| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows 7: Volksbank Trojaner "Fiducia": Fraglicher Trojaner eingefangenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
25.03.2015, 20:40
| #1 |
 |  Windows 7: Volksbank Trojaner "Fiducia": Fraglicher Trojaner eingefangen Hallo, habe eine Mail von Fiducia@fiducia.de bekommen, in der mir mitgeteilt wurde, ich hätte eine Eilüberweisung erfasst. Dummerweise klickte ich auf den Link "Ihr Zahlungsauftrag". Daraufhin öffnete sich ein Fenster mit Zahlen und Zeichen, das ich sofort schloss. Ich denke, ich habe mir einen Trojaner eingefangen. Bis jetzt keine Funktionsstörung des Computers. Nachfolgend die Logfiles: Defogger-disable.txt, FRST.txt, addition.txt, Gmer.txt, malwarebytes.txt und eset-online Scanner.txt Defogger_disable.txt: Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:28 on 25/03/2015 (Praxis)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Praxis (administrator) on HOMEOFFICE on 25-03-2015 19:30:42
Running from C:\Users\Praxis\Downloads
Loaded Profiles: Praxis (Available profiles: Praxis)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(REINER SCT) C:\Windows\SysWOW64\cjpcsc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
() C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\WAC\PSANHost.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\WAC\PSUAService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor Corp.) C:\Windows\RtsCM64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Dell SonicWALL, Inc.) C:\Program Files\Dell SonicWALL\Global VPN Client\SWGVCSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
(Fujitsu Technology Solutions) C:\Program Files (x86)\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe
(Validity Sensors, Inc.) C:\Windows\System32\valWBFPolicyService.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\WAC\PSUAMain.exe
(Panda Security International) C:\Program Files (x86)\Panda Security\WaAgent\WAHost\WAHost.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Windows\Temp\irstrtsv\scrncap.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNetDm.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
() C:\Users\Praxis\Downloads\Defogger.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\mpas-fe_bd.exe
(Microsoft Corporation) C:\587a4841f40facc313\MPSigStub.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13632216 2013-07-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS_SWVOL] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-04] (Realtek Semiconductor)
HKLM\...\Run: [PSUTility] => C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [171344 2013-07-28] (FUJITSU LIMITED)
HKLM\...\Run: [LoadFujitsuQuickTouch] => C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [158416 2013-07-09] (FUJITSU LIMITED)
HKLM\...\Run: [LoadBtnHnd] => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [23248 2013-07-09] (FUJITSU LIMITED)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2967352 2012-10-26] (Synaptics Incorporated)
HKLM\...\Run: [RtsCM] => C:\Windows\RTSCM64.EXE [144456 2013-03-06] (Realtek Semiconductor Corp.)
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184112 2012-09-17] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [IndicatorUtility] => C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [48752 2010-09-30] (FUJITSU LIMITED)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DeskUpdateNotifier] => C:\Program Files (x86)\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe [101728 2013-09-02] (Fujitsu Technology Solutions)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-09-16] (Intel Corporation)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-05-31] (CyberLink Corp.)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\WAC\PSUAMain.exe [32736 2013-10-17] (Panda Security, S.L.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] => C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-51947407-3838788826-2378728623-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-51947407-3838788826-2378728623-1000\...\MountPoints2: {86264c19-636c-11e4-bf2e-a0a8cdc9b43f} - E:\AutoRun.exe
HKU\S-1-5-21-51947407-3838788826-2378728623-1000\...\MountPoints2: {9a2958ae-5bc4-11e4-a323-a0a8cdc9b43f} - E:\AutoRun.exe
HKU\S-1-5-21-51947407-3838788826-2378728623-1000\...\MountPoints2: {d0fe6f27-5bc2-11e4-a561-a0a8cdc9b43f} - E:\AutoRun.exe
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\lcStarter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\lcStarter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Praxis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Praxis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zahlungserinnerung.lnk
ShortcutTarget: Zahlungserinnerung.lnk -> C:\Profi cash\wzed.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-51947407-3838788826-2378728623-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://fujitsu13.msn.com/?pc=FSJB
HKU\S-1-5-21-51947407-3838788826-2378728623-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://fujitsu13.msn.com/?pc=FSJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{2326B32C-7A61-4E51-B966-E7FE66D95D9D}: [NameServer] 10.74.210.210 10.74.210.211
Tcpip\..\Interfaces\{A52A4A78-065F-4E85-9DB6-7C87A72A66DA}: [NameServer] 145.253.2.11
FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-09-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\Praxis\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Praxis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-18]
CHR Extension: (Google Docs) - C:\Users\Praxis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-18]
CHR Extension: (Google Drive) - C:\Users\Praxis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-18]
CHR Extension: (YouTube) - C:\Users\Praxis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-18]
CHR Extension: (Google Search) - C:\Users\Praxis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-18]
CHR Extension: (Google Sheets) - C:\Users\Praxis\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-18]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Praxis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-18]
CHR Extension: (Google Wallet) - C:\Users\Praxis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-18]
CHR Extension: (Gmail) - C:\Users\Praxis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-18]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [518192 2014-01-27] (REINER SCT)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [240584 2012-10-02] (DTS, Inc)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2014-01-15] ()
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
S2 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [682064 2014-04-26] ()
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [781280 2013-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-02] ()
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\WAC\PSANHost.exe [140768 2013-12-20] (Panda Security, S.L.)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [2219520 2012-07-11] (FUJITSU LIMITED) [File not signed]
R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [51608 2013-07-13] (FUJITSU LIMITED)
R2 PSUAService; C:\Program Files (x86)\Panda Security\WAC\PSUAService.exe [37344 2013-10-17] (Panda Security, S.L.)
R2 SWGVCSvc; C:\Program Files\Dell SonicWALL\Global VPN Client\SWGVCSvc.exe [336616 2013-12-03] (Dell SonicWALL, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [35328 2013-09-04] (Validity Sensors, Inc.) [File not signed]
R2 WAHost; C:\Program Files (x86)\Panda Security\WaAgent\WAHost\WAHost.exe [558840 2014-06-25] (Panda Security International)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-08-05] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-02] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1385272 2013-08-08] (Motorola Solutions, Inc.)
S3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [35192 2012-09-04] (REINER SCT)
R1 DNE; C:\Windows\System32\DRIVERS\dnelwf64.sys [133456 2013-10-03] (Citrix Systems, Inc.)
