09:22 - 2015-03-06 18:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-17 09:22 - 2015-03-06 18:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-17 09:22 - 2015-03-06 18:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-17 09:22 - 2015-03-06 18:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-17 09:22 - 2015-03-06 18:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-17 09:22 - 2015-01-31 12:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-17 09:21 - 2015-03-06 18:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-17 09:21 - 2015-03-06 18:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-17 09:21 - 2015-03-06 18:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-17 09:21 - 2015-03-06 18:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-17 09:21 - 2015-03-06 18:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-17 09:21 - 2015-03-06 18:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-17 09:21 - 2015-03-06 18:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-17 09:21 - 2015-03-06 18:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-17 09:21 - 2015-03-06 18:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-17 09:21 - 2015-03-06 18:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-17 09:17 - 2015-02-20 16:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-17 09:17 - 2015-02-03 16:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-17 09:17 - 2015-02-03 16:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-17 09:16 - 2015-02-20 17:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-17 09:16 - 2015-02-20 17:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-17 09:16 - 2015-02-20 17:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-17 09:16 - 2015-02-20 17:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-17 09:16 - 2015-02-20 17:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-17 09:16 - 2015-02-20 17:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-17 09:16 - 2015-02-20 17:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-17 09:16 - 2015-02-20 17:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-17 09:16 - 2015-02-20 16:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-17 09:16 - 2015-02-13 18:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-17 09:16 - 2015-02-13 18:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-17 09:13 - 2015-02-03 16:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-17 09:13 - 2015-02-03 16:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-17 09:13 - 2015-01-31 16:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-17 09:13 - 2015-01-31 16:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-17 09:13 - 2015-01-31 12:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-17 09:12 - 2015-02-26 16:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-17 08:52 - 2015-02-04 16:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-17 08:52 - 2015-02-04 15:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-13 09:54 - 2015-03-13 09:54 - 00010484 _____ () C:\Users\Heiko\AppData\Local\recently-used.xbel
2015-03-08 20:53 - 2015-03-08 20:53 - 00001717 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-03-08 20:53 - 2015-03-08 20:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-03-08 20:52 - 2015-03-08 20:53 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-03-08 20:52 - 2015-03-08 20:53 - 00000000 ____D () C:\Program Files\iTunes
2015-03-08 20:52 - 2015-03-08 20:52 - 00000000 ____D () C:\Program Files\iPod
2015-03-08 20:52 - 2015-03-08 20:52 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-03-06 08:17 - 2015-03-06 08:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-29 08:07 - 2014-01-08 10:22 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-29 07:58 - 2014-01-08 10:22 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-29 07:45 - 2009-07-14 17:45 - 00017600 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-29 07:45 - 2009-07-14 17:45 - 00017600 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-29 07:43 - 2009-11-14 21:24 - 01502971 _____ () C:\Windows\WindowsUpdate.log
2015-03-29 07:37 - 2011-02-25 21:54 - 00126287 _____ () C:\Windows\setupact.log
2015-03-29 07:37 - 2009-07-14 18:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-28 14:11 - 2009-11-15 06:13 - 00703476 _____ () C:\Windows\system32\perfh007.dat
2015-03-28 14:11 - 2009-11-15 06:13 - 00151084 _____ () C:\Windows\system32\perfc007.dat
2015-03-28 14:11 - 2009-07-14 18:13 - 01630508 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-28 11:11 - 2014-06-07 10:26 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-28 11:10 - 2014-11-08 09:15 - 00001110 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-28 11:10 - 2014-06-07 10:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-03-28 11:10 - 2014-06-07 10:25 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-03-28 11:06 - 2015-02-12 18:24 - 00000050 _____ () C:\Windows\astplus.ini
2015-03-27 13:04 - 2014-02-06 09:40 - 00004184 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-03-27 12:40 - 2011-02-25 21:54 - 00258046 _____ () C:\Windows\PFRO.log
2015-03-27 12:23 - 2009-07-14 15:34 - 00000292 _____ () C:\Windows\system.ini
2015-03-27 11:58 - 2015-01-29 18:08 - 645570586 _____ () C:\Windows\MEMORY.DMP
2015-03-27 11:58 - 2011-11-29 23:20 - 00000000 ____D () C:\Windows\Minidump
2015-03-27 11:57 - 2014-02-03 23:04 - 00000000 ____D () C:\Windows\erdnt
2015-03-26 12:32 - 2009-10-29 06:36 - 00000000 ____D () C:\Windows\oem
2015-03-24 21:40 - 2009-12-30 01:44 - 00000000 ____D () C:\Users\Heiko
2015-03-24 21:29 - 2014-02-07 14:05 - 00000000 ____D () C:\Users\Heiko\AppData\Roaming\BitTorrent
2015-03-24 09:21 - 2014-11-19 15:35 - 00000000 ____D () C:\Users\Heiko\Documents\Outlook Files
2015-03-24 09:21 - 2009-07-14 18:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-24 09:18 - 2009-12-31 04:56 - 00000000 ____D () C:\Program Files\Zubehör
2015-03-24 09:17 - 2010-04-19 21:59 - 00000000 ____D () C:\Program Files (x86)\Zattoo4
2015-03-24 09:17 - 2009-10-29 06:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2015-03-24 09:17 - 2009-10-29 06:36 - 00000000 ____D () C:\Program Files (x86)\Acer
2015-03-23 23:34 - 2009-07-14 16:20 - 00000000 ____D () C:\Windows\Web
2015-03-23 20:53 - 2014-08-18 10:22 - 00000000 ____D () C:\Users\Heiko\AppData\Local\Adobe
2015-03-23 20:27 - 2009-12-30 01:45 - 00001429 _____ () C:\Users\Heiko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-23 20:07 - 2009-07-14 18:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-23 20:06 - 2012-05-09 18:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-22 22:25 - 2009-12-30 06:37 - 00002358 ____H () C:\Users\Heiko\Documents\Default.rdp
2015-03-22 20:18 - 2014-02-01 18:03 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-03-22 07:24 - 2013-10-07 10:39 - 00000000 ____D () C:\Users\Gast
2015-03-22 07:23 - 2009-07-14 16:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-22 07:23 - 2009-07-14 16:20 - 00000000 ____D () C:\Windows\registration
2015-03-22 07:23 - 2009-07-14 16:20 - 00000000 ____D () C:\Windows\AppCompat
2015-03-21 10:43 - 2014-04-27 16:11 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-03-21 10:43 - 2013-12-29 21:47 - 00136752 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-03-21 10:43 - 2013-03-14 11:09 - 00268640 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-03-21 10:43 - 2013-03-14 11:09 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-03-21 10:43 - 2012-02-25 21:27 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-03-21 10:43 - 2009-12-30 09:01 - 00441728 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-03-21 10:43 - 2009-12-30 09:01 - 00088408 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-03-21 10:42 - 2011-03-14 07:00 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-03-21 10:40 - 2009-07-14 18:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-03-21 10:33 - 2014-11-22 08:27 - 00001897 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-03-17 18:55 - 2014-04-24 16:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Computer Troubleshooters Calling Card
2015-03-17 12:29 - 2009-07-14 16:20 - 00000000 ____D () C:\Windows\rescache
2015-03-17 10:54 - 2009-07-14 17:45 - 00450496 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-17 10:50 - 2009-07-14 16:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-17 10:50 - 2009-07-14 16:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-17 10:45 - 2009-10-29 18:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-17 10:28 - 2014-04-24 15:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-03-17 10:28 - 2009-07-14 15:34 - 00000510 _____ () C:\Windows\win.ini
2015-03-17 10:26 - 2013-07-11 18:58 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-17 10:11 - 2009-12-30 01:59 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-17 09:48 - 2015-02-12 18:24 - 00001751 _____ () C:\Users\Public\Desktop\Astroplus.lnk
2015-03-17 09:48 - 2015-02-12 18:24 - 00001741 _____ () C:\Users\Public\Desktop\Astroplus (classic Design).lnk
2015-03-17 09:48 - 2015-02-12 18:24 - 00000872 _____ () C:\Users\Public\Desktop\Planetary Hours.lnk
2015-03-17 09:48 - 2015-02-12 18:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Astrocontact Astroplus
2015-03-17 06:15 - 2014-06-07 10:25 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-17 06:15 - 2014-06-07 10:25 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-17 06:15 - 2014-01-24 00:04 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-13 11:37 - 2014-11-05 20:06 - 00000000 ____D () C:\Users\Heiko\.gimp-2.8
2015-03-13 09:54 - 2014-11-05 20:21 - 00000000 ____D () C:\Users\Heiko\AppData\Local\gtk-2.0
2015-03-08 20:52 - 2010-09-23 09:08 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-03-06 21:40 - 2010-01-04 19:57 - 00000000 ____D () C:\Users\Heiko\AppData\Roaming\Skype
2015-03-06 08:17 - 2014-03-01 21:01 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-03-06 08:17 - 2010-01-04 19:57 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-06 08:17 - 2010-01-04 19:57 - 00000000 ____D () C:\ProgramData\Skype
2015-03-05 12:53 - 2009-07-14 18:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-04 02:17 - 2009-12-30 01:58 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-28 16:20 - 2014-06-26 19:33 - 00000000 ____D () C:\Program Files (x86)\Filecloud

==================== Files in the root of some directories =======

2010-01-27 08:43 - 2010-01-27 08:43 - 0000034 _____ () C:\Users\Heiko\AppData\Roaming\pcouffin.log
2010-01-27 08:42 - 2010-01-27 08:42 - 0082816 _____ (VSO Software) C:\Users\Heiko\AppData\Roaming\pcouffin.sys
2010-01-17 01:40 - 2010-01-17 01:40 - 0003584 _____ () C:\Users\Heiko\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-27 03:38 - 2013-10-27 03:38 - 0004096 ____H () C:\Users\Heiko\AppData\Local\keyfile3.drm
2015-03-24 09:18 - 2015-03-24 09:20 - 0014191 _____ () C:\Users\Heiko\AppData\Local\MyWinLockerInstaller.txt-20150324.log
2015-03-13 09:54 - 2015-03-13 09:54 - 0010484 _____ () C:\Users\Heiko\AppData\Local\recently-used.xbel
2010-06-11 23:01 - 2013-12-30 08:25 - 0017408 _____ () C:\Users\Heiko\AppData\Local\WebpageIcons.db
2014-01-08 21:39 - 2014-01-08 21:39 - 0000057 _____ () C:\ProgramData\Ament.ini
2009-11-14 21:25 - 2009-11-14 21:28 - 0008308 _____ () C:\ProgramData\ArcadeDeluxe3.log
2010-01-04 19:59 - 2010-01-04 19:59 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2009-10-29 18:58 - 2009-07-18 14:57 - 0036136 _____ (Oberon Media) C:\ProgramData\FullRemove.exe

Some content of TEMP:
====================
C:\Users\Heiko\AppData\Local\Temp\Quarantine.exe
C:\Users\Heiko\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-25 00:14

==================== End Of Log ============================

--- --- ---

Viele Gruesse

Kermit

schrauber · 29.03.2015, 09:43

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Kermit1973 · 30.03.2015, 04:39

Hallo Schrauber,

der Eset online scanner hatte ein paar Funde (die bisher nicht gefixt wurden). Und die "Acer" Warnmeldung (siehe attachment vom ersten Beitrag) popt immer noch alle paar Stunden auf.

Eset

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=8031cfc97fb8074ba752a7924163dc83
# engine=23142
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-03-30 02:25:07
# local_time=2015-03-30 03:25:07 (+1200, Neuseeland Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 3994105 49874301 0 0
# scanned=347621
# found=5
# cleaned=0
# scan_time=14381
sh=485AFD64F09BFCEDD16BEFFE2B3130C493793446 ft=1 fh=4d4bd8b8b7188621 vn="Win32/Verti.L evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Heiko\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\80IOPKV4\StormWatchSetup[1].exe"
sh=5CED10009F50C650B85D1899677D5D6CADE1FAD0 ft=1 fh=c240816dcf7e5bc8 vn="Win32/BrowseFox.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Heiko\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HMP93XLB\AirGlobeSetup[1].exe"
sh=4EB73C0D59F388086502C5ED862B47291512C2BA ft=1 fh=74559f4ab8dbc80b vn="Variante von MSIL/Rebrand.LittleRegClean.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Heiko\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HMP93XLB\ProPCCleaner_1712[1].exe"
sh=C3FAC857E49860697E728266C75F6B0B06FDABEA ft=1 fh=8bc7a344f769545b vn="Variante von Win32/ELEX.CE evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Heiko\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y0BM4D31\obw_omniboxes[1].exe"
sh=320F08D77850B765EF27CD217381C03EB0EFB190 ft=0 fh=0000000000000000 vn="Variante von Win32/Systweak.L evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\569b79.msi"

Security Check

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.97  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Microsoft Security Essentials   
avast! Antivirus                
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 SpywareBlaster 5.0    
 Java 7 Update 51  
 Java 8 Update 25  
 Java 8 Update 31  
 Java version 32-bit out of Date! 
  Java 64-bit 8 Update 31  
 Adobe Flash Player 17.0.0.134  
 Adobe Reader XI  
 Mozilla Firefox (36.0.4) 
 Google Chrome (41.0.2272.101) 
 Google Chrome (41.0.2272.89) 
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Alwil Software Avast5 AvastSvc.exe  
 Alwil Software Avast5 AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