R2 dvctprov; C:\Windows\System32\DRIVERS\dvctprov.sys [105704 2013-08-30] (Panda Security, S.L.)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [495376 2013-05-30] (Intel Corporation)
R0 FBIOSDRV; C:\Windows\System32\Drivers\FBIOSDRV.sys [21104 2009-06-24] (FUJITSU LIMITED)
R3 FUJ02B1; C:\Windows\system32\drivers\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\system32\drivers\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
R3 guardian2; C:\Windows\System32\Drivers\oz776x64.sys [87696 2013-01-10] (O2Micro)
S3 hwusb_cdcacm; C:\Windows\System32\DRIVERS\ew_cdcacm.sys [125952 2014-07-25] (Huawei Technologies Co., Ltd.)
S3 hwusb_wwanecm; C:\Windows\System32\DRIVERS\ew_wwanecm.sys [380672 2014-07-23] (Huawei Technologies Co., Ltd.)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-08-31] (Intel Corporation)
R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [113096 2013-08-07] (Intel Corporation)
R3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [43800 2013-06-27] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw02.sys [3584992 2013-07-31] (Intel Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [93440 2014-01-22] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [124160 2014-01-16] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110624 2014-02-26] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [116480 2014-01-16] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [97024 2014-01-16] (Panda Security, S.L.)
S4 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [71424 2014-01-16] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [127744 2014-01-22] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [307456 2014-02-24] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [123648 2014-01-16] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [116992 2014-01-16] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [259328 2014-02-24] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109824 2014-01-22] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [170752 2014-01-17] (Panda Security, S.L.)
R0 PSINDvct; C:\Windows\System32\DRIVERS\PSINDvct.sys [53480 2013-08-30] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [124160 2014-01-17] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [207616 2014-01-26] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [126208 2014-01-17] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [139520 2014-01-17] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [58360 2012-11-07] (Panda Security, S.L.)
R3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [418008 2013-06-24] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8243144 2013-03-06] (Realtek Semiconductor Corp.)
R2 SWIPsec; C:\Windows\system32\Drivers\SWIPsec.sys [110064 2013-12-03] (Dell SonicWALL, Inc.)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-25 19:30 - 2015-03-25 19:30 - 02095616 _____ (Farbar) C:\Users\Praxis\Downloads\FRST64.exe
2015-03-25 19:30 - 2015-03-25 19:30 - 00022485 _____ () C:\Users\Praxis\Downloads\FRST.txt
2015-03-25 19:30 - 2015-03-25 19:30 - 00000000 ____D () C:\FRST
2015-03-25 19:28 - 2015-03-25 19:28 - 00000474 _____ () C:\Users\Praxis\Downloads\defogger_disable.log
2015-03-25 19:28 - 2015-03-25 19:28 - 00000000 _____ () C:\Users\Praxis\defogger_reenable
2015-03-25 19:27 - 2015-03-25 19:27 - 00050477 _____ () C:\Users\Praxis\Downloads\Defogger.exe
2015-03-24 00:28 - 2015-03-24 00:28 - 00380416 _____ () C:\Users\Praxis\Downloads\hsi9rdmq.exe
2015-03-24 00:27 - 2015-03-24 00:27 - 00380416 _____ () C:\Users\Praxis\Downloads\mlo9le1h.exe
2015-03-23 23:40 - 2015-03-23 23:40 - 02347384 _____ (ESET) C:\Users\Praxis\Downloads\esetsmartinstaller_deu.exe
2015-03-23 23:40 - 2015-03-23 23:40 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-03-23 23:36 - 2015-03-23 23:36 - 00448512 _____ (OldTimer Tools) C:\Users\Praxis\Downloads\TFC.exe
2015-03-23 23:29 - 2015-03-23 23:32 - 00000000 ____D () C:\AdwCleaner
2015-03-23 23:11 - 2015-03-24 00:29 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-23 23:11 - 2015-03-23 23:11 - 00001068 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-23 23:11 - 2015-03-23 23:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-03-23 23:10 - 2015-03-23 23:11 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-03-23 23:10 - 2015-03-23 23:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-23 23:10 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-23 23:10 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-23 23:10 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-15 11:05 - 2012-11-07 08:00 - 00058360 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2015-03-11 20:17 - 2015-02-20 05:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 20:17 - 2015-02-20 05:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 20:17 - 2015-02-20 05:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 20:17 - 2015-02-20 05:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 20:17 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-11 20:17 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 20:17 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-11 20:17 - 2015-02-20 05:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-11 20:17 - 2015-02-20 04:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 20:17 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 20:16 - 2015-02-03 04:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 20:16 - 2015-02-03 04:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-11 20:16 - 2015-02-03 04:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 20:16 - 2015-02-03 04:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-11 20:16 - 2015-02-03 04:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 20:16 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 20:16 - 2015-02-03 04:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 20:16 - 2015-02-03 04:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 20:16 - 2015-02-03 04:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 20:16 - 2015-02-03 04:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 20:16 - 2015-02-03 04:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 20:16 - 2015-02-03 04:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 20:16 - 2015-02-03 04:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 20:16 - 2015-02-03 04:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 20:16 - 2015-02-03 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 20:16 - 2015-02-03 04:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 20:16 - 2015-02-03 04:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 20:16 - 2015-02-03 04:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 20:16 - 2015-02-03 04:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 20:16 - 2015-02-03 04:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 20:16 - 2015-02-03 04:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 20:16 - 2015-02-03 04:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 20:16 - 2015-02-03 04:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 20:16 - 2015-02-03 04:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 20:16 - 2015-02-03 04:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 20:16 - 2015-02-03 04:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 20:16 - 2015-02-03 04:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 20:16 - 2015-02-03 04:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 20:16 - 2015-02-03 04:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 20:16 - 2015-02-03 04:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 20:16 - 2015-02-03 04:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 20:16 - 2015-02-03 04:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 20:16 - 2015-02-03 04:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 20:16 - 2015-02-03 04:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 20:16 - 2015-02-03 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 20:16 - 2015-02-03 04:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 20:16 - 2015-02-03 04:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-11 20:16 - 2015-02-03 04:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-11 20:16 - 2015-02-03 04:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-11 20:16 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-11 20:16 - 2015-02-03 04:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-11 20:16 - 2015-02-03 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-11 20:16 - 2015-02-03 04:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-11 20:16 - 2015-02-03 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-11 20:16 - 2015-02-03 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-11 20:16 - 2015-02-03 03:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 20:16 - 2015-01-31 04:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-11 20:16 - 2015-01-31 04:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-11 20:16 - 2015-01-31 00:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-11 20:16 - 2014-10-31 23:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 20:16 - 2014-06-28 01:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-11 20:16 - 2014-06-28 01:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-11 20:15 - 2015-03-06 06:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 20:15 - 2015-03-06 06:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 20:15 - 2015-03-06 06:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 20:15 - 2015-03-06 06:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 20:15 - 2015-03-06 06:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 20:15 - 2015-03-06 06:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 20:15 - 2015-03-06 06:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 20:15 - 2015-03-06 06:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 20:15 - 2015-03-06 06:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 20:15 - 2015-03-06 06:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 20:15 - 2015-03-06 06:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 20:15 - 2015-03-06 06:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 20:15 - 2015-03-06 06:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 20:15 - 2015-03-06 06:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 20:15 - 2015-03-06 06:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 20:15 - 2015-03-06 06:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 20:15 - 2015-03-06 06:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 20:15 - 2015-03-06 06:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 20:15 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-11 20:15 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-11 20:15 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 20:15 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-11 20:15 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-11 20:15 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-11 20:15 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 20:15 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 20:15 - 2015-03-06 06:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 20:15 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-11 20:15 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-11 20:15 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-11 20:15 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-11 20:15 - 2015-02-26 04:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 20:15 - 2015-02-24 04:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 20:15 - 2015-02-24 03:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-11 20:15 - 2015-02-21 02:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 20:15 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 20:15 - 2015-02-21 01:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-11 20:15 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 20:15 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 20:15 - 2015-02-21 00:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 20:15 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 20:15 - 2015-02-20 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 20:15 - 2015-02-20 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 20:15 - 2015-02-20 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 20:15 - 2015-02-20 03:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 20:15 - 2015-02-20 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 20:15 - 2015-02-20 03:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 20:15 - 2015-02-20 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 20:15 - 2015-02-20 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 20:15 - 2015-02-20 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 20:15 - 2015-02-20 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 20:15 - 2015-02-20 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 20:15 - 2015-02-20 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 20:15 - 2015-02-20 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 20:15 - 2015-02-20 03:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 20:15 - 2015-02-20 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 20:15 - 2015-02-20 03:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-11 20:15 - 2015-02-20 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 20:15 - 2015-02-20 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 20:15 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 20:15 - 2015-02-20 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 20:15 - 2015-02-20 03:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-11 20:15 - 2015-02-20 03:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-11 20:15 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 20:15 - 2015-02-20 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 20:15 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 20:15 - 2015-02-20 03:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-11 20:15 - 2015-02-20 03:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-11 20:15 - 2015-02-20 02:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-11 20:15 - 2015-02-20 02:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-11 20:15 - 2015-02-20 02:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-11 20:15 - 2015-02-20 02:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 20:15 - 2015-02-20 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 20:15 - 2015-02-20 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 20:15 - 2015-02-20 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 20:15 - 2015-02-20 02:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 20:15 - 2015-02-20 02:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-11 20:15 - 2015-02-20 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-11 20:15 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 20:15 - 2015-02-20 02:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 20:15 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 20:15 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 20:15 - 2015-02-20 02:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-11 20:15 - 2015-02-20 02:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 20:15 - 2015-02-20 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 20:15 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 20:15 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 20:15 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 20:15 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 20:15 - 2015-02-13 06:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 20:15 - 2015-02-03 04:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 20:15 - 2015-02-03 04:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 20:15 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 20:15 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 20:15 - 2015-01-31 00:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 20:15 - 2015-01-17 03:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 20:15 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-11 20:14 - 2015-02-04 04:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 20:14 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-02-24 21:31 - 2015-02-24 21:31 - 00000000 __SHD () C:\Users\Praxis\AppData\Local\EmieBrowserModeList
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-25 19:30 - 2014-08-12 19:36 - 01905760 _____ () C:\Windows\WindowsUpdate.log
2015-03-25 19:30 - 2009-07-14 05:45 - 00016768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-25 19:30 - 2009-07-14 05:45 - 00016768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-25 19:28 - 2014-08-15 13:34 - 00000000 ____D () C:\Users\Praxis
2015-03-25 19:27 - 2013-12-25 12:23 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2015-03-25 19:27 - 2013-12-25 12:23 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2015-03-25 19:27 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-25 19:23 - 2014-09-18 18:51 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-25 19:23 - 2014-08-15 13:40 - 00000000 ____D () C:\Users\Praxis\Documents\Youcam
2015-03-25 19:23 - 2014-08-15 13:36 - 00003314 _____ () C:\Windows\System32\Tasks\Intel(R) Rapid Start Technology Manager
2015-03-25 19:22 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-25 19:22 - 2009-07-14 05:51 - 00063637 _____ () C:\Windows\setupact.log
2015-03-24 00:14 - 2014-09-18 18:51 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-23 23:33 - 2010-11-21 04:47 - 00791996 _____ () C:\Windows\PFRO.log
2015-03-23 23:27 - 2010-11-21 08:17 - 00000000 ____D () C:\Windows\ShellNew
2015-03-23 22:27 - 2014-09-18 18:52 - 00002141 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-23 21:28 - 2015-02-19 12:13 - 00000000 ____D () C:\Profi cash
2015-03-19 13:54 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-03-18 19:15 - 2014-09-18 12:28 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-03-14 20:44 - 2009-07-14 05:45 - 00373656 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-14 20:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-14 20:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-14 20:19 - 2014-08-15 16:07 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-14 20:16 - 2014-08-15 16:06 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-24 04:17 - 2010-11-21 04:27 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
==================== Files in the root of some directories =======
2013-12-26 07:44 - 2013-12-26 07:44 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-14 16:43
==================== End Of Log ============================
addition.txt Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Praxis at 2015-03-25 19:31:30
Running from C:\Users\Praxis\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Panda Endpoint Protection (Enabled - Up to date) {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AS: Panda Endpoint Protection (Enabled - Up to date) {8F3797EF-DB90-F073-3C72-40C753554CD1}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Endpoint Protection Firewall (Disabled) {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Reader XI (11.0.03) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Avast Anti-Virus Packages (HKU\S-1-5-21-51947407-3838788826-2378728623-1000\...\Avast Anti-Virus Packages) (Version: - ) <==== ATTENTION
Brother MFL-Pro Suite MFC-7360N (HKLM-x32\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.0.9.0 - Brother Industries, Ltd.)
cyberJack Base Components (HKLM-x32\...\{FC338210-F594-11D3-BA24-00001C3AB4DF}) (Version: 6.10.8 - REINER SCT)
CyberLink YouCam 5 (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2931.0 - CyberLink Corp.)