FRST

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Heiko (administrator) on HEIKO-NOTEBOOK on 30-03-2015 16:14:03
Running from C:\Users\Heiko\Desktop
Loaded Profiles: Heiko (Available profiles: Heiko & Gast)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avast Software s.r.o.) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcServiceHost.exe
(eFolder) C:\Program Files (x86)\Filecloud\bin\agent_service.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Windows\PLFSetI.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Alcatel-Lucent) C:\Program Files\tcnz\pcTrayApp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Elgato Systems) C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(eFolder) C:\Program Files (x86)\Filecloud\bin\agent_gui.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicatorCom.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(Acer Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
(Avast Software s.r.o.) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Avast Software s.r.o.) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8060960 2009-08-06] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-18] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2009-11-14] ()
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [823840 2009-10-01] (Acer Incorporated)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-02] (Microsoft Corporation)
HKLM\...\Run: [tcnz_McciTrayApp] => C:\Program Files\tcnz\pcTrayApp.exe [2782720 2013-07-26] (Alcatel-Lucent)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-05-24] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1094736 2009-11-02] (Dritek System Inc.)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] => C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [419112 2009-10-07] (CyberLink Corp.)
HKLM-x32\...\Run: [PlayMovie] => C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [181480 2009-10-06] (Acer Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-27] (Microsoft Corporation)
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-28] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641664 2012-04-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [10752 2012-02-21] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5511352 2015-03-21] (Avast Software s.r.o.)
HKLM-x32\...\Run: [RegKillElbyCheck] => C:\Program Files (x86)\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe [45056 2002-11-02] (Elaborate Bytes AG)
HKLM-x32\...\Run: [RegKillTray] => C:\Program Files (x86)\Elaborate Bytes\DVD Region Killer\RegKillTray.exe [49152 2002-11-28] (Elaborate Bytes)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKU\S-1-5-21-3175191187-1249783048-3626377888-1000\...\Run: [Remote Control Editor] => C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe [1844296 2011-11-10] (Elgato Systems)
HKU\S-1-5-21-3175191187-1249783048-3626377888-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-3175191187-1249783048-3626377888-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> c:\windows\system32\ACER.SCR [438272 2009-07-08] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Filecloud.lnk
ShortcutTarget: Filecloud.lnk -> C:\Program Files (x86)\Filecloud\bin\agent_gui.exe (eFolder)
Startup: C:\Users\Heiko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet 6700\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [00-Zukmo-SyncFileModified] -> {23939489-8B41-45ec-90F3-BD36A9644006} =>  No File
ShellIconOverlayIdentifiers: [00-Zukmo-SyncFileSuccess] -> {23939488-8B41-45ec-90F3-BD36A9644006} =>  No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShA64.dll (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [AnchorOverlayAttention] -> {40D1DAA7-9CB5-4DB7-8610-A814EDB003A5} => C:\Program Files (x86)\Filecloud\bin\x64\anchoroverlay.dll (eFolder)
ShellIconOverlayIdentifiers: [AnchorOverlayLockedSynced] -> {5B05543A-73D8-4D80-97F9-13F471224DD8} => C:\Program Files (x86)\Filecloud\bin\x64\anchoroverlay.dll (eFolder)
ShellIconOverlayIdentifiers: [AnchorOverlayLockedSyncing] -> {1C514AC9-A6B4-4692-A18E-9A2EE0B4E277} => C:\Program Files (x86)\Filecloud\bin\x64\anchoroverlay.dll (eFolder)
ShellIconOverlayIdentifiers: [AnchorOverlaySynced] -> {56E89524-684C-4352-B350-F97A7377DD64} => C:\Program Files (x86)\Filecloud\bin\x64\anchoroverlay.dll (eFolder)
ShellIconOverlayIdentifiers: [AnchorOverlaySyncing] -> {C6B3FD8D-C629-4A7F-AF73-9ABB59AF029D} => C:\Program Files (x86)\Filecloud\bin\x64\anchoroverlay.dll (eFolder)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Heiko\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Heiko\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Heiko\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Heiko\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3175191187-1249783048-3626377888-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3175191187-1249783048-3626377888-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3175191187-1249783048-3626377888-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.spiegel.de/
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3175191187-1249783048-3626377888-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll [2015-03-21] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-27] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-24] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2015-03-21] (Avast Software s.r.o.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-24] (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll [2011-06-25] (TerraTec Electronic GmbH)
DPF: HKLM-x32 {2D36AF92-04D3-11D8-B719-0000865F231B} https://my.sabre.com/jars/TMinReqX.dll
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-04-09] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 0.0.0.0

FireFox:
========
FF ProfilePath: C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\532md588.default-1422251137045
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-23] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-23] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2013-07-26] (Alcatel-Lucent)
FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll [2013-07-26] (Alcatel-Lucent)
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer -> C:\Windows\system32\TVUAx\npTVUAx.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-11] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-11] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npDivxPlayerPlugin.dll [2009-11-14] (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-27] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-10-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-10-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-10-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-10-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-10-26] (Apple Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-03-22]
FF Extension: Motive Extension - C:\Program Files (x86)\Mozilla Firefox\extensions\mcciwbch@motive.com.xpi [2015-03-22]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-03-14]