DeskUpdate (HKLM-x32\...\DeskUpdate_is1) (Version: 4.14.0123 - Fujitsu Technology Solutions)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
FJ Camera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10220 - Realtek Semiconductor Corp.)
Fujitsu Hotkey Utility (HKLM-x32\...\InstallShield_{C8E4B31D-337C-483D-822D-16F11441669B}) (Version: 3.70.0.0 - FUJITSU LIMITED)
Fujitsu Hotkey Utility (x32 Version: 3.70.0.0 - FUJITSU LIMITED) Hidden
Global VPN Client (HKLM\...\{88C972E7-D7FC-40F3-9FE5-180957F37B45}) (Version: 4.9.0 - Dell SonicWALL)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3272 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1332.1) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0366 - Intel Corporation)
Intel(R) Rapid Start Technology (HKLM-x32\...\{3D073343-CEEB-4ce7-85AC-A69A7631B5D6}) (Version: 3.0.0.1050 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{828af006-cb5e-4d60-957a-523098a1b0f8}) (Version: 16.1.3 - Intel Corporation)
Internet Manager (HKLM-x32\...\Internet Manager) (Version: 22.001.19.05.55 - Huawei Technologies Co.,Ltd)
LIFEBOOK Application Panel (HKLM-x32\...\InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}) (Version: 8.3.3.0 - FUJITSU LIMITED)
LIFEBOOK Application Panel (Version: 8.3.3.0 - FUJITSU LIMITED) Hidden
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Business 2013 - de-de (HKLM\...\HomeBusinessRetail - de-de) (Version: 15.0.4701.1002 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-51947407-3838788826-2378728623-1000\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nuance PaperPort 12 (HKLM-x32\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
O2Micro OZ776 SCR Driver (HKLM-x32\...\InstallShield_{3D7E0A16-5365-4DA4-B7F4-63DB89F45C3C}) (Version: 2.1.4.222GS - O2Micro)
O2Micro OZ776 SCR Driver (Version: 2.1.4.222GS - O2Micro) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Panda Endpoint Agent (HKLM-x32\...\PCOP Agent) (Version: 7.00.00.0000 - Panda Security)
Panda Endpoint Agent (x32 Version: 7.00.00.0000 - Panda Security) Hidden
Panda Endpoint Protection (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 06.81.11.0000 - Panda Security)
Panda Endpoint Protection (Version: 5.15.00.0000 - Panda Security) Hidden
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 1.00.0001 - Nuance Communications, Inc.)
Plugfree NETWORK (HKLM\...\{7BA64D21-EE46-4a9a-8145-52B0175C3F86}) (Version: 7.0.0.1 - FUJITSU LIMITED)
Plugfree NETWORK (Version: 7.0.001 - FUJITSU LIMITED) Hidden
Power Saving Utility (HKLM-x32\...\InstallShield_{CB0EA768-62F2-450E-88BC-74182237F564}) (Version: 42.0.0.0 (10.001) - FUJITSU LIMITED)
Power Saving Utility (Version: 42.0.0.0 - FUJITSU LIMITED) Hidden
Profi cash (HKLM-x32\...\Profi cash) (Version: - )
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21234 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6976 - Realtek Semiconductor Corp.)
Scansoft PDF Professional (x32 Version: - ) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.21.1 - Synaptics Incorporated)
Validity WBF Driver (HKLM\...\{21B2930A-93E3-43C9-8E82-E4DFD4B15377}) (Version: 4.5.234.0 - Validity Sensors, Inc.)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-51947407-3838788826-2378728623-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Praxis\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-51947407-3838788826-2378728623-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Praxis\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-51947407-3838788826-2378728623-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Praxis\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-51947407-3838788826-2378728623-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Praxis\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
06-02-2015 12:56:33 Windows Update
14-02-2015 16:48:22 Windows Update
15-02-2015 09:44:48 Windows Update
17-02-2015 16:20:05 Windows Update
21-02-2015 10:39:27 Windows Update
24-02-2015 21:35:15 Windows Update
04-03-2015 21:16:22 Windows Update
14-03-2015 20:13:58 Windows Update
15-03-2015 11:08:40 Windows Update
19-03-2015 08:50:09 Windows Update
25-03-2015 19:30:26 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {10F8FDFC-3C8A-4D26-A8DC-D7F480ACE0B3} - System32\Tasks\Intel(R) Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2013-06-27] (Intel)
Task: {2B2850A8-B425-48E9-958A-A2A3A32F294B} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {48AD7F3C-0D87-47C2-8AA5-D4060B8332C6} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {6050F247-607F-423B-9F73-90A3A8869BAD} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {9A38392F-1689-409F-A3B5-9AFC020A07D1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-18] (Google Inc.)
Task: {D217B3D6-80CE-4536-A969-FC3051A796CE} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-10-26] (Synaptics Incorporated)
Task: {DD79843F-2C5D-4683-8256-85E40039C4B7} - System32\Tasks\Fujitsu\DeskUpdate => C:\Program Files (x86)\Fujitsu\DeskUpdate\ducmd.exe [2013-09-02] (Fujitsu Technology Solutions)
Task: {E462199F-5D6F-4671-8DE3-443AC96BBE0B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-18] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2014-09-27 13:25 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-01-15 04:42 - 2014-01-15 04:42 - 00351824 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2014-10-24 22:18 - 2014-04-26 07:15 - 00682064 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
2015-03-25 19:27 - 2015-03-25 19:27 - 00050477 _____ () C:\Users\Praxis\Downloads\Defogger.exe
2014-11-17 15:33 - 2007-05-31 07:38 - 00167936 _____ () C:\Windows\SysWOW64\SerialXP.dll
2014-10-24 22:18 - 2013-08-16 07:53 - 00011362 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\mingwm10.dll
2014-10-24 22:18 - 2013-08-16 07:53 - 00043008 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\libgcc_s_dw2-1.dll
2014-10-24 22:18 - 2014-02-15 08:31 - 02416640 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtCore4.dll
2014-10-24 22:18 - 2014-02-15 08:33 - 01148416 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtNetwork4.dll
2013-04-12 17:23 - 2013-04-12 17:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\WAC\SQLite3.dll
2014-11-23 15:15 - 2014-11-23 15:15 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2014-06-24 08:43 - 2014-06-24 08:43 - 00046336 _____ () C:\Program Files (x86)\Panda Security\WaAgent\Common\ApiCr.dll
2014-06-24 08:43 - 2014-06-24 08:43 - 00103680 _____ () C:\Program Files (x86)\Panda Security\WaAgent\Common\MiniCrypto.dll
2014-11-23 21:38 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2015-03-23 22:26 - 2015-03-14 11:12 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libglesv2.dll
2015-03-23 22:26 - 2015-03-14 11:12 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libegl.dll
2015-03-23 22:26 - 2015-03-14 11:12 - 09278792 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\pdf.dll
2015-03-23 22:26 - 2015-03-14 11:12 - 14974280 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\PepperFlash\pepflashplayer.dll
2014-08-12 19:37 - 2013-09-16 04:19 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-51947407-3838788826-2378728623-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Praxis\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-51947407-3838788826-2378728623-500 - Administrator - Disabled)
Gast (S-1-5-21-51947407-3838788826-2378728623-501 - Limited - Disabled)
Praxis (S-1-5-21-51947407-3838788826-2378728623-1000 - Administrator - Enabled) => C:\Users\Praxis
==================== Faulty Device Manager Devices =============
Name: SonicWALL Virtual NIC
Description: SonicWALL Virtual NIC
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: SonicWALL
Service: SWVNIC
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: EM7305
Description: EM7305
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/25/2015 07:22:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/23/2015 11:40:53 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (03/23/2015 11:34:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/23/2015 11:27:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/23/2015 09:40:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/23/2015 09:25:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/21/2015 08:53:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/20/2015 09:20:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/19/2015 08:27:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/19/2015 06:14:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (03/25/2015 07:23:54 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (03/25/2015 07:22:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Internet Manager. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (03/25/2015 07:22:55 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Internet Manager. OUC erreicht.
Error: (03/23/2015 11:37:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/23/2015 11:34:41 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (03/23/2015 11:33:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Internet Manager. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (03/23/2015 11:33:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Internet Manager. OUC erreicht.
Error: (03/23/2015 11:33:32 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 23.03.2015 um 23:32:33 unerwartet heruntergefahren.
Error: (03/23/2015 11:28:39 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (03/23/2015 11:27:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Internet Manager. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Microsoft Office Sessions:
=========================
Error: (03/25/2015 07:22:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/23/2015 11:40:53 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Praxis\Downloads\esetsmartinstaller_deu.exe
Error: (03/23/2015 11:34:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/23/2015 11:27:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/23/2015 09:40:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/23/2015 09:25:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/21/2015 08:53:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/20/2015 09:20:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/19/2015 08:27:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/19/2015 06:14:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
CodeIntegrity Errors:
===================================
Date: 2015-03-25 19:23:07.392
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-24 00:35:38.105
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-24 00:28:00.916
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-23 23:34:02.658
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-23 23:28:04.014
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-23 23:26:45.154
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-23 23:10:29.133
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-23 22:52:47.931
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-23 21:46:23.283
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-23 21:40:33.417
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-4702MQ CPU @ 2.20GHz
Percentage of memory in use: 32%
Total physical RAM: 8073.91 MB
Available physical RAM: 5446.9 MB
Total Pagefile: 16146.02 MB
Available Pagefile: 12962.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (System) (Fixed) (Total:213.82 GB) (Free:164.91 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 573692F2)
Partition 1: (Active) - (Size=2 GB) - (Type=27)
Partition 2: (Not Active) - (Size=228.5 GB) - (Type=OF Extended)
Partition 3: (Not Active) - (Size=8 GB) - (Type=84)
==================== End Of Log ============================
Gmer.txt Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-03-25 19:48:38
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000080 SAMSUNG_ rev.EXT0 238,47GB
Running: Gmer-19357.exe; Driver: C:\Users\Praxis\AppData\Local\Temp\uwtiraow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[3788] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076a21401 2 bytes JMP 7682b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[3788] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076a21419 2 bytes JMP 7682b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[3788] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076a21431 2 bytes JMP 768a8ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[3788] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076a2144a 2 bytes CALL 768048ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[3788] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076a214dd 2 bytes JMP 768a87a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[3788] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076a214f5 2 bytes JMP 768a8978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[3788] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076a2150d 2 bytes JMP 768a8698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[3788] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076a21525 2 bytes JMP 768a8a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[3788] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076a2153d 2 bytes JMP 7681fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[3788] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076a21555 2 bytes JMP 768268ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[3788] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076a2156d 2 bytes JMP 768a8f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[3788] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076a21585 2 bytes JMP 768a8ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[3788] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076a2159d 2 bytes JMP 768a865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[3788] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076a215b5 2 bytes JMP 7681fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[3788] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076a215cd 2 bytes JMP 7682b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[3788] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076a216b2 2 bytes JMP 768a8e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[3788] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076a216bd 2 bytes JMP 768a85f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5100] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076a21401 2 bytes JMP 7682b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5100] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076a21419 2 bytes JMP 7682b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076a21431 2 bytes JMP 768a8ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076a2144a 2 bytes CALL 768048ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5100] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076a214dd 2 bytes JMP 768a87a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5100] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076a214f5 2 bytes JMP 768a8978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5100] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076a2150d 2 bytes JMP 768a8698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5100] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076a21525 