Chrome: 
=======
CHR Profile: C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-08]
CHR Extension: (Google Drive) - C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-08]
CHR Extension: (YouTube) - C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-08]
CHR Extension: (Google Search) - C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-08]
CHR Extension: (Motive Extension) - C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec [2014-03-12]
CHR Extension: (Avast Online Security) - C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-10]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-17]
CHR Extension: (Google Wallet) - C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-08]
CHR Extension: (Gmail) - C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-08]
CHR HKLM-x32\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx [2014-03-12]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2015-03-18]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [343336 2015-03-21] (Avast Software s.r.o.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-14] (Microsoft Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
S3 OpenVPNService; C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe [37176 2014-04-15] (The OpenVPN Project)
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460288 2013-07-26] (Alcatel-Lucent) [File not signed]
R2 pcServiceHost; C:\Program Files\Common Files\Motive\pcServiceHost.exe [342528 2013-07-26] (Alcatel-Lucent) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SyncedTool; C:\Program Files (x86)\Filecloud\bin\agent_service.exe [8190648 2015-02-27] (eFolder)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 HsspConfig; C:\Windows\system32\CfgSrvc.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31968 2012-10-08] (Wondershare)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-03-21] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-03-21] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-03-21] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-03-21] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-03-21] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [441728 2015-03-21] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-03-21] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [268640 2015-03-21] ()
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310984 2010-12-30] ()
S2 ElbyCDIO; C:\Windows\SysWOW64\Drivers\ElbyCDIO.sys [16320 2002-11-30] (Elaborate Bytes AG) [File not signed]
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [132608 2009-06-30] (Huawei Technologies Co., Ltd.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [42696 2010-12-30] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [631360 2009-11-17] (DiBcom SA)
S3 MODRC; C:\Windows\System32\DRIVERS\modrc.sys [23744 2009-11-17] (DiBcom S.A.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2013-07-26] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2013-07-26] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2013-07-26] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2013-07-26] (Printing Communications Assoc., Inc. (PCAUSA))
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S3 RegKill; C:\Windows\SysWOW64\Drivers\RegKill.sys [6400 2002-11-28] (Elaborate Bytes) [File not signed]
S3 StarOpen; No ImagePath
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl [146928 2009-10-06] (CyberLink Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 upperdev; system32\DRIVERS\usbser_lowerfltx64.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-30 16:13 - 2015-03-30 16:13 - 00001172 _____ () C:\Users\Heiko\Desktop\checkup.txt
2015-03-30 16:09 - 2015-03-30 16:09 - 00852604 _____ () C:\Users\Heiko\Desktop\SecurityCheck.exe
2015-03-30 16:08 - 2015-03-30 15:25 - 00001914 _____ () C:\Users\Heiko\Desktop\eset.txt
2015-03-30 11:21 - 2015-03-30 11:21 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-03-30 11:20 - 2015-03-30 11:20 - 02347384 _____ (ESET) C:\Users\Heiko\Desktop\esetsmartinstaller_deu.exe
2015-03-28 14:05 - 2015-03-28 14:05 - 00000814 _____ () C:\Users\Heiko\Desktop\JRT.txt
2015-03-28 13:56 - 2015-03-28 13:57 - 01388782 _____ (Thisisu) C:\Users\Heiko\Desktop\JRT.exe
2015-03-28 13:54 - 2015-03-28 13:54 - 00001192 _____ () C:\Users\Heiko\Desktop\AdwCleaner[S2].txt
2015-03-28 11:49 - 2015-03-28 11:49 - 00001207 _____ () C:\Users\Heiko\Desktop\mbam.txt
2015-03-28 11:07 - 2015-03-28 11:09 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Heiko\Desktop\mbam-setup-2.1.4.1018.exe
2015-03-27 12:39 - 2015-03-27 12:39 - 00028301 _____ () C:\Users\Heiko\Desktop\combofix.txt
2015-03-27 12:28 - 2015-03-27 12:28 - 00028301 _____ () C:\ComboFix.txt
2015-03-27 12:06 - 2015-03-27 12:28 - 00000000 ____D () C:\Qoobox
2015-03-27 12:06 - 2011-06-26 19:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-27 12:06 - 2010-11-08 06:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-27 12:06 - 2009-04-20 17:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-27 12:06 - 2000-08-31 13:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-27 12:06 - 2000-08-31 13:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-27 12:06 - 2000-08-31 13:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-27 12:06 - 2000-08-31 13:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-27 12:06 - 2000-08-31 13:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-27 11:58 - 2015-03-27 11:58 - 00276216 _____ () C:\Windows\Minidump\032715-36629-01.dmp
2015-03-27 11:55 - 2015-03-27 11:56 - 05615749 ____R (Swearware) C:\Users\Heiko\Desktop\ComboFix.exe
2015-03-26 14:05 - 2015-03-26 14:05 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Heiko\Desktop\tdsskiller.exe
2015-03-26 12:46 - 2015-03-26 14:03 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-26 12:43 - 2015-03-26 14:03 - 00000000 ____D () C:\Users\Heiko\Desktop\mbar
2015-03-26 12:40 - 2015-03-26 12:42 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Heiko\Desktop\mbar-1.09.1.1004.exe
2015-03-24 21:59 - 2015-03-24 22:01 - 00003356 _____ () C:\Users\Heiko\Desktop\Anti malwarebyte1.txt
2015-03-24 21:58 - 2015-03-24 21:57 - 00194854 _____ () C:\Users\Heiko\Desktop\gmer.txt
2015-03-24 21:57 - 2015-03-24 21:57 - 00194854 _____ () C:\Users\Heiko\Documents\gmer.txt
2015-03-24 21:42 - 2015-03-24 21:43 - 00044339 _____ () C:\Users\Heiko\Desktop\Addition.txt
2015-03-24 21:41 - 2015-03-30 16:14 - 00027495 _____ () C:\Users\Heiko\Desktop\FRST.txt
2015-03-24 21:41 - 2015-03-30 16:14 - 00000000 ____D () C:\FRST
2015-03-24 21:40 - 2015-03-24 21:40 - 00000472 _____ () C:\Users\Heiko\Desktop\defogger_disable.log
2015-03-24 21:40 - 2015-03-24 21:40 - 00000000 _____ () C:\Users\Heiko\defogger_reenable
2015-03-24 21:38 - 2015-03-24 21:39 - 00380416 _____ () C:\Users\Heiko\Desktop\Gmer-19357.exe
2015-03-24 21:38 - 2015-03-24 21:38 - 02095616 _____ (Farbar) C:\Users\Heiko\Desktop\FRST64.exe
2015-03-24 21:38 - 2015-03-24 21:38 - 01135104 _____ (Farbar) C:\Users\Heiko\Desktop\FRST.exe
2015-03-24 21:37 - 2015-03-24 21:37 - 00050477 _____ () C:\Users\Heiko\Desktop\Defogger.exe
2015-03-24 09:18 - 2015-03-24 09:20 - 00014191 _____ () C:\Users\Heiko\AppData\Local\MyWinLockerInstaller.txt-20150324.log
2015-03-24 00:02 - 2015-03-24 00:02 - 00276016 _____ () C:\Windows\Minidump\032415-22682-01.dmp
2015-03-23 20:56 - 2015-03-28 11:49 - 02168320 _____ () C:\Users\Heiko\Desktop\adwcleaner_4.113.exe
2015-03-23 20:52 - 2015-03-23 20:52 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-23 20:52 - 2015-03-23 20:52 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-23 20:26 - 2015-03-23 20:27 - 00000000 ____D () C:\Users\Heiko\AppData\Roaming\Opera Software
2015-03-23 20:26 - 2015-03-23 20:27 - 00000000 ____D () C:\Users\Heiko\AppData\Local\Opera Software
2015-03-23 20:23 - 2015-03-23 20:27 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-03-22 10:41 - 2015-03-22 10:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-21 10:43 - 2015-03-21 10:43 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-03-21 10:43 - 2015-03-21 10:43 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-03-21 10:33 - 2015-03-21 10:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-03-17 15:46 - 2015-03-28 13:47 - 00000000 ____D () C:\AdwCleaner
2015-03-17 09:48 - 2004-03-09 00:00 - 00440352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSHFLXGD.OCX
2015-03-17 09:35 - 2015-01-17 15:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-17 09:35 - 2015-01-17 15:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-17 09:34 - 2015-02-24 16:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-17 09:34 - 2015-02-24 15:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-17 09:34 - 2015-02-21 14:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-17 09:34 - 2015-02-21 13:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-17 09:34 - 2015-02-21 13:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-17 09:34 - 2015-02-21 13:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-17 09:34 - 2015-02-21 13:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-17 09:34 - 2015-02-21 12:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-17 09:34 - 2015-02-21 12:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-17 09:34 - 2015-02-20 16:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-17 09:34 - 2015-02-20 16:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-17 09:34 - 2015-02-20 15:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-17 09:34 - 2015-02-20 15:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-17 09:34 - 2015-02-20 15:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-17 09:34 - 2015-02-20 15:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-17 09:34 - 2015-02-20 15:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-17 09:34 - 2015-02-20 15:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-17 09:34 - 2015-02-20 15:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-17 09:34 - 2015-02-20 15:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-17 09:34 - 2015-02-20 15:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-17 09:34 - 2015-02-20 15:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-17 09:34 - 2015-02-20 15:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-17 09:34 - 2015-02-20 15:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-17 09:34 - 2015-02-20 15:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-17 09:34 - 2015-02-20 15:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-17 09:34 - 2015-02-20 15:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-17 09:34 - 2015-02-20 15:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-17 09:34 - 2015-02-20 15:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-17 09:34 - 2015-02-20 15:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-17 09:34 - 2015-02-20 15:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-17 09:34 - 2015-02-20 15:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-17 09:34 - 2015-02-20 15:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-17 09:34 - 2015-02-20 15:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-17 09:34 - 2015-02-20 15:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-17 09:34 - 2015-02-20 15:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-17 09:34 - 2015-02-20 15:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-17 09:34 - 2015-02-20 14:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-17 09:34 - 2015-02-20 14:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-17 09:34 - 2015-02-20 14:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-17 09:34 - 2015-02-20 14:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-17 09:34 - 2015-02-20 14:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-17 09:34 - 2015-02-20 14:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-17 09:34 - 2015-02-20 14:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-17 09:34 - 2015-02-20 14:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-17 09:34 - 2015-02-20 14:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-17 09:34 - 2015-02-20 14:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-17 09:34 - 2015-02-20 14:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-17 09:34 - 2015-02-20 14:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-17 09:34 - 2015-02-20 14:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-17 09:34 - 2015-02-20 14:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-17 09:34 - 2015-02-20 14:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-17 09:34 - 2015-02-20 14:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-17 09:34 - 2015-02-20 14:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-17 09:34 - 2015-02-20 14:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-17 09:34 - 2015-02-20 13:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-17 09:34 - 2015-02-20 13:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-17 09:33 - 2015-02-03 16:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-17 09:33 - 2015-02-03 16:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-17 09:33 - 2015-02-03 16:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-17 09:33 - 2015-02-03 16:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-17 09:33 - 2015-02-03 16:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-17 09:33 - 2015-02-03 16:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-17 09:33 - 2015-02-03 16:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-17 09:33 - 2015-02-03 16:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-17 09:33 - 2015-02-03 16:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-17 09:33 - 2015-02-03 16:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-17 09:33 - 2015-02-03 16:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-17 09:33 - 2015-02-03 16:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-17 09:33 - 2015-02-03 16:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-17 09:33 - 2015-02-03 16:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-17 09:32 - 2015-02-03 16:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-17 09:32 - 2015-02-03 16:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-17 09:32 - 2015-02-03 16:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-17 09:32 - 2015-02-03 16:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-17 09:32 - 2015-02-03 16:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-17 09:32 - 2015-02-03 16:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-17 09:32 - 2015-02-03 16:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-17 09:32 - 2015-02-03 16:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-17 09:32 - 2015-02-03 16:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-17 09:32 - 2015-02-03 16:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-17 09:32 - 2015-02-03 16:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-17 09:32 - 2015-02-03 16:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-17 09:32 - 2015-02-03 16:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-17 09:32 - 2015-02-03 16:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-17 09:32 - 2015-02-03 16:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-17 09:32 - 2015-02-03 16:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-17 09:32 - 2015-02-03 16:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-17 09:32 - 2015-02-03 16:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-17 09:32 - 2015-02-03 16:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-17 09:32 - 2015-02-03 16:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-17 09:32 - 2015-02-03 16:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-17 09:32 - 2015-02-03 16:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-17 09:32 - 2015-02-03 16:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-17 09:32 - 2015-02-03 16:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-17 09:32 - 2015-02-03 16:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-17 09:32 - 2015-02-03 16:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-17 09:32 - 2015-02-03 16:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-17 09:32 - 2015-02-03 16:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-17 09:32 - 2015-02-03 16:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-17 09:32 - 2015-02-03 16:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-17 09:32 - 2015-02-03 16:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-17 09:32 - 2015-02-03 16:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-17 09:32 - 2015-02-03 16:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-17 09:32 - 2015-02-03 16:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-17 09:32 - 2015-02-03 16:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-17 09:32 - 2014-11-01 11:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-17 09:31 - 2015-02-03 16:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-17 09:31 - 2015-02-03 16:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-17 09:31 - 2015-02-03 16:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-17 09:31 - 2015-02-03 16:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-17 09:31 - 2015-02-03 16:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-17 09:31 - 2015-02-03 16:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-17 09:31 - 2015-02-03 16:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-17 09:31 - 2015-02-03 16:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-17 09:31 - 2015-02-03 16:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-17 09:31 - 2015-02-03 16:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-17 09:31 - 2015-02-03 16:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-17 09:31 - 2015-02-03 16:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-17 09:31 - 2015-02-03 16:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-17 09:31 - 2015-02-03 16:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-17 09:31 - 2015-02-03 16:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-17 09:31 - 2015-02-03 16:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-17 09:31 - 2015-02-03 16:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-17 09:31 - 2015-02-03 16:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-17 09:31 - 2015-02-03 16:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-17 09:31 - 2015-02-03 16:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-17 09:31 - 2015-02-03 16:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-17 09:31 - 2015-02-03 16:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-17 09:31 - 2015-02-03 16:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-17 09:31 - 2015-02-03 16:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-17 09:31 - 2015-02-03 16:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-17 09:30 - 2015-02-03 16:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-17 09:30 - 2015-02-03 16:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-17 09:30 - 2015-02-03 16:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-17 09:30 - 2015-02-03 16:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-17 09:30 - 2015-02-03 16:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-17 09:30 - 2015-02-03 16:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-17 09:30 - 2015-02-03 16:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-17 09:30 - 2015-02-03 16:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-17 09:30 - 2015-02-03 16:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-17 09:30 - 2015-02-03 16:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-17 09:30 - 2015-02-03 16:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-17 09:30 - 2015-02-03 16:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-17 09:30 - 2015-02-03 16:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-17 09:30 - 2015-02-03 16:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-17 09:30 - 2015-02-03 15:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-17 09:22 - 2015-03-06 18:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-17 09:22 - 2015-03-06 18:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-17 09:22 - 2015-03-06 18:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-17 09:22 - 2015-03-06 18:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-17 09:22 - 2015-03-06 18:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-17 09:22 - 2015-03-06 18:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-17 09:22 - 2015-03-06 18:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-17 09:22 - 2015-03-06 18:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-17 09:22 - 2015-03-06 18:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-17 09:22 - 2015-03-06 18:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-17 09:22 - 2015-03-06 18:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-17 09:22 - 2015-03-06 18:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-17 09:22 - 2015-03-06 18:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-17 09:22 - 2015-03-06 18:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-17 09:22 - 2015-03-06 18:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-17 09:22 - 2015-03-06 18:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-17 09:22 - 2015-03-06 18:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-17 09:22 - 2015-03-06 18:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-17 09:22 - 2015-03-06 18:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-17 09:22 - 2015-03-06 18:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-17 09:22 - 2015-03-06 18:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-17 09:22 - 2015-01-31 12:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-17 09:21 - 2015-03-06 18:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-17 09:21 - 2015-03-06 18:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-17 09:21 - 2015-03-06 18:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-17 09:21 - 2015-03-06 18:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-17 09:21 - 2015-03-06 18:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-17 09:21 - 2015-03-06 18:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-17 09:21 - 2015-03-06 18:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-17 09:21 - 2015-03-06 18:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-17 09:21 - 2015-03-06 18:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-17 09:21 - 2015-03-06 18:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-17 09:17 - 2015-02-20 16:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-17 09:17 - 2015-02-03 16:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-17 09:17 - 2015-02-03 16:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-17 09:16 - 2015-02-20 17:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-17 09:16 - 2015-02-20 17:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-17 09:16 - 2015-02-20 17:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-17 09:16 - 2015-02-20 17:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-17 09:16 - 2015-02-20 17:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-17 09:16 - 2015-02-20 17:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-17 09:16 - 2015-02-20 17:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-17 09:16 - 2015-02-20 17:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-17 09:16 - 2015-02-20 16:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-17 09:16 - 2015-02-13 18:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-17 09:16 - 2015-02-13 18:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-17 09:13 - 2015-02-03 16:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-17 09:13 - 2015-02-03 16:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-17 09:13 - 2015-01-31 16:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-17 09:13 - 2015-01-31 16:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-17 09:13 - 2015-01-31 12:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-17 09:12 - 2015-02-26 16:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-17 08:52 - 2015-02-04 16:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-17 08:52 - 2015-02-04 15:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-13 09:54 - 2015-03-13 09:54 - 00010484 _____ () C:\Users\Heiko\AppData\Local\recently-used.xbel
2015-03-08 20:53 - 2015-03-08 20:53 - 00001717 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-03-08 20:53 - 2015-03-08 20:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-03-08 20:52 - 2015-03-08 20:53 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-03-08 20:52 - 2015-03-08 20:53 - 00000000 ____D () C:\Program Files\iTunes
2015-03-08 20:52 - 2015-03-08 20:52 - 00000000 ____D () C:\Program Files\iPod
2015-03-08 20:52 - 2015-03-08 20:52 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-03-06 08:17 - 2015-03-06 08:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-30 16:07 - 2014-01-08 10:22 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-30 15:07 - 2014-01-08 10:22 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-30 11:22 - 2009-11-14 21:24 - 01555101 _____ () C:\Windows\WindowsUpdate.log
2015-03-30 11:15 - 2009-07-14 17:45 - 00017600 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-30 11:15 - 2009-07-14 17:45 - 00017600 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-30 11:12 - 2009-11-15 06:13 - 00703476 _____ () C:\Windows\system32\perfh007.dat
2015-03-30 11:12 - 2009-11-15 06:13 - 00151084 _____ () C:\Windows\system32\perfc007.dat
2015-03-30 11:12 - 2009-07-14 18:13 - 01630508 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-30 11:06 - 2011-02-25 21:54 - 00126399 _____ () C:\Windows\setupact.log
2015-03-30 11:06 - 2009-07-14 18:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-28 11:11 - 2014-06-07 10:26 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-28 11:10 - 2014-11-08 09:15 - 00001110 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-28 11:10 - 2014-06-07 10:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-03-28 11:10 - 2014-06-07 10:25 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-03-28 11:06 - 2015-02-12 18:24 - 00000050 _____ () C:\Windows\astplus.ini
2015-03-27 13:04 - 2014-02-06 09:40 - 00004184 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-03-27 12:40 - 2011-02-25 21:54 - 00258046 _____ () C:\Windows\PFRO.log
2015-03-27 12:23 - 2009-07-14 15:34 - 00000292 _____ () C:\Windows\system.ini
2015-03-27 11:58 - 2015-01-29 18:08 - 645570586 _____ () C:\Windows\MEMORY.DMP
2015-03-27 11:58 - 2011-11-29 23:20 - 00000000 ____D () C:\Windows\Minidump
2015-03-27 11:57 - 2014-02-03 23:04 - 00000000 ____D () C:\Windows\erdnt
2015-03-26 12:32 - 2009-10-29 06:36 - 00000000 ____D () C:\Windows\oem
2015-03-24 21:40 - 2009-12-30 01:44 - 00000000 ____D () C:\Users\Heiko
2015-03-24 21:29 - 2014-02-07 14:05 - 00000000 ____D () C:\Users\Heiko\AppData\Roaming\BitTorrent
2015-03-24 09:21 - 2014-11-19 15:35 - 00000000 ____D () C:\Users\Heiko\Documents\Outlook Files
2015-03-24 09:21 - 2009-07-14 18:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-24 09:18 - 2009-12-31 04:56 - 00000000 ____D () C:\Program Files\Zubehör
2015-03-24 09:17 - 2010-04-19 21:59 - 00000000 ____D () C:\Program Files (x86)\Zattoo4
2015-03-24 09:17 - 2009-10-29 06:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2015-03-24 09:17 - 2009-10-29 06:36 - 00000000 ____D () C:\Program Files (x86)\Acer
2015-03-23 23:34 - 2009-07-14 16:20 - 00000000 ____D () C:\Windows\Web
2015-03-23 20:53 - 2014-08-18 10:22 - 00000000 ____D () C:\Users\Heiko\AppData\Local\Adobe
2015-03-23 20:27 - 2009-12-30 01:45 - 00001429 _____ () C:\Users\Heiko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-23 20:07 - 2009-07-14 18:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-23 20:06 - 2012-05-09 18:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-22 22:25 - 2009-12-30 06:37 - 00002358 ____H () C:\Users\Heiko\Documents\Default.rdp
2015-03-22 20:18 - 2014-02-01 18:03 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-03-22 07:24 - 2013-10-07 10:39 - 00000000 ____D () C:\Users\Gast
2015-03-22 07:23 - 2009-07-14 16:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-22 07:23 - 2009-07-14 16:20 - 00000000 ____D () C:\Windows\registration
2015-03-22 07:23 - 2009-07-14 16:20 - 00000000 ____D () C:\Windows\AppCompat
2015-03-21 10:43 - 2014-04-27 16:11 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-03-21 10:43 - 2013-12-29 21:47 - 00136752 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-03-21 10:43 - 2013-03-14 11:09 - 00268640 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-03-21 10:43 - 2013-03-14 11:09 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-03-21 10:43 - 2012-02-25 21:27 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-03-21 10:43 - 2009-12-30 09:01 - 00441728 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-03-21 10:43 - 2009-12-30 09:01 - 00088408 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-03-21 10:42 - 2011-03-14 07:00 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-03-21 10:40 - 2009-07-14 18:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-03-21 10:33 - 2014-11-22 08:27 - 00001897 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-03-17 18:55 - 2014-04-24 16:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Computer Troubleshooters Calling Card
2015-03-17 12:29 - 2009-07-14 16:20 - 00000000 ____D () C:\Windows\rescache
2015-03-17 10:54 - 2009-07-14 17:45 - 00450496 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-17 10:50 - 2009-07-14 16:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-17 10:50 - 2009-07-14 16:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-17 10:45 - 2009-10-29 18:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-17 10:28 - 2014-04-24 15:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-03-17 10:28 - 2009-07-14 15:34 - 00000510 _____ () C:\Windows\win.ini
2015-03-17 10:26 - 2013-07-11 18:58 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-17 10:11 - 2009-12-30 01:59 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-17 09:48 - 2015-02-12 18:24 - 00001751 _____ () C:\Users\Public\Desktop\Astroplus.lnk
2015-03-17 09:48 - 2015-02-12 18:24 - 00001741 _____ () C:\Users\Public\Desktop\Astroplus (classic Design).lnk
2015-03-17 09:48 - 2015-02-12 18:24 - 00000872 _____ () C:\Users\Public\Desktop\Planetary Hours.lnk
2015-03-17 09:48 - 2015-02-12 18:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Astrocontact Astroplus
2015-03-17 06:15 - 2014-06-07 10:25 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-17 06:15 - 2014-06-07 10:25 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-17 06:15 - 2014-01-24 00:04 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-13 11:37 - 2014-11-05 20:06 - 00000000 ____D () C:\Users\Heiko\.gimp-2.8
2015-03-13 09:54 - 2014-11-05 20:21 - 00000000 ____D () C:\Users\Heiko\AppData\Local\gtk-2.0
2015-03-08 20:52 - 2010-09-23 09:08 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-03-06 21:40 - 2010-01-04 19:57 - 00000000 ____D () C:\Users\Heiko\AppData\Roaming\Skype
2015-03-06 08:17 - 2014-03-01 21:01 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-03-06 08:17 - 2010-01-04 19:57 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-06 08:17 - 2010-01-04 19:57 - 00000000 ____D () C:\ProgramData\Skype
2015-03-05 12:53 - 2009-07-14 18:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-04 02:17 - 2009-12-30 01:58 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-28 16:20 - 2014-06-26 19:33 - 00000000 ____D () C:\Program Files (x86)\Filecloud