2 bytes JMP 768a8a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5100] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076a2153d 2 bytes JMP 7681fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5100] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076a21555 2 bytes JMP 768268ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5100] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076a2156d 2 bytes JMP 768a8f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5100] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076a21585 2 bytes JMP 768a8ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5100] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076a2159d 2 bytes JMP 768a865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5100] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076a215b5 2 bytes JMP 7681fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5100] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076a215cd 2 bytes JMP 7682b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5100] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076a216b2 2 bytes JMP 768a8e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5100] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076a216bd 2 bytes JMP 768a85f1 C:\Windows\syswow64\kernel32.dll
---- Threads - GMER 2.1 ----
Thread C:\Windows\System32\svchost.exe [4132:6420] 000007fef24a9688
---- Processes - GMER 2.1 ----
Library C:\ProgramData\Internet Manager\OnlineUpdate\mingwm10.dll (*** suspicious ***) @ C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe [2948](2014-10-24 21:18:45) 000000006fbc0000
Library C:\ProgramData\Internet Manager\OnlineUpdate\libgcc_s_dw2-1.dll (*** suspicious ***) @ C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe [2948](2014-10-24 21:18:45) 000000006e940000
Library C:\ProgramData\Internet Manager\OnlineUpdate\QtCore4.dll (*** suspicious ***) @ C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe [2948](2014-10-24 21:18:45) 000000006a1c0000
Library C:\ProgramData\Internet Manager\OnlineUpdate\QtNetwork4.dll (*** suspicious ***) @ C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe [2948](2014-10-24 21:18:45) 000000006ff00000
Library C:\ProgramData\Internet Manager\OnlineUpdate\mingwm10.dll (*** suspicious ***) @ C:\ProgramData\Internet Manager\OnlineUpdate\LiveUpd.exe [6604](2014-10-24 21:18:45) 000000006fbc0000
Library C:\ProgramData\Internet Manager\OnlineUpdate\libgcc_s_dw2-1.dll (*** suspicious ***) @ C:\ProgramData\Internet Manager\OnlineUpdate\LiveUpd.exe [6604](2014-10-24 21:18:45) 000000006e940000
Library C:\ProgramData\Internet Manager\OnlineUpdate\QtCore4.dll (*** suspicious ***) @ C:\ProgramData\Internet Manager\OnlineUpdate\LiveUpd.exe [6604](2014-10-24 21:18:45) 000000006a1c0000
Library C:\ProgramData\Internet Manager\OnlineUpdate\QtGui4.dll (*** suspicious ***) @ C:\ProgramData\Internet Manager\OnlineUpdate\LiveUpd.exe [6604](2014-10-24 21:18:45) 0000000065100000
Library C:\ProgramData\Internet Manager\OnlineUpdate\QtNetwork4.dll (*** suspicious ***) @ C:\ProgramData\Internet Manager\OnlineUpdate\LiveUpd.exe [6604](2014-10-24 21:18:45) 000000006ff00000
Library C:\ProgramData\Internet Manager\OnlineUpdate\plugins\imageformats\qgif4.dll (*** suspicious ***) @ C:\ProgramData\Internet Manager\OnlineUpdate\LiveUpd.exe [6604](2014-10-24 21:30:28) 0000000068f00000
Library C:\ProgramData\Internet Manager\OnlineUpdate\plugins\imageformats\qico4.dll (*** suspicious ***) @ C:\ProgramData\Internet Manager\OnlineUpdate\LiveUpd.exe [6604](2014-10-24 21:30:28) 000000006bdc0000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\a0a8cdc9b43f
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\a0a8cdc9b43f (not active ControlSet)
---- EOF - GMER 2.1 ----
Malwarebytes antimalware.txt Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 23.03.2015 Suchlauf-Zeit: 23:12:08 Logdatei: Malwarebytes.txt Administrator: Ja Version: 2.01.4.1018 Malware Datenbank: v2015.03.23.07 Rootkit Datenbank: v2015.02.25.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Praxis Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 341762 Verstrichene Zeit: 14 Min, 12 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 4 PUP.Optional.SmartBar, HKU\S-1-5-21-51947407-3838788826-2378728623-1000\SOFTWARE\SmartbarBackup, In Quarantäne, [f6fd58f07713ae88284dd45efa0be21e], PUP.Optional.SmartBar, HKU\S-1-5-21-51947407-3838788826-2378728623-1000\SOFTWARE\SmartbarLog, In Quarantäne, [678cfb4da5e5e155a9cb141e739238c8], PUP.Optional.InstallCore.A, HKU\S-1-5-21-51947407-3838788826-2378728623-1000\SOFTWARE\INSTALLCORE\1I1T1Q1S, In Quarantäne, [fff435139af03bfbf3a330d45fa5ef11], PUP.Optional.InstallCore.A, HKU\S-1-5-21-51947407-3838788826-2378728623-1000\SOFTWARE\INSTALLCORE, In Quarantäne, [a053ce7a2a60f1450966e634b15415eb], Registrierungswerte: 1 PUP.Optional.InstallCore.A, HKU\S-1-5-21-51947407-3838788826-2378728623-1000\SOFTWARE\INSTALLCORE|tb, 0Q1O1R1R0D1G1J1S, In Quarantäne, [a053ce7a2a60f1450966e634b15415eb] Registrierungsdaten: 0 (Keine schädliche Elemente gefunden) Ordner: 4 PUP.Optional.SmartBar.A, C:\Users\Praxis\AppData\Local\Smartbar, In Quarantäne, [926163e5a3e787afeda194e0f90ad12f], PUP.Optional.SmartBar.A, C:\Users\Praxis\AppData\Local\Smartbar\Application, In Quarantäne, [926163e5a3e787afeda194e0f90ad12f], PUP.Optional.SmartBar.A, C:\Users\Praxis\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl, In Quarantäne, [926163e5a3e787afeda194e0f90ad12f], PUP.Optional.SmartBar.A, C:\Users\Praxis\AppData\Local\Smartbar\Application\Resources, In Quarantäne, [926163e5a3e787afeda194e0f90ad12f], Dateien: 1 PUP.Optional.InstallCore, C:\Users\Praxis\AppData\Roaming\0C1I1L1R1J0C1F1G1G1P1R2Z\Avast Anti-Virus Packages\uninstaller.exe, In Quarantäne, [9360ef59f991d363d060e55c6999cc34], Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=231408b048b4144fa9144497aa139520
# engine=23043
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-03-23 11:21:59
# local_time=2015-03-24 12:21:59 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Panda Cloud Antivirus'
# compatibility_mode=1552 16777213 75 93 15777270 213352493 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 316574 178782769 0 0
# scanned=129688
# found=0
# cleaned=0
# scan_time=2218
|
|
25.03.2015, 21:08
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 7: Volksbank Trojaner "Fiducia": Fraglicher Trojaner eingefangen hi,
__________________Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
25.03.2015, 21:57
| #3 |
| | Windows 7: Volksbank Trojaner "Fiducia": Fraglicher Trojaner eingefangen Hi,
__________________danke. Hier die Logfiles: mbar: Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org
Database version:
main: v2015.03.25.06
rootkit: v2015.02.25.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17691
Praxis :: HOMEOFFICE [administrator]
25.03.2015 21:27:50
mbar-log-2015-03-25 (21-27-50).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 345185
Time elapsed: 13 minute(s), 4 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
TDS-Killer: Code:
ATTFilter
21:47:36.0893 0x1878 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
21:47:43.0662 0x1878 ============================================================
21:47:43.0662 0x1878 Current date / time: 2015/03/25 21:47:43.0662
21:47:43.0662 0x1878 SystemInfo:
21:47:43.0662 0x1878
21:47:43.0662 0x1878 OS Version: 6.1.7601 ServicePack: 1.0
21:47:43.0662 0x1878 Product type: Workstation
21:47:43.0662 0x1878 ComputerName: HOMEOFFICE
21:47:43.0662 0x1878 UserName: Praxis
21:47:43.0662 0x1878 Windows directory: C:\Windows
21:47:43.0662 0x1878 System windows directory: C:\Windows
21:47:43.0662 0x1878 Running under WOW64
21:47:43.0662 0x1878 Processor architecture: Intel x64
21:47:43.0662 0x1878 Number of processors: 8
21:47:43.0662 0x1878 Page size: 0x1000
21:47:43.0662 0x1878 Boot type: Normal boot
21:47:43.0662 0x1878 ============================================================
21:47:43.0959 0x1878 KLMD registered as C:\Windows\system32\drivers\39089170.sys
21:47:44.0037 0x1878 System UUID: {2B9C18C4-3289-6AA4-366D-A44961205105}
21:47:44.0801 0x1878 Drive \Device\Harddisk0\DR0 - Size: 0x3B9E656000 ( 238.47 Gb ), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:47:44.0817 0x1878 ============================================================
21:47:44.0817 0x1878 \Device\Harddisk0\DR0:
21:47:44.0817 0x1878 MBR partitions:
21:47:44.0817 0x1878 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x401800, BlocksNum 0x1ABA3800
21:47:44.0832 0x1878 ============================================================
21:47:44.0832 0x1878 C: <-> \Device\Harddisk0\DR0\Partition1
21:47:44.0832 0x1878 ============================================================
21:47:44.0832 0x1878 Initialize success
21:47:44.0832 0x1878 ============================================================
21:48:30.0396 0x1b70 ============================================================
21:48:30.0396 0x1b70 Scan started
21:48:30.0396 0x1b70 Mode: Manual; SigCheck; TDLFS;
21:48:30.0396 0x1b70 ============================================================
21:48:30.0396 0x1b70 KSN ping started
21:48:33.0219 0x1b70 KSN ping finished: true
21:48:33.0859 0x1b70 ================ Scan system memory ========================
21:48:33.0859 0x1b70 System memory - ok
21:48:33.0859 0x1b70 ================ Scan services =============================
21:48:33.0968 0x1b70 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:48:34.0062 0x1b70 1394ohci - ok
21:48:34.0124 0x1b70 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:48:34.0155 0x1b70 ACPI - ok
21:48:34.0171 0x1b70 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:48:34.0202 0x1b70 AcpiPmi - ok
21:48:34.0218 0x1b70 [ ADDA5E1951B90D3D23C56D3CF0622ADC, E85E7BFD29F00ED34BF5BE8BD4DA93CBB14278E16809BB55406875F0DA88551E ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:48:34.0249 0x1b70 AdobeARMservice - ok
21:48:34.0296 0x1b70 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
21:48:34.0343 0x1b70 adp94xx - ok
21:48:34.0389 0x1b70 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
21:48:34.0421 0x1b70 adpahci - ok
21:48:34.0436 0x1b70 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
21:48:34.0467 0x1b70 adpu320 - ok
21:48:34.0483 0x1b70 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:48:34.0577 0x1b70 AeLookupSvc - ok
21:48:34.0623 0x1b70 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
21:48:34.0686 0x1b70 AFD - ok
21:48:34.0701 0x1b70 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
21:48:34.0717 0x1b70 agp440 - ok
21:48:34.0733 0x1b70 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
21:48:34.0764 0x1b70 ALG - ok
21:48:34.0764 0x1b70 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
21:48:34.0795 0x1b70 aliide - ok
21:48:34.0795 0x1b70 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
21:48:34.0811 0x1b70 amdide - ok
21:48:34.0826 0x1b70 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
21:48:34.0857 0x1b70 AmdK8 - ok
21:48:34.0873 0x1b70 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
21:48:34.0889 0x1b70 AmdPPM - ok
21:48:34.0920 0x1b70 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:48:34.0935 0x1b70 amdsata - ok
21:48:34.0967 0x1b70 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
21:48:34.0998 0x1b70 amdsbs - ok
21:48:34.0998 0x1b70 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:48:35.0029 0x1b70 amdxata - ok
21:48:35.0029 0x1b70 [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID C:\Windows\system32\drivers\appid.sys
21:48:35.0060 0x1b70 AppID - ok
21:48:35.0076 0x1b70 [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:48:35.0091 0x1b70 AppIDSvc - ok
21:48:35.0107 0x1b70 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
21:48:35.0138 0x1b70 Appinfo - ok
21:48:35.0154 0x1b70 [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
21:48:35.0201 0x1b70 AppMgmt - ok
21:48:35.0216 0x1b70 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
21:48:35.0232 0x1b70 arc - ok
21:48:35.0247 0x1b70 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
21:48:35.0279 0x1b70 arcsas - ok
21:48:35.0325 0x1b70 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:48:35.0341 0x1b70 aspnet_state - ok
21:48:35.0357 0x1b70 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:48:35.0435 0x1b70 AsyncMac - ok
21:48:35.0435 0x1b70 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
21:48:35.0466 0x1b70 atapi - ok
21:48:35.0497 0x1b70 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:48:35.0575 0x1b70 AudioEndpointBuilder - ok
21:48:35.0606 0x1b70 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:48:35.0669 0x1b70 AudioSrv - ok
21:48:35.0700 0x1b70 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:48:35.0747 0x1b70 AxInstSV - ok
21:48:35.0793 0x1b70 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
21:48:35.0840 0x1b70 b06bdrv - ok