==================== Files in the root of some directories =======

2010-01-27 08:43 - 2010-01-27 08:43 - 0000034 _____ () C:\Users\Heiko\AppData\Roaming\pcouffin.log
2010-01-27 08:42 - 2010-01-27 08:42 - 0082816 _____ (VSO Software) C:\Users\Heiko\AppData\Roaming\pcouffin.sys
2010-01-17 01:40 - 2010-01-17 01:40 - 0003584 _____ () C:\Users\Heiko\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-27 03:38 - 2013-10-27 03:38 - 0004096 ____H () C:\Users\Heiko\AppData\Local\keyfile3.drm
2015-03-24 09:18 - 2015-03-24 09:20 - 0014191 _____ () C:\Users\Heiko\AppData\Local\MyWinLockerInstaller.txt-20150324.log
2015-03-13 09:54 - 2015-03-13 09:54 - 0010484 _____ () C:\Users\Heiko\AppData\Local\recently-used.xbel
2010-06-11 23:01 - 2013-12-30 08:25 - 0017408 _____ () C:\Users\Heiko\AppData\Local\WebpageIcons.db
2014-01-08 21:39 - 2014-01-08 21:39 - 0000057 _____ () C:\ProgramData\Ament.ini
2009-11-14 21:25 - 2009-11-14 21:28 - 0008308 _____ () C:\ProgramData\ArcadeDeluxe3.log
2010-01-04 19:59 - 2010-01-04 19:59 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2009-10-29 18:58 - 2009-07-18 14:57 - 0036136 _____ (Oberon Media) C:\ProgramData\FullRemove.exe

Some content of TEMP:
====================
C:\Users\Heiko\AppData\Local\Temp\Quarantine.exe
C:\Users\Heiko\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-25 00:14

==================== End Of Log ============================

--- --- ---

--- --- ---

Viele Grüße

Kermit

schrauber · 30.03.2015, 17:14

Alte Java Versionen alle deinstallieren, aktuelle installieren.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

C:\Windows\Installer\569b79.msi
AlternateShell: cmd.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 0.0.0.0
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Mach bitte mal ein FRST Log wenn die Meldung da ist, und diese dann nicht wegdrücken.

Kermit1973 · 31.03.2015, 11:29

Hallo Schrauber,

zuerst schicke ich mal das FRST das ich gemacht habe als die Meldung kam (wobei das Fenster sich automatisch schliesst wenn ich irgendetwas anklicke):

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Heiko (administrator) on HEIKO-NOTEBOOK on 31-03-2015 22:45:41
Running from C:\Users\Heiko\Desktop
Loaded Profiles: Heiko (Available profiles: Heiko & Gast)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avast Software s.r.o.) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcServiceHost.exe
(eFolder) C:\Program Files (x86)\Filecloud\bin\agent_service.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Windows\PLFSetI.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Alcatel-Lucent) C:\Program Files\tcnz\pcTrayApp.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Elgato Systems) C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(eFolder) C:\Program Files (x86)\Filecloud\bin\agent_gui.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicatorCom.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Acer Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
(Avast Software s.r.o.) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avast Software s.r.o.) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8060960 2009-08-06] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-18] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2009-11-14] ()
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [823840 2009-10-01] (Acer Incorporated)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-02] (Microsoft Corporation)
HKLM\...\Run: [tcnz_McciTrayApp] => C:\Program Files\tcnz\pcTrayApp.exe [2782720 2013-07-26] (Alcatel-Lucent)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-05-24] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1094736 2009-11-02] (Dritek System Inc.)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] => C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [419112 2009-10-07] (CyberLink Corp.)
HKLM-x32\...\Run: [PlayMovie] => C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [181480 2009-10-06] (Acer Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-27] (Microsoft Corporation)
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-28] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641664 2012-04-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [10752 2012-02-21] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5511352 2015-03-21] (Avast Software s.r.o.)
HKLM-x32\...\Run: [RegKillElbyCheck] => C:\Program Files (x86)\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe [45056 2002-11-02] (Elaborate Bytes AG)
HKLM-x32\...\Run: [RegKillTray] => C:\Program Files (x86)\Elaborate Bytes\DVD Region Killer\RegKillTray.exe [49152 2002-11-28] (Elaborate Bytes)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKU\S-1-5-21-3175191187-1249783048-3626377888-1000\...\Run: [Remote Control Editor] => C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe [1844296 2011-11-10] (Elgato Systems)
HKU\S-1-5-21-3175191187-1249783048-3626377888-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-3175191187-1249783048-3626377888-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> c:\windows\system32\ACER.SCR [438272 2009-07-08] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Filecloud.lnk
ShortcutTarget: Filecloud.lnk -> C:\Program Files (x86)\Filecloud\bin\agent_gui.exe (eFolder)
Startup: C:\Users\Heiko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet 6700\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [00-Zukmo-SyncFileModified] -> {23939489-8B41-45ec-90F3-BD36A9644006} =>  No File
ShellIconOverlayIdentifiers: [00-Zukmo-SyncFileSuccess] -> {23939488-8B41-45ec-90F3-BD36A9644006} =>  No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShA64.dll (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [AnchorOverlayAttention] -> {40D1DAA7-9CB5-4DB7-8610-A814EDB003A5} => C:\Program Files (x86)\Filecloud\bin\x64\anchoroverlay.dll (eFolder)
ShellIconOverlayIdentifiers: [AnchorOverlayLockedSynced] -> {5B05543A-73D8-4D80-97F9-13F471224DD8} => C:\Program Files (x86)\Filecloud\bin\x64\anchoroverlay.dll (eFolder)
ShellIconOverlayIdentifiers: [AnchorOverlayLockedSyncing] -> {1C514AC9-A6B4-4692-A18E-9A2EE0B4E277} => C:\Program Files (x86)\Filecloud\bin\x64\anchoroverlay.dll (eFolder)
ShellIconOverlayIdentifiers: [AnchorOverlaySynced] -> {56E89524-684C-4352-B350-F97A7377DD64} => C:\Program Files (x86)\Filecloud\bin\x64\anchoroverlay.dll (eFolder)
ShellIconOverlayIdentifiers: [AnchorOverlaySyncing] -> {C6B3FD8D-C629-4A7F-AF73-9ABB59AF029D} => C:\Program Files (x86)\Filecloud\bin\x64\anchoroverlay.dll (eFolder)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Heiko\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Heiko\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Heiko\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Heiko\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3175191187-1249783048-3626377888-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3175191187-1249783048-3626377888-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3175191187-1249783048-3626377888-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.spiegel.de/
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3175191187-1249783048-3626377888-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll [2015-03-21] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-27] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-24] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2015-03-21] (Avast Software s.r.o.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-24] (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll [2011-06-25] (TerraTec Electronic GmbH)
DPF: HKLM-x32 {2D36AF92-04D3-11D8-B719-0000865F231B} https://my.sabre.com/jars/TMinReqX.dll
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-04-09] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 0.0.0.0

FireFox:
========
FF ProfilePath: C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\532md588.default-1422251137045
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-23] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-23] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2013-07-26] (Alcatel-Lucent)
FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll [2013-07-26] (Alcatel-Lucent)
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer -> C:\Windows\system32\TVUAx\npTVUAx.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-11] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-11] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npDivxPlayerPlugin.dll [2009-11-14] (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-27] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-10-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-10-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-10-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-10-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-10-26] (Apple Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-03-22]
FF Extension: Motive Extension - C:\Program Files (x86)\Mozilla Firefox\extensions\mcciwbch@motive.com.xpi [2015-03-22]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-03-14]

Chrome: 
=======
CHR Profile: C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-08]
CHR Extension: (Google Drive) - C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-08]
CHR Extension: (YouTube) - C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-08]
CHR Extension: (Google Search) - C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-08]
CHR Extension: (Motive Extension) - C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec [2014-03-12]
CHR Extension: (Avast Online Security) - C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-10]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-17]
CHR Extension: (Google Wallet) - C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-08]
CHR Extension: (Gmail) - C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-08]
CHR HKLM-x32\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx [2014-03-12]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2015-03-18]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [343336 2015-03-21] (Avast Software s.r.o.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-14] (Microsoft Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
S3 OpenVPNService; C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe [37176 2014-04-15] (The OpenVPN Project)
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460288 2013-07-26] (Alcatel-Lucent) [File not signed]
R2 pcServiceHost; C:\Program Files\Common Files\Motive\pcServiceHost.exe [342528 2013-07-26] (Alcatel-Lucent) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SyncedTool; C:\Program Files (x86)\Filecloud\bin\agent_service.exe [8190648 2015-02-27] (eFolder)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 HsspConfig; C:\Windows\system32\CfgSrvc.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31968 2012-10-08] (Wondershare)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-03-21] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-03-21] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-03-21] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-03-21] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-03-21] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [441728 2015-03-21] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-03-21] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [268640 2015-03-21] ()
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310984 2010-12-30] ()
S2 ElbyCDIO; C:\Windows\SysWOW64\Drivers\ElbyCDIO.sys [16320 2002-11-30] (Elaborate Bytes AG) [File not signed]
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [132608 2009-06-30] (Huawei Technologies Co., Ltd.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [42696 2010-12-30] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [631360 2009-11-17] (DiBcom SA)
S3 MODRC; C:\Windows\System32\DRIVERS\modrc.sys [23744 2009-11-17] (DiBcom S.A.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2013-07-26] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2013-07-26] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2013-07-26] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2013-07-26] (Printing Communications Assoc., Inc. (PCAUSA))
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S3 RegKill; C:\Windows\SysWOW64\Drivers\RegKill.sys [6400 2002-11-28] (Elaborate Bytes) [File not signed]
S3 StarOpen; No ImagePath
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl [146928 2009-10-06] (CyberLink Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 upperdev; system32\DRIVERS\usbser_lowerfltx64.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-31 15:00 - 2015-03-31 15:00 - 00007890 _____ () C:\Users\Heiko\AppData\Local\recently-used.xbel
2015-03-30 16:13 - 2015-03-30 16:13 - 00001172 _____ () C:\Users\Heiko\Desktop\checkup.txt
2015-03-30 16:09 - 2015-03-30 16:09 - 00852604 _____ () C:\Users\Heiko\Desktop\SecurityCheck.exe
2015-03-30 16:08 - 2015-03-30 15:25 - 00001914 _____ () C:\Users\Heiko\Desktop\eset.txt
2015-03-30 11:20 - 2015-03-30 11:20 - 02347384 _____ (ESET) C:\Users\Heiko\Desktop\esetsmartinstaller_deu.exe
2015-03-28 14:05 - 2015-03-28 14:05 - 00000814 _____ () C:\Users\Heiko\Desktop\JRT.txt
2015-03-28 13:56 - 2015-03-28 13:57 - 01388782 _____ (Thisisu) C:\Users\Heiko\Desktop\JRT.exe
2015-03-28 13:54 - 2015-03-28 13:54 - 00001192 _____ () C:\Users\Heiko\Desktop\AdwCleaner[S2].txt
2015-03-28 11:49 - 2015-03-28 11:49 - 00001207 _____ () C:\Users\Heiko\Desktop\mbam.txt
2015-03-28 11:07 - 2015-03-28 11:09 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Heiko\Desktop\mbam-setup-2.1.4.1018.exe
2015-03-27 12:39 - 2015-03-27 12:39 - 00028301 _____ () C:\Users\Heiko\Desktop\combofix.txt
2015-03-27 12:28 - 2015-03-27 12:28 - 00028301 _____ () C:\ComboFix.txt
2015-03-27 12:06 - 2015-03-27 12:28 - 00000000 ____D () C:\Qoobox
2015-03-27 12:06 - 2011-06-26 19:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-27 12:06 - 2010-11-08 06:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-27 12:06 - 2009-04-20 17:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-27 12:06 - 2000-08-31 13:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-27 12:06 - 2000-08-31 13:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-27 12:06 - 2000-08-31 13:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-27 12:06 - 2000-08-31 13:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-27 12:06 - 2000-08-31 13:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-27 11:58 - 2015-03-27 11:58 - 00276216 _____ () C:\Windows\Minidump\032715-36629-01.dmp
2015-03-27 11:55 - 2015-03-27 11:56 - 05615749 ____R (Swearware) C:\Users\Heiko\Desktop\ComboFix.exe
2015-03-26 14:05 - 2015-03-26 14:05 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Heiko\Desktop\tdsskiller.exe
2015-03-26 12:46 - 2015-03-26 14:03 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-26 12:43 - 2015-03-26 14:03 - 00000000 ____D () C:\Users\Heiko\Desktop\mbar
2015-03-26 12:40 - 2015-03-26 12:42 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Heiko\Desktop\mbar-1.09.1.1004.exe
2015-03-24 21:59 - 2015-03-24 22:01 - 00003356 _____ () C:\Users\Heiko\Desktop\Anti malwarebyte1.txt
2015-03-24 21:58 - 2015-03-24 21:57 - 00194854 _____ () C:\Users\Heiko\Desktop\gmer.txt
2015-03-24 21:57 - 2015-03-24 21:57 - 00194854 _____ () C:\Users\Heiko\Documents\gmer.txt
2015-03-24 21:42 - 2015-03-24 21:43 - 00044339 _____ () C:\Users\Heiko\Desktop\Addition.txt
2015-03-24 21:41 - 2015-03-31 22:45 - 00027574 _____ () C:\Users\Heiko\Desktop\FRST.txt
2015-03-24 21:41 - 2015-03-31 22:45 - 00000000 ____D () C:\FRST
2015-03-24 21:40 - 2015-03-24 21:40 - 00000472 _____ () C:\Users\Heiko\Desktop\defogger_disable.log
2015-03-24 21:40 - 2015-03-24 21:40 - 00000000 _____ () C:\Users\Heiko\defogger_reenable
2015-03-24 21:38 - 2015-03-24 21:39 - 00380416 _____ () C:\Users\Heiko\Desktop\Gmer-19357.exe
2015-03-24 21:38 - 2015-03-24 21:38 - 02095616 _____ (Farbar) C:\Users\Heiko\Desktop\FRST64.exe
2015-03-24 21:38 - 2015-03-24 21:38 - 01135104 _____ (Farbar) C:\Users\Heiko\Desktop\FRST.exe
2015-03-24 21:37 - 2015-03-24 21:37 - 00050477 _____ () C:\Users\Heiko\Desktop\Defogger.exe
2015-03-24 09:18 - 2015-03-24 09:20 - 00014191 _____ () C:\Users\Heiko\AppData\Local\MyWinLockerInstaller.txt-20150324.log
2015-03-24 00:02 - 2015-03-24 00:02 - 00276016 _____ () C:\Windows\Minidump\032415-22682-01.dmp
2015-03-23 20:56 - 2015-03-28 11:49 - 02168320 _____ () C:\Users\Heiko\Desktop\adwcleaner_4.113.exe
2015-03-23 20:52 - 2015-03-23 20:52 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-23 20:52 - 2015-03-23 20:52 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-23 20:26 - 2015-03-23 20:27 - 00000000 ____D () C:\Users\Heiko\AppData\Roaming\Opera Software
2015-03-23 20:26 - 2015-03-23 20:27 - 00000000 ____D () C:\Users\Heiko\AppData\Local\Opera Software
2015-03-23 20:23 - 2015-03-23 20:27 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-03-22 10:41 - 2015-03-22 10:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-21 10:43 - 2015-03-21 10:43 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-03-21 10:43 - 2015-03-21 10:43 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-03-21 10:33 - 2015-03-21 10:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-03-17 15:46 - 2015-03-28 13:47 - 00000000 ____D () C:\AdwCleaner
2015-03-17 09:48 - 2004-03-09 00:00 - 00440352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSHFLXGD.OCX
2015-03-17 09:35 - 2015-01-17 15:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-17 09:35 - 2015-01-17 15:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-17 09:34 - 2015-02-24 16:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-17 09:34 - 2015-02-24 15:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-17 09:34 - 2015-02-21 14:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-17 09:34 - 2015-02-21 13:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-17 09:34 - 2015-02-21 13:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-17 09:34 - 2015-02-21 13:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-17 09:34 - 2015-02-21 13:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-17 09:34 - 2015-02-21 12:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-17 09:34 - 2015-02-21 12:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-17 09:34 - 2015-02-20 16:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-17 09:34 - 2015-02-20 16:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-17 09:34 - 2015-02-20 15:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-17 09:34 - 2015-02-20 15:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-17 09:34 - 2015-02-20 15:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-17 09:34 - 2015-02-20 15:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-17 09:34 - 2015-02-20 15:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-17 09:34 - 2015-02-20 15:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-17 09:34 - 2015-02-20 15:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-17 09:34 - 2015-02-20 15:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-17 09:34 - 2015-02-20 15:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-17 09:34 - 2015-02-20 15:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-17 09:34 - 2015-02-20 15:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-17 09:34 - 2015-02-20 15:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-17 09:34 - 2015-02-20 15:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-17 09:34 - 2015-02-20 15:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-17 09:34 - 2015-02-20 15:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-17 09:34 - 2015-02-20 15:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-17 09:34 - 2015-02-20 15:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-17 09:34 - 2015-02-20 15:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-17 09:34 - 2015-02-20 15:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-17 09:34 - 2015-02-20 15:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-17 09:34 - 2015-02-20 15:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-17 09:34 - 2015-02-20 15:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-17 09:34 - 2015-02-20 15:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-17 09:34 - 2015-02-20 15:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-17 09:34 - 2015-02-20 15:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-17 09:34 - 2015-02-20 14:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-17 09:34 - 2015-02-20 14:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-17 09:34 - 2015-02-20 14:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-17 09:34 - 2015-02-20 14:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-17 09:34 - 2015-02-20 14:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-17 09:34 - 2015-02-20 14:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-17 09:34 - 2015-02-20 14:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-17 09:34 - 2015-02-20 14:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-17 09:34 - 2015-02-20 14:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-17 09:34 - 2015-02-20 14:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-17 09:34 - 2015-02-20 14:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-17 09:34 - 2015-02-20 14:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-17 09:34 - 2015-02-20 14:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-17 09:34 - 2015-02-20 14:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-17 09:34 - 2015-02-20 14:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-17 09:34 - 2015-02-20 14:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-17 09:34 - 2015-02-20 14:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-17 09:34 - 2015-02-20 14:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-17 09:34 - 2015-02-20 13:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-17 09:34 - 2015-02-20 13:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-17 09:33 - 2015-02-03 16:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-17 09:33 - 2015-02-03 16:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-17 09:33 - 2015-02-03 16:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-17 09:33 - 2015-02-03 16:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-17 09:33 - 2015-02-03 16:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-17 09:33 - 2015-02-03 16:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-17 09:33 - 2015-02-03 16:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-17 09:33 - 2015-02-03 16:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-17 09:33 - 2015-02-03 16:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-17 09:33 - 2015-02-03 16:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-17 09:33 - 2015-02-03 16:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-17 09:33 - 2015-02-03 16:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-17 09:33 - 2015-02-03 16:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-17 09:33 - 2015-02-03 16:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-17 09:32 - 2015-02-03 16:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-17 09:32 - 2015-02-03 16:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-17 09:32 - 2015-02-03 16:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-17 09:32 - 2015-02-03 16:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-17 09:32 - 2015-02-03 16:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-17 09:32 - 2015-02-03 16:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-17 09:32 - 2015-02-03 16:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-17 09:32 - 2015-02-03 16:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-17 09:32 - 2015-02-03 16:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-17 09:32 - 2015-02-03 16:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-17 09:32 - 2015-02-03 16:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-17 09:32 - 2015-02-03 16:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-17 09:32 - 2015-02-03 16:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-17 09:32 - 2015-02-03 16:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-17 09:32 - 2015-02-03 16:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-17 09:32 - 2015-02-03 16:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-17 09:32 - 2015-02-03 16:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-17 09:32 - 2015-02-03 16:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-17 09:32 - 2015-02-03 16:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-17 09:32 - 2015-02-03 16:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-17 09:32 - 2015-02-03 16:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-17 09:32 - 2015-02-03 16:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-17 09:32 - 2015-02-03 16:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-17 09:32 - 2015-02-03 16:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-17 09:32 - 2015-02-03 16:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-17 09:32 - 2015-02-03 16:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-17 09:32 - 2015-02-03 16:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-17 09:32 - 2015-02-03 16:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-17 09:32 - 2015-02-03 16:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-17 09:32 - 2015-02-03 16:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-17 09:32 - 2015-02-03 16:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-17 09:32 - 2015-02-03 16:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-17 09:32 - 2015-02-03 16:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-17 09:32 - 2015-02-03 16:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-17 09:32 - 2015-02-03 16:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-17 09:32 - 2014-11-01 11:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-17 09:31 - 2015-02-03 16:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-17 09:31 - 2015-02-03 16:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-17 09:31 - 2015-02-03 16:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-17 09:31 - 2015-02-03 16:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-17 09:31 - 2015-02-03 16:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-17 09:31 - 2015-02-03 16:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-17 09:31 - 2015-02-03 16:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-17 09:31 - 2015-02-03 16:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-17 09:31 - 2015-02-03 16:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-17 09:31 - 2015-02-03 16:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-17 09:31 - 2015-02-03 16:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-17 09:31 - 2015-02-03 16:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-17 09:31 - 2015-02-03 16:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-17 09:31 - 2015-02-03 16:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-17 09:31 - 2015-02-03 16:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-17 09:31 - 2015-02-03 16:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-17 09:31 - 2015-02-03 16:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-17 09:31 - 2015-02-03 16:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-17 09:31 - 2015-02-03 16:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-17 09:31 - 2015-02-03 16:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-17 09:31 - 2015-02-03 16:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-17 09:31 - 2015-02-03 16:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-17 09:31 - 2015-02-03 16:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-17 09:31 - 2015-02-03 16:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-17 09:31 - 2015-02-03 16:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-17 09:30 - 2015-02-03 16:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-17 09:30 - 2015-02-03 16:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-17 09:30 - 2015-02-03 16:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-17 09:30 - 2015-02-03 16:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-17 09:30 - 2015-02-03 16:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-17 09:30 - 2015-02-03 16:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-17 09:30 - 2015-02-03 16:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-17 09:30 - 2015-02-03 16:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-17 09:30 - 2015-02-03 16:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-17 09:30 - 2015-02-03 16:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-17 09:30 - 2015-02-03 16:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-17 09:30 - 2015-02-03 16:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-17 09:30 - 2015-02-03 16:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-17 09:30 - 2015-02-03 16:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-17 09:30 - 2015-02-03 15:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-17 09:22 - 2015-03-06 18:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-17 09:22 - 2015-03-06 18:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-17 09:22 - 2015-03-06 18:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-17 09:22 - 2015-03-06 18:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-17 09:22 - 2015-03-06 18:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-17 09:22 - 2015-03-06 18:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-17 09:22 - 2015-03-06 18:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-17 09:22 - 2015-03-06 18:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-17 09:22 - 2015-03-06 18:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-17 09:22 - 2015-03-06 18:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-17 09:22 - 2015-03-06 18:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-17 09:22 - 2015-03-06 18:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-17 09:22 - 2015-03-06 18:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-17 09:22 - 2015-03-06 18:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-17 09:22 - 2015-03-06 18:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-17 09:22 - 2015-03-06 18:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-17 09:22 - 2015-03-06 18:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-17 09:22 - 2015-03-06 18:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-17 09:22 - 2015-03-06 18:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-17 09:22 - 2015-03-06 18:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-17 09:22 - 2015-03-06 18:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-17 09:22 - 2015-01-31 12:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-17 09:21 - 2015-03-06 18:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-17 09:21 - 2015-03-06 18:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-17 09:21 - 2015-03-06 18:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-17 09:21 - 2015-03-06 18:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-17 09:21 - 2015-03-06 18:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-17 09:21 - 2015-03-06 18:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-17 09:21 - 2015-03-06 18:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-17 09:21 - 2015-03-06 18:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-17 09:21 - 2015-03-06 18:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-17 09:21 - 2015-03-06 18:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-17 09:17 - 2015-02-20 16:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-17 09:17 - 2015-02-03 16:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-17 09:17 - 2015-02-03 16:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-17 09:16 - 2015-02-20 17:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-17 09:16 - 2015-02-20 17:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-17 09:16 - 2015-02-20 17:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-17 09:16 - 2015-02-20 17:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-17 09:16 - 2015-02-20 17:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-17 09:16 - 2015-02-20 17:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-17 09:16 - 2015-02-20 17:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-17 09:16 - 2015-02-20 17:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-17 09:16 - 2015-02-20 16:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-17 09:16 - 2015-02-13 18:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-17 09:16 - 2015-02-13 18:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-17 09:13 - 2015-02-03 16:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-17 09:13 - 2015-02-03 16:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-17 09:13 - 2015-01-31 16:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-17 09:13 - 2015-01-31 16:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-17 09:13 - 2015-01-31 12:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-17 09:12 - 2015-02-26 16:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-17 08:52 - 2015-02-04 16:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-17 08:52 - 2015-02-04 15:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-08 20:53 - 2015-03-08 20:53 - 00001717 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-03-08 20:53 - 2015-03-08 20:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-03-08 20:52 - 2015-03-08 20:53 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-03-08 20:52 - 2015-03-08 20:53 - 00000000 ____D () C:\Program Files\iTunes
2015-03-08 20:52 - 2015-03-08 20:52 - 00000000 ____D () C:\Program Files\iPod
2015-03-08 20:52 - 2015-03-08 20:52 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-03-06 08:17 - 2015-03-06 08:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-31 22:07 - 2014-01-08 10:22 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-31 22:03 - 2014-01-08 10:22 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-31 20:13 - 2009-07-14 17:45 - 00017600 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-31 20:13 - 2009-07-14 17:45 - 00017600 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-31 20:10 - 2009-11-15 06:13 - 00703476 _____ () C:\Windows\system32\perfh007.dat
2015-03-31 20:10 - 2009-11-15 06:13 - 00151084 _____ () C:\Windows\system32\perfc007.dat
2015-03-31 20:10 - 2009-11-14 21:24 - 01614507 _____ () C:\Windows\WindowsUpdate.log
2015-03-31 20:10 - 2009-07-14 18:13 - 01630508 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-31 20:05 - 2009-07-14 18:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-31 20:04 - 2011-02-25 21:54 - 00126567 _____ () C:\Windows\setupact.log
2015-03-31 18:42 - 2015-02-12 18:24 - 00000050 _____ () C:\Windows\astplus.ini
2015-03-31 15:33 - 2014-11-05 20:06 - 00000000 ____D () C:\Users\Heiko\.gimp-2.8
2015-03-31 15:00 - 2014-11-05 20:21 - 00000000 ____D () C:\Users\Heiko\AppData\Local\gtk-2.0
2015-03-31 14:05 - 2014-02-06 09:40 - 00004184 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-03-28 11:11 - 2014-06-07 10:26 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-28 11:10 - 2014-11-08 09:15 - 00001110 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-28 11:10 - 2014-06-07 10:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-03-28 11:10 - 2014-06-07 10:25 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-03-27 12:40 - 2011-02-25 21:54 - 00258046 _____ () C:\Windows\PFRO.log
2015-03-27 12:23 - 2009-07-14 15:34 - 00000292 _____ () C:\Windows\system.ini
2015-03-27 11:58 - 2015-01-29 18:08 - 645570586 _____ () C:\Windows\MEMORY.DMP
2015-03-27 11:58 - 2011-11-29 23:20 - 00000000 ____D () C:\Windows\Minidump
2015-03-27 11:57 - 2014-02-03 23:04 - 00000000 ____D () C:\Windows\erdnt
2015-03-26 12:32 - 2009-10-29 06:36 - 00000000 ____D () C:\Windows\oem
2015-03-24 21:40 - 2009-12-30 01:44 - 00000000 ____D () C:\Users\Heiko
2015-03-24 21:29 - 2014-02-07 14:05 - 00000000 ____D () C:\Users\Heiko\AppData\Roaming\BitTorrent
2015-03-24 09:21 - 2014-11-19 15:35 - 00000000 ____D () C:\Users\Heiko\Documents\Outlook Files
2015-03-24 09:21 - 2009-07-14 18:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-24 09:18 - 2009-12-31 04:56 - 00000000 ____D () C:\Program Files\Zubehör
2015-03-24 09:17 - 2010-04-19 21:59 - 00000000 ____D () C:\Program Files (x86)\Zattoo4
2015-03-24 09:17 - 2009-10-29 06:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2015-03-24 09:17 - 2009-10-29 06:36 - 00000000 ____D () C:\Program Files (x86)\Acer
2015-03-23 23:34 - 2009-07-14 16:20 - 00000000 ____D () C:\Windows\Web
2015-03-23 20:53 - 2014-08-18 10:22 - 00000000 ____D () C:\Users\Heiko\AppData\Local\Adobe
2015-03-23 20:27 - 2009-12-30 01:45 - 00001429 _____ () C:\Users\Heiko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-23 20:07 - 2009-07-14 18:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-23 20:06 - 2012-05-09 18:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-22 22:25 - 2009-12-30 06:37 - 00002358 ____H () C:\Users\Heiko\Documents\Default.rdp
2015-03-22 20:18 - 2014-02-01 18:03 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-03-22 07:24 - 2013-10-07 10:39 - 00000000 ____D () C:\Users\Gast
2015-03-22 07:23 - 2009-07-14 16:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-22 07:23 - 2009-07-14 16:20 - 00000000 ____D () C:\Windows\registration
2015-03-22 07:23 - 2009-07-14 16:20 - 00000000 ____D () C:\Windows\AppCompat
2015-03-21 10:43 - 2014-04-27 16:11 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-03-21 10:43 - 2013-12-29 21:47 - 00136752 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-03-21 10:43 - 2013-03-14 11:09 - 00268640 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-03-21 10:43 - 2013-03-14 11:09 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-03-21 10:43 - 2012-02-25 21:27 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-03-21 10:43 - 2009-12-30 09:01 - 00441728 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-03-21 10:43 - 2009-12-30 09:01 - 00088408 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-03-21 10:42 - 2011-03-14 07:00 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-03-21 10:40 - 2009-07-14 18:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-03-21 10:33 - 2014-11-22 08:27 - 00001897 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-03-17 18:55 - 2014-04-24 16:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Computer Troubleshooters Calling Card
2015-03-17 12:29 - 2009-07-14 16:20 - 00000000 ____D () C:\Windows\rescache
2015-03-17 10:54 - 2009-07-14 17:45 - 00450496 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-17 10:50 - 2009-07-14 16:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-17 10:50 - 2009-07-14 16:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-17 10:45 - 2009-10-29 18:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-17 10:28 - 2014-04-24 15:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-03-17 10:28 - 2009-07-14 15:34 - 00000510 _____ () C:\Windows\win.ini
2015-03-17 10:26 - 2013-07-11 18:58 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-17 10:11 - 2009-12-30 01:59 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-17 09:48 - 2015-02-12 18:24 - 00001751 _____ () C:\Users\Public\Desktop\Astroplus.lnk
2015-03-17 09:48 - 2015-02-12 18:24 - 00001741 _____ () C:\Users\Public\Desktop\Astroplus (classic Design).lnk
2015-03-17 09:48 - 2015-02-12 18:24 - 00000872 _____ () C:\Users\Public\Desktop\Planetary Hours.lnk
2015-03-17 09:48 - 2015-02-12 18:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Astrocontact Astroplus
2015-03-17 06:15 - 2014-06-07 10:25 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-17 06:15 - 2014-06-07 10:25 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-17 06:15 - 2014-01-24 00:04 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-08 20:52 - 2010-09-23 09:08 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-03-06 21:40 - 2010-01-04 19:57 - 00000000 ____D () C:\Users\Heiko\AppData\Roaming\Skype
2015-03-06 08:17 - 2014-03-01 21:01 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-03-06 08:17 - 2010-01-04 19:57 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-06 08:17 - 2010-01-04 19:57 - 00000000 ____D () C:\ProgramData\Skype
2015-03-05 12:53 - 2009-07-14 18:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-04 02:17 - 2009-12-30 01:58 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2010-01-27 08:43 - 2010-01-27 08:43 - 0000034 _____ () C:\Users\Heiko\AppData\Roaming\pcouffin.log
2010-01-27 08:42 - 2010-01-27 08:42 - 0082816 _____ (VSO Software) C:\Users\Heiko\AppData\Roaming\pcouffin.sys
2010-01-17 01:40 - 2010-01-17 01:40 - 0003584 _____ () C:\Users\Heiko\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-27 03:38 - 2013-10-27 03:38 - 0004096 ____H () C:\Users\Heiko\AppData\Local\keyfile3.drm
2015-03-24 09:18 - 2015-03-24 09:20 - 0014191 _____ () C:\Users\Heiko\AppData\Local\MyWinLockerInstaller.txt-20150324.log
2015-03-31 15:00 - 2015-03-31 15:00 - 0007890 _____ () C:\Users\Heiko\AppData\Local\recently-used.xbel
2010-06-11 23:01 - 2013-12-30 08:25 - 0017408 _____ () C:\Users\Heiko\AppData\Local\WebpageIcons.db
2014-01-08 21:39 - 2014-01-08 21:39 - 0000057 _____ () C:\ProgramData\Ament.ini
2009-11-14 21:25 - 2009-11-14 21:28 - 0008308 _____ () C:\ProgramData\ArcadeDeluxe3.log
2010-01-04 19:59 - 2010-01-04 19:59 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2009-10-29 18:58 - 2009-07-18 14:57 - 0036136 _____ (Oberon Media) C:\ProgramData\FullRemove.exe

Some content of TEMP:
====================
C:\Users\Heiko\AppData\Local\Temp\Quarantine.exe
C:\Users\Heiko\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-25 00:14

==================== End Of Log ============================

--- --- ---

--- --- ---

Kermit1973 · 31.03.2015, 11:30

und der zweite Teil da zu lang...

Und nochmal das FRST nachdem ich Java geloescht und neu installiert habe und die fixlist datei angewendet habe:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Heiko (administrator) on HEIKO-NOTEBOOK on 31-03-2015 22:45:41
Running from C:\Users\Heiko\Desktop
Loaded Profiles: Heiko (Available profiles: Heiko & Gast)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avast Software s.r.o.) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcServiceHost.exe
(eFolder) C:\Program Files (x86)\Filecloud\bin\agent_service.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Windows\PLFSetI.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Alcatel-Lucent) C:\Program Files\tcnz\pcTrayApp.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Elgato Systems) C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(eFolder) C:\Program Files (x86)\Filecloud\bin\agent_gui.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicatorCom.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Acer Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
(Avast Software s.r.o.) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avast Software s.r.o.) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8060960 2009-08-06] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-18] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2009-11-14] ()
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [823840 2009-10-01] (Acer Incorporated)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-02] (Microsoft Corporation)
HKLM\...\Run: [tcnz_McciTrayApp] => C:\Program Files\tcnz\pcTrayApp.exe [2782720 2013-07-26] (Alcatel-Lucent)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-05-24] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1094736 2009-11-02] (Dritek System Inc.)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] => C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [419112 2009-10-07] (CyberLink Corp.)
HKLM-x32\...\Run: [PlayMovie] => C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [181480 2009-10-06] (Acer Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-27] (Microsoft Corporation)
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-28] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641664 2012-04-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [10752 2012-02-21] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5511352 2015-03-21] (Avast Software s.r.o.)
HKLM-x32\...\Run: [RegKillElbyCheck] => C:\Program Files (x86)\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe [45056 2002-11-02] (Elaborate Bytes AG)
HKLM-x32\...\Run: [RegKillTray] => C:\Program Files (x86)\Elaborate Bytes\DVD Region Killer\RegKillTray.exe [49152 2002-11-28] (Elaborate Bytes)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKU\S-1-5-21-3175191187-1249783048-3626377888-1000\...\Run: [Remote Control Editor] => C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe [1844296 2011-11-10] (Elgato Systems)
HKU\S-1-5-21-3175191187-1249783048-3626377888-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-3175191187-1249783048-3626377888-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> c:\windows\system32\ACER.SCR [438272 2009-07-08] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Filecloud.lnk
ShortcutTarget: Filecloud.lnk -> C:\Program Files (x86)\Filecloud\bin\agent_gui.exe (eFolder)
Startup: C:\Users\Heiko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet 6700\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [00-Zukmo-SyncFileModified] -> {23939489-8B41-45ec-90F3-BD36A9644006} =>  No File
ShellIconOverlayIdentifiers: [00-Zukmo-SyncFileSuccess] -> {23939488-8B41-45ec-90F3-BD36A9644006} =>  No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShA64.dll (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [AnchorOverlayAttention] -> {40D1DAA7-9CB5-4DB7-8610-A814EDB003A5} => C:\Program Files (x86)\Filecloud\bin\x64\anchoroverlay.dll (eFolder)
ShellIconOverlayIdentifiers: [AnchorOverlayLockedSynced] -> {5B05543A-73D8-4D80-97F9-13F471224DD8} => C:\Program Files (x86)\Filecloud\bin\x64\anchoroverlay.dll (eFolder)
ShellIconOverlayIdentifiers: [AnchorOverlayLockedSyncing] -> {1C514AC9-A6B4-4692-A18E-9A2EE0B4E277} => C:\Program Files (x86)\Filecloud\bin\x64\anchoroverlay.dll (eFolder)
ShellIconOverlayIdentifiers: [AnchorOverlaySynced] -> {56E89524-684C-4352-B350-F97A7377DD64} => C:\Program Files (x86)\Filecloud\bin\x64\anchoroverlay.dll (eFolder)
ShellIconOverlayIdentifiers: [AnchorOverlaySyncing] -> {C6B3FD8D-C629-4A7F-AF73-9ABB59AF029D} => C:\Program Files (x86)\Filecloud\bin\x64\anchoroverlay.dll (eFolder)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Heiko\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Heiko\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Heiko\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Heiko\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3175191187-1249783048-3626377888-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3175191187-1249783048-3626377888-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3175191187-1249783048-3626377888-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.spiegel.de/
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3175191187-1249783048-3626377888-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll [2015-03-21] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-27] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-24] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2015-03-21] (Avast Software s.r.o.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-24] (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll [2011-06-25] (TerraTec Electronic GmbH)
DPF: HKLM-x32 {2D36AF92-04D3-11D8-B719-0000865F231B} https://my.sabre.com/jars/TMinReqX.dll
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-04-09] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 0.0.0.0

FireFox:
========
FF ProfilePath: C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\532md588.default-1422251137045
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-23] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-23] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2013-07-26] (Alcatel-Lucent)
FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll [2013-07-26] (Alcatel-Lucent)
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer -> C:\Windows\system32\TVUAx\npTVUAx.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-11] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-11] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npDivxPlayerPlugin.dll [2009-11-14] (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-27] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-10-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-10-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-10-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-10-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-10-26] (Apple Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-03-22]
FF Extension: Motive Extension - C:\Program Files (x86)\Mozilla Firefox\extensions\mcciwbch@motive.com.xpi [2015-03-22]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-03-14]

Chrome: 
=======
CHR Profile: C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-08]
CHR Extension: (Google Drive) - C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-08]
CHR Extension: (YouTube) - C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-08]
CHR Extension: (Google Search) - C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-08]
CHR Extension: (Motive Extension) - C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec [2014-03-12]
CHR Extension: (Avast Online Security) - C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-10]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-17]
CHR Extension: (Google Wallet) - C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-08]
CHR Extension: (Gmail) - C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-08]
CHR HKLM-x32\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx [2014-03-12]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2015-03-18]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [343336 2015-03-21] (Avast Software s.r.o.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-14] (Microsoft Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
S3 OpenVPNService; C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe [37176 2014-04-15] (The OpenVPN Project)
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460288 2013-07-26] (Alcatel-Lucent) [File not signed]
R2 pcServiceHost; C:\Program Files\Common Files\Motive\pcServiceHost.exe [342528 2013-07-26] (Alcatel-Lucent) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SyncedTool; C:\Program Files (x86)\Filecloud\bin\agent_service.exe [8190648 2015-02-27] (eFolder)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 HsspConfig; C:\Windows\system32\CfgSrvc.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31968 2012-10-08] (Wondershare)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-03-21] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-03-21] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-03-21] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-03-21] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-03-21] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [441728 2015-03-21] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-03-21] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [268640 2015-03-21] ()
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310984 2010-12-30] ()
S2 ElbyCDIO; C:\Windows\SysWOW64\Drivers\ElbyCDIO.sys [16320 2002-11-30] (Elaborate Bytes AG) [File not signed]
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [132608 2009-06-30] (Huawei Technologies Co., Ltd.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [42696 2010-12-30] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [631360 2009-11-17] (DiBcom SA)
S3 MODRC; C:\Windows\System32\DRIVERS\modrc.sys [23744 2009-11-17] (DiBcom S.A.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2013-07-26] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2013-07-26] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2013-07-26] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2013-07-26] (Printing Communications Assoc., Inc. (PCAUSA))
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S3 RegKill; C:\Windows\SysWOW64\Drivers\RegKill.sys [6400 2002-11-28] (Elaborate Bytes) [File not signed]
S3 StarOpen; No ImagePath
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl [146928 2009-10-06] (CyberLink Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 upperdev; system32\DRIVERS\usbser_lowerfltx64.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-31 15:00 - 2015-03-31 15:00 - 00007890 _____ () C:\Users\Heiko\AppData\Local\recently-used.xbel
2015-03-30 16:13 - 2015-03-30 16:13 - 00001172 _____ () C:\Users\Heiko\Desktop\checkup.txt
2015-03-30 16:09 - 2015-03-30 16:09 - 00852604 _____ () C:\Users\Heiko\Desktop\SecurityCheck.exe
2015-03-30 16:08 - 2015-03-30 15:25 - 00001914 _____ () C:\Users\Heiko\Desktop\eset.txt
2015-03-30 11:20 - 2015-03-30 11:20 - 02347384 _____ (ESET) C:\Users\Heiko\Desktop\esetsmartinstaller_deu.exe
2015-03-28 14:05 - 2015-03-28 14:05 - 00000814 _____ () C:\Users\Heiko\Desktop\JRT.txt
2015-03-28 13:56 - 2015-03-28 13:57 - 01388782 _____ (Thisisu) C:\Users\Heiko\Desktop\JRT.exe
2015-03-28 13:54 - 2015-03-28 13:54 - 00001192 _____ () C:\Users\Heiko\Desktop\AdwCleaner[S2].txt
2015-03-28 11:49 - 2015-03-28 11:49 - 00001207 _____ () C:\Users\Heiko\Desktop\mbam.txt
2015-03-28 11:07 - 2015-03-28 11:09 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Heiko\Desktop\mbam-setup-2.1.4.1018.exe
2015-03-27 12:39 - 2015-03-27 12:39 - 00028301 _____ () C:\Users\Heiko\Desktop\combofix.txt
2015-03-27 12:28 - 2015-03-27 12:28 - 00028301 _____ () C:\ComboFix.txt
2015-03-27 12:06 - 2015-03-27 12:28 - 00000000 ____D () C:\Qoobox
2015-03-27 12:06 - 2011-06-26 19:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-27 12:06 - 2010-11-08 06:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-27 12:06 - 2009-04-20 17:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-27 12:06 - 2000-08-31 13:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-27 12:06 - 2000-08-31 13:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-27 12:06 - 2000-08-31 13:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-27 12:06 - 2000-08-31 13:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-27 12:06 - 2000-08-31 13:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-27 11:58 - 2015-03-27 11:58 - 00276216 _____ () C:\Windows\Minidump\032715-36629-01.dmp
2015-03-27 11:55 - 2015-03-27 11:56 - 05615749 ____R (Swearware) C:\Users\Heiko\Desktop\ComboFix.exe
2015-03-26 14:05 - 2015-03-26 14:05 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Heiko\Desktop\tdsskiller.exe
2015-03-26 12:46 - 2015-03-26 14:03 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-26 12:43 - 2015-03-26 14:03 - 00000000 ____D () C:\Users\Heiko\Desktop\mbar
2015-03-26 12:40 - 2015-03-26 12:42 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Heiko\Desktop\mbar-1.09.1.1004.exe
2015-03-24 21:59 - 2015-03-24 22:01 - 00003356 _____ () C:\Users\Heiko\Desktop\Anti malwarebyte1.txt
2015-03-24 21:58 - 2015-03-24 21:57 - 00194854 _____ () C:\Users\Heiko\Desktop\gmer.txt
2015-03-24 21:57 - 2015-03-24 21:57 - 00194854 _____ () C:\Users\Heiko\Documents\gmer.txt
2015-03-24 21:42 - 2015-03-24 21:43 - 00044339 _____ () C:\Users\Heiko\Desktop\Addition.txt
2015-03-24 21:41 - 2015-03-31 22:45 - 00027574 _____ () C:\Users\Heiko\Desktop\FRST.txt
2015-03-24 21:41 - 2015-03-31 22:45 - 00000000 ____D () C:\FRST
2015-03-24 21:40 - 2015-03-24 21:40 - 00000472 _____ () C:\Users\Heiko\Desktop\defogger_disable.log
2015-03-24 21:40 - 2015-03-24 21:40 - 00000000 _____ () C:\Users\Heiko\defogger_reenable
2015-03-24 21:38 - 2015-03-24 21:39 - 00380416 _____ () C:\Users\Heiko\Desktop\Gmer-19357.exe
2015-03-24 21:38 - 2015-03-24 21:38 - 02095616 _____ (Farbar) C:\Users\Heiko\Desktop\FRST64.exe
2015-03-24 21:38 - 2015-03-24 21:38 - 01135104 _____ (Farbar) C:\Users\Heiko\Desktop\FRST.exe
2015-03-24 21:37 - 2015-03-24 21:37 - 00050477 _____ () C:\Users\Heiko\Desktop\Defogger.exe
2015-03-24 09:18 - 2015-03-24 09:20 - 00014191 _____ () C:\Users\Heiko\AppData\Local\MyWinLockerInstaller.txt-20150324.log
2015-03-24 00:02 - 2015-03-24 00:02 - 00276016 _____ () C:\Windows\Minidump\032415-22682-01.dmp
2015-03-23 20:56 - 2015-03-28 11:49 - 02168320 _____ () C:\Users\Heiko\Desktop\adwcleaner_4.113.exe
2015-03-23 20:52 - 2015-03-23 20:52 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-23 20:52 - 2015-03-23 20:52 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-23 20:26 - 2015-03-23 20:27 - 00000000 ____D () C:\Users\Heiko\AppData\Roaming\Opera Software
2015-03-23 20:26 - 2015-03-23 20:27 - 00000000 ____D () C:\Users\Heiko\AppData\Local\Opera Software
2015-03-23 20:23 - 2015-03-23 20:27 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-03-22 10:41 - 2015-03-22 10:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-21 10:43 - 2015-03-21 10:43 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-03-21 10:43 - 2015-03-21 10:43 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-03-21 10:33 - 2015-03-21 10:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-03-17 15:46 - 2015-03-28 13:47 - 00000000 ____D () C:\AdwCleaner
2015-03-17 09:48 - 2004-03-09 00:00 - 00440352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSHFLXGD.OCX
2015-03-17 09:35 - 2015-01-17 15:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-17 09:35 - 2015-01-17 15:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-17 09:34 - 2015-02-24 16:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-17 09:34 - 2015-02-24 15:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-17 09:34 - 2015-02-21 14:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-17 09:34 - 2015-02-21 13:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-17 09:34 - 2015-02-21 13:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-17 09:34 - 2015-02-21 13:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-17 09:34 - 2015-02-21 13:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-17 09:34 - 2015-02-21 12:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-17 09:34 - 2015-02-21 12:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-17 09:34 - 2015-02-20 16:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-17 09:34 - 2015-02-20 16:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-17 09:34 - 2015-02-20 15:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-17 09:34 - 2015-02-20 15:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-17 09:34 - 2015-02-20 15:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-17 09:34 - 2015-02-20 15:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-17 09:34 - 2015-02-20 15:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-17 09:34 - 2015-02-20 15:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-17 09:34 - 2015-02-20 15:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-17 09:34 - 2015-02-20 15:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-17 09:34 - 2015-02-20 15:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-17 09:34 - 2015-02-20 15:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-17 09:34 - 2015-02-20 15:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-17 09:34 - 2015-02-20 15:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-17 09:34 - 2015-02-20 15:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-17 09:34 - 2015-02-20 15:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-17 09:34 - 2015-02-20 15:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-17 09:34 - 2015-02-20 15:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-17 09:34 - 2015-02-20 15:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-17 09:34 - 2015-02-20 15:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-17 09:34 - 2015-02-20 15:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-17 09:34 - 2015-02-20 15:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-17 09:34 - 2015-02-20 15:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-17 09:34 - 2015-02-20 15:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-17 09:34 - 2015-02-20 15:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-17 09:34 - 2015-02-20 15:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-17 09:34 - 2015-02-20 15:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-17 09:34 - 2015-02-20 14:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-17 09:34 - 2015-02-20 14:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-17 09:34 - 2015-02-20 14:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-17 09:34 - 2015-02-20 14:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-17 09:34 - 2015-02-20 14:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-17 09:34 - 2015-02-20 14:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-17 09:34 - 2015-02-20 14:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-17 09:34 - 2015-02-20 14:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-17 09:34 - 2015-02-20 14:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-17 09:34 - 2015-02-20 14:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-17 09:34 - 2015-02-20 14:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-17 09:34 - 2015-02-20 14:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-17 09:34 - 2015-02-20 14:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-17 09:34 - 2015-02-20 14:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-17 09:34 - 2015-02-20 14:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-17 09:34 - 2015-02-20 14:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-17 09:34 - 2015-02-20 14:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-17 09:34 - 2015-02-20 14:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-17 09:34 - 2015-02-20 13:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-17 09:34 - 2015-02-20 13:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-17 09:33 - 2015-02-03 16:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-17 09:33 - 2015-02-03 16:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-17 09:33 - 2015-02-03 16:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-17 09:33 - 2015-02-03 16:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-17 09:33 - 2015-02-03 16:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-17 09:33 - 2015-02-03 16:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-17 09:33 - 2015-02-03 16:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-17 09:33 - 2015-02-03 16:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-17 09:33 - 2015-02-03 16:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-17 09:33 - 2015-02-03 16:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-17 09:33 - 2015-02-03 16:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-17 09:33 - 2015-02-03 16:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-17 09:33 - 2015-02-03 16:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-17 09:33 - 2015-02-03 16:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-17 09:32 - 2015-02-03 16:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-17 09:32 - 2015-02-03 16:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-17 09:32 - 2015-02-03 16:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-17 09:32 - 2015-02-03 16:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-17 09:32 - 2015-02-03 16:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-17 09:32 - 2015-02-03 16:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-17 09:32 - 2015-02-03 16:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-17 09:32 - 2015-02-03 16:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-17 09:32 - 2015-02-03 16:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-17 09:32 - 2015-02-03 16:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-17 09:32 - 2015-02-03 16:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-17 09:32 - 2015-02-03 16:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-17 09:32 - 2015-02-03 16:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-17 09:32 - 2015-02-03 16:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-17 09:32 - 2015-02-03 16:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-17 09:32 - 2015-02-03 16:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-17 09:32 - 2015-02-03 16:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-17 09:32 - 2015-02-03 16:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-17 09:32 - 2015-02-03 16:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-17 09:32 - 2015-02-03 16:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-17 09:32 - 2015-02-03 16:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-17 09:32 - 2015-02-03 16:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-17 09:32 - 2015-02-03 16:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-17 09:32 - 2015-02-03 16:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-17 09:32 - 2015-02-03 16:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-17 09:32 - 2015-02-03 16:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-17 09:32 - 2015-02-03 16:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-17 09:32 - 2015-02-03 16:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-17 09:32 - 2015-02-03 16:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-17 09:32 - 2015-02-03 16:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-17 09:32 - 2015-02-03 16:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-17 09:32 - 2015-02-03 16:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-17 09:32 - 2015-02-03 16:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-17 09:32 - 2015-02-03 16:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-17 09:32 - 2015-02-03 16:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-17 09:32 - 2014-11-01 11:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-17 09:31 - 2015-02-03 16:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-17 09:31 - 2015-02-03 16:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-17 09:31 - 2015-02-03 16:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-17 09:31 - 2015-02-03 16:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-17 09:31 - 2015-02-03 16:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-17 09:31 - 2015-02-03 16:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-17 09:31 - 2015-02-03 16:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-17 09:31 - 2015-02-03 16:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-17 09:31 - 2015-02-03 16:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-17 09:31 - 2015-02-03 16:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-17 09:31 - 2015-02-03 16:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-17 09:31 - 2015-02-03 16:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-17 09:31 - 2015-02-03 16:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-17 09:31 - 2015-02-03 16:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-17 09:31 - 2015-02-03 16:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-17 09:31 - 2015-02-03 16:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-17 09:31 - 2015-02-03 16:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-17 09:31 - 2015-02-03 16:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-17 09:31 - 2015-02-03 16:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-17 09:31 - 2015-02-03 16:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-17 09:31 - 2015-02-03 16:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-17 09:31 - 2015-02-03 16:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-17 09:31 - 2015-02-03 16:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-17 09:31 - 2015-02-03 16:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-17 09:31 - 2015-02-03 16:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-17 09:30 - 2015-02-03 16:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-17 09:30 - 2015-02-03 16:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-17 09:30 - 2015-02-03 16:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-17 09:30 - 2015-02-03 16:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-17 09:30 - 2015-02-03 16:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-17 09:30 - 2015-02-03 16:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-17 09:30 - 2015-02-03 16:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-17 09:30 - 2015-02-03 16:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-17 09:30 - 2015-02-03 16:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-17 09:30 - 2015-02-03 16:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-17 09:30 - 2015-02-03 16:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-17 09:30 - 2015-02-03 16:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-17 09:30 - 2015-02-03 16:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-17 09:30 - 2015-02-03 16:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-17 09:30 - 2015-02-03 15:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-17 09:22 - 2015-03-06 18:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-17 09:22 - 2015-03-06 18:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-17 09:22 - 2015-03-06 18:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-17 09:22 - 2015-03-06 18:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-17 09:22 - 2015-03-06 18:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-17 09:22 - 2015-03-06 18:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-17 09:22 - 2015-03-06 18:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-17 09:22 - 2015-03-06 18:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-17 09:22 - 2015-03-06 18:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-17 09:22 - 2015-03-06 18:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-17 09:22 - 2015-03-06 18:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-17 09:22 - 2015-03-06 18:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-17 09:22 - 2015-03-06 18:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-17 09:22 - 2015-03-06 18:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-17 09:22 - 2015-03-06 18:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-17 09:22 - 2015-03-06 18:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-17 09:22 - 2015-03-06 18:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-17 09:22 - 2015-03-06 18:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-17 09:22 - 2015-03-06 18:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-17 09:22 - 2015-03-06 18:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-17 09:22 - 2015-03-06 18:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-17 09:22 - 2015-01-31 12:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-17 09:21 - 2015-03-06 18:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-17 09:21 - 2015-03-06 18:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-17 09:21 - 2015-03-06 18:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-17 09:21 - 2015-03-06 18:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-17 09:21 - 2015-03-06 18:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-17 09:21 - 2015-03-06 18:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-17 09:21 - 2015-03-06 18:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-17 09:21 - 2015-03-06 18:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-17 09:21 - 2015-03-06 18:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-17 09:21 - 2015-03-06 18:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-17 09:17 - 2015-02-20 16:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-17 09:17 - 2015-02-03 16:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-17 09:17 - 2015-02-03 16:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-17 09:16 - 2015-02-20 17:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-17 09:16 - 2015-02-20 17:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-17 09:16 - 2015-02-20 17:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-17 09:16 - 2015-02-20 17:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-17 09:16 - 2015-02-20 17:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-17 09:16 - 2015-02-20 17:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-17 09:16 - 2015-02-20 17:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-17 09:16 - 2015-02-20 17:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-17 09:16 - 2015-02-20 16:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-17 09:16 - 2015-02-13 18:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-17 09:16 - 2015-02-13 18:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-17 09:13 - 2015-02-03 16:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-17 09:13 - 2015-02-03 16:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-17 09:13 - 2015-01-31 16:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-17 09:13 - 2015-01-31 16:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-17 09:13 - 2015-01-31 12:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-17 09:12 - 2015-02-26 16:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-17 08:52 - 2015-02-04 16:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-17 08:52 - 2015-02-04 15:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-08 20:53 - 2015-03-08 20:53 - 00001717 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-03-08 20:53 - 2015-03-08 20:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-03-08 20:52 - 2015-03-08 20:53 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-03-08 20:52 - 2015-03-08 20:53 - 00000000 ____D () C:\Program Files\iTunes
2015-03-08 20:52 - 2015-03-08 20:52 - 00000000 ____D () C:\Program Files\iPod
2015-03-08 20:52 - 2015-03-08 20:52 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-03-06 08:17 - 2015-03-06 08:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-31 22:07 - 2014-01-08 10:22 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-31 22:03 - 2014-01-08 10:22 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-31 20:13 - 2009-07-14 17:45 - 00017600 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-31 20:13 - 2009-07-14 17:45 - 00017600 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-31 20:10 - 2009-11-15 06:13 - 00703476 _____ () C:\Windows\system32\perfh007.dat
2015-03-31 20:10 - 2009-11-15 06:13 - 00151084 _____ () C:\Windows\system32\perfc007.dat
2015-03-31 20:10 - 2009-11-14 21:24 - 01614507 _____ () C:\Windows\WindowsUpdate.log
2015-03-31 20:10 - 2009-07-14 18:13 - 01630508 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-31 20:05 - 2009-07-14 18:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-31 20:04 - 2011-02-25 21:54 - 00126567 _____ () C:\Windows\setupact.log
2015-03-31 18:42 - 2015-02-12 18:24 - 00000050 _____ () C:\Windows\astplus.ini
2015-03-31 15:33 - 2014-11-05 20:06 - 00000000 ____D () C:\Users\Heiko\.gimp-2.8
2015-03-31 15:00 - 2014-11-05 20:21 - 00000000 ____D () C:\Users\Heiko\AppData\Local\gtk-2.0
2015-03-31 14:05 - 2014-02-06 09:40 - 00004184 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-03-28 11:11 - 2014-06-07 10:26 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-28 11:10 - 2014-11-08 09:15 - 00001110 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-28 11:10 - 2014-06-07 10:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-03-28 11:10 - 2014-06-07 10:25 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-03-27 12:40 - 2011-02-25 21:54 - 00258046 _____ () C:\Windows\PFRO.log
2015-03-27 12:23 - 2009-07-14 15:34 - 00000292 _____ () C:\Windows\system.ini
2015-03-27 11:58 - 2015-01-29 18:08 - 645570586 _____ () C:\Windows\MEMORY.DMP
2015-03-27 11:58 - 2011-11-29 23:20 - 00000000 ____D () C:\Windows\Minidump
2015-03-27 11:57 - 2014-02-03 23:04 - 00000000 ____D () C:\Windows\erdnt
2015-03-26 12:32 - 2009-10-29 06:36 - 00000000 ____D () C:\Windows\oem
2015-03-24 21:40 - 2009-12-30 01:44 - 00000000 ____D () C:\Users\Heiko
2015-03-24 21:29 - 2014-02-07 14:05 - 00000000 ____D () C:\Users\Heiko\AppData\Roaming\BitTorrent
2015-03-24 09:21 - 2014-11-19 15:35 - 00000000 ____D () C:\Users\Heiko\Documents\Outlook Files
2015-03-24 09:21 - 2009-07-14 18:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-24 09:18 - 2009-12-31 04:56 - 00000000 ____D () C:\Program Files\Zubehör
2015-03-24 09:17 - 2010-04-19 21:59 - 00000000 ____D () C:\Program Files (x86)\Zattoo4
2015-03-24 09:17 - 2009-10-29 06:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2015-03-24 09:17 - 2009-10-29 06:36 - 00000000 ____D () C:\Program Files (x86)\Acer
2015-03-23 23:34 - 2009-07-14 16:20 - 00000000 ____D () C:\Windows\Web
2015-03-23 20:53 - 2014-08-18 10:22 - 00000000 ____D () C:\Users\Heiko\AppData\Local\Adobe
2015-03-23 20:27 - 2009-12-30 01:45 - 00001429 _____ () C:\Users\Heiko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-23 20:07 - 2009-07-14 18:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-23 20:06 - 2012-05-09 18:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-22 22:25 - 2009-12-30 06:37 - 00002358 ____H () C:\Users\Heiko\Documents\Default.rdp
2015-03-22 20:18 - 2014-02-01 18:03 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-03-22 07:24 - 2013-10-07 10:39 - 00000000 ____D () C:\Users\Gast
2015-03-22 07:23 - 2009-07-14 16:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-22 07:23 - 2009-07-14 16:20 - 00000000 ____D () C:\Windows\registration
2015-03-22 07:23 - 2009-07-14 16:20 - 00000000 ____D () C:\Windows\AppCompat
2015-03-21 10:43 - 2014-04-27 16:11 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-03-21 10:43 - 2013-12-29 21:47 - 00136752 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-03-21 10:43 - 2013-03-14 11:09 - 00268640 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-03-21 10:43 - 2013-03-14 11:09 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-03-21 10:43 - 2012-02-25 21:27 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-03-21 10:43 - 2009-12-30 09:01 - 00441728 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-03-21 10:43 - 2009-12-30 09:01 - 00088408 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-03-21 10:42 - 2011-03-14 07:00 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-03-21 10:40 - 2009-07-14 18:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-03-21 10:33 - 2014-11-22 08:27 - 00001897 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-03-17 18:55 - 2014-04-24 16:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Computer Troubleshooters Calling Card
2015-03-17 12:29 - 2009-07-14 16:20 - 00000000 ____D () C:\Windows\rescache
2015-03-17 10:54 - 2009-07-14 17:45 - 00450496 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-17 10:50 - 2009-07-14 16:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-17 10:50 - 2009-07-14 16:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-17 10:45 - 2009-10-29 18:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-17 10:28 - 2014-04-24 15:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-03-17 10:28 - 2009-07-14 15:34 - 00000510 _____ () C:\Windows\win.ini
2015-03-17 10:26 - 2013-07-11 18:58 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-17 10:11 - 2009-12-30 01:59 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-17 09:48 - 2015-02-12 18:24 - 00001751 _____ () C:\Users\Public\Desktop\Astroplus.lnk
2015-03-17 09:48 - 2015-02-12 18:24 - 00001741 _____ () C:\Users\Public\Desktop\Astroplus (classic Design).lnk
2015-03-17 09:48 - 2015-02-12 18:24 - 00000872 _____ () C:\Users\Public\Desktop\Planetary Hours.lnk
2015-03-17 09:48 - 2015-02-12 18:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Astrocontact Astroplus
2015-03-17 06:15 - 2014-06-07 10:25 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-17 06:15 - 2014-06-07 10:25 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-17 06:15 - 2014-01-24 00:04 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-08 20:52 - 2010-09-23 09:08 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-03-06 21:40 - 2010-01-04 19:57 - 00000000 ____D () C:\Users\Heiko\AppData\Roaming\Skype
2015-03-06 08:17 - 2014-03-01 21:01 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-03-06 08:17 - 2010-01-04 19:57 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-06 08:17 - 2010-01-04 19:57 - 00000000 ____D () C:\ProgramData\Skype
2015-03-05 12:53 - 2009-07-14 18:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-04 02:17 - 2009-12-30 01:58 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2010-01-27 08:43 - 2010-01-27 08:43 - 0000034 _____ () C:\Users\Heiko\AppData\Roaming\pcouffin.log
2010-01-27 08:42 - 2010-01-27 08:42 - 0082816 _____ (VSO Software) C:\Users\Heiko\AppData\Roaming\pcouffin.sys
2010-01-17 01:40 - 2010-01-17 01:40 - 0003584 _____ () C:\Users\Heiko\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-27 03:38 - 2013-10-27 03:38 - 0004096 ____H () C:\Users\Heiko\AppData\Local\keyfile3.drm
2015-03-24 09:18 - 2015-03-24 09:20 - 0014191 _____ () C:\Users\Heiko\AppData\Local\MyWinLockerInstaller.txt-20150324.log
2015-03-31 15:00 - 2015-03-31 15:00 - 0007890 _____ () C:\Users\Heiko\AppData\Local\recently-used.xbel
2010-06-11 23:01 - 2013-12-30 08:25 - 0017408 _____ () C:\Users\Heiko\AppData\Local\WebpageIcons.db
2014-01-08 21:39 - 2014-01-08 21:39 - 0000057 _____ () C:\ProgramData\Ament.ini
2009-11-14 21:25 - 2009-11-14 21:28 - 0008308 _____ () C:\ProgramData\ArcadeDeluxe3.log
2010-01-04 19:59 - 2010-01-04 19:59 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2009-10-29 18:58 - 2009-07-18 14:57 - 0036136 _____ (Oberon Media) C:\ProgramData\FullRemove.exe

Some content of TEMP:
====================
C:\Users\Heiko\AppData\Local\Temp\Quarantine.exe
C:\Users\Heiko\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-25 00:14

==================== End Of Log ============================

--- --- ---

--- --- ---

Viele Grüße

Kermit

schrauber · 31.03.2015, 19:15

Wahnsinn, im Log seh ich nix.

Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop.
SystemLook (64 bit)

Doppelklicke auf die SystemLook_x64.exe, um das Tool zu starten.
Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
Code:
ATTFilter
```
:regfind:
UpdaterService
         
```
Klicke nun auf den Button Look, um den Scan zu starten.
Der Suchlauf kann einige Zeit dauern.
Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.