21:48:35.0887 0x1b70 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:48:35.0934 0x1b70 b57nd60a - ok
21:48:35.0965 0x1b70 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
21:48:35.0996 0x1b70 BDESVC - ok
21:48:35.0996 0x1b70 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
21:48:36.0074 0x1b70 Beep - ok
21:48:36.0152 0x1b70 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
21:48:36.0215 0x1b70 BFE - ok
21:48:36.0293 0x1b70 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
21:48:36.0417 0x1b70 BITS - ok
21:48:36.0433 0x1b70 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
21:48:36.0464 0x1b70 blbdrive - ok
21:48:36.0573 0x1b70 [ E7429ECD0C47CC065EEACF7E9D0E6341, 10D8231E14C908A0949108EB5F84E17BA10ABFC370D0C5F65945B23879AB12BF ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
21:48:36.0651 0x1b70 Bluetooth Device Monitor - ok
21:48:36.0792 0x1b70 [ 0F432B34D80351EFC5E35F14D9798CFD, 591D913E069C1C69212A7742D7182E24E669FE7B50680D8D337F32CF9F72B163 ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
21:48:36.0885 0x1b70 Bluetooth Media Service - ok
21:48:36.0995 0x1b70 [ 96924B1D3060B0C0FFD77D01CB234D9F, 2A02EEC4092646A0BD26B8E8BA8B75F82EB6F46003C56C9A838E412006457DD2 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
21:48:37.0073 0x1b70 Bluetooth OBEX Service - ok
21:48:37.0088 0x1b70 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:48:37.0119 0x1b70 bowser - ok
21:48:37.0135 0x1b70 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
21:48:37.0166 0x1b70 BrFiltLo - ok
21:48:37.0166 0x1b70 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
21:48:37.0197 0x1b70 BrFiltUp - ok
21:48:37.0213 0x1b70 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
21:48:37.0244 0x1b70 Browser - ok
21:48:37.0275 0x1b70 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:48:37.0322 0x1b70 Brserid - ok
21:48:37.0338 0x1b70 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:48:37.0369 0x1b70 BrSerWdm - ok
21:48:37.0369 0x1b70 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:48:37.0400 0x1b70 BrUsbMdm - ok
21:48:37.0416 0x1b70 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:48:37.0431 0x1b70 BrUsbSer - ok
21:48:37.0463 0x1b70 [ EA7E57F87D6FEE5FD6C5F813C04E8CD2, 1EB84F4DEE3034FAFBEA2A3F84EECE036E803872DA94D54E958E9F2F09519E88 ] BrYNSvc C:\Program Files (x86)\Browny02\BrYNSvc.exe
21:48:37.0478 0x1b70 BrYNSvc - detected UnsignedFile.Multi.Generic ( 1 )
21:48:39.0932 0x1b70 Detect skipped due to KSN trusted
21:48:39.0932 0x1b70 BrYNSvc - ok
21:48:39.0948 0x1b70 [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
21:48:39.0976 0x1b70 BthEnum - ok
21:48:39.0988 0x1b70 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
21:48:40.0021 0x1b70 BTHMODEM - ok
21:48:40.0041 0x1b70 [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
21:48:40.0076 0x1b70 BthPan - ok
21:48:40.0143 0x1b70 [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
21:48:40.0196 0x1b70 BTHPORT - ok
21:48:40.0211 0x1b70 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
21:48:40.0278 0x1b70 bthserv - ok
21:48:40.0294 0x1b70 [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
21:48:40.0325 0x1b70 BTHUSB - ok
21:48:40.0341 0x1b70 [ 5B8D71504FA8BFA308F6E1169B89D322, 1DC0CF47C5F655EA0F0992020C17A86D05637F55ACBB17380283EBB883A4D14D ] btmaux C:\Windows\system32\DRIVERS\btmaux.sys
21:48:40.0372 0x1b70 btmaux - ok
21:48:40.0512 0x1b70 [ D66F3A4F11E42142722DCF9DC5A451D6, 6576421E24ABB4F0A7B5EFB5CF6F9C6F510AFDD0087415D57A5ABBB0866B3E39 ] btmhsf C:\Windows\system32\DRIVERS\btmhsf.sys
21:48:40.0606 0x1b70 btmhsf - ok
21:48:40.0621 0x1b70 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:48:40.0699 0x1b70 cdfs - ok
21:48:40.0715 0x1b70 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:48:40.0746 0x1b70 cdrom - ok
21:48:40.0746 0x1b70 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
21:48:40.0809 0x1b70 CertPropSvc - ok
21:48:40.0824 0x1b70 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
21:48:40.0855 0x1b70 circlass - ok
21:48:40.0965 0x1b70 [ 690E0CA76895B27276A3A1FE2ECE050E, C1814938FA813783AD4322F9B4F3AC0E74A14EE9BD256D23BC89CB49C43806A2 ] cjpcsc C:\Windows\SysWOW64\cjpcsc.exe
21:48:40.0996 0x1b70 cjpcsc - ok
21:48:41.0011 0x1b70 [ F790E369579A718C8A41F3B94A389ADC, 70FBEAF9BBE890E0BBF4871F2A6CEC374BA5124097811725F41CDD89A40C30BA ] cjusb C:\Windows\system32\DRIVERS\cjusb.sys
21:48:41.0027 0x1b70 cjusb - ok
21:48:41.0058 0x1b70 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
21:48:41.0105 0x1b70 CLFS - ok
21:48:41.0245 0x1b70 [ 880A6DAC6E03871B37A782155D189A53, 93659BB67236F5EBC317FD73879EB79EFB195728A2C0BC997881D3622C6CF981 ] ClickToRunSvc C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
21:48:41.0433 0x1b70 ClickToRunSvc - ok
21:48:41.0464 0x1b70 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:48:41.0479 0x1b70 clr_optimization_v2.0.50727_32 - ok
21:48:41.0495 0x1b70 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:48:41.0526 0x1b70 clr_optimization_v2.0.50727_64 - ok
21:48:41.0573 0x1b70 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:48:41.0589 0x1b70 clr_optimization_v4.0.30319_32 - ok
21:48:41.0635 0x1b70 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:48:41.0667 0x1b70 clr_optimization_v4.0.30319_64 - ok
21:48:41.0682 0x1b70 [ 4ACAB07CC8AE9B4BEFB4BA1A0879A584, D6F615302E9D697117B865A2EA0B4EF799751405B40736EC053E9C6FBEE8215C ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
21:48:41.0713 0x1b70 clwvd - ok
21:48:41.0729 0x1b70 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
21:48:41.0745 0x1b70 CmBatt - ok
21:48:41.0760 0x1b70 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:48:41.0776 0x1b70 cmdide - ok
21:48:41.0807 0x1b70 [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG C:\Windows\system32\Drivers\cng.sys
21:48:41.0869 0x1b70 CNG - ok
21:48:41.0885 0x1b70 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
21:48:41.0901 0x1b70 Compbatt - ok
21:48:41.0916 0x1b70 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
21:48:41.0947 0x1b70 CompositeBus - ok
21:48:41.0947 0x1b70 COMSysApp - ok
21:48:41.0979 0x1b70 [ 5A4554AC07BB83AFD9AFFB9650362236, 306863372FF5D873BFD5BAEC964AD54770EB3BF517B690044904ACD0A1C725C2 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
21:48:42.0010 0x1b70 cphs - ok
21:48:42.0025 0x1b70 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
21:48:42.0041 0x1b70 crcdisk - ok
21:48:42.0072 0x1b70 [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:48:42.0103 0x1b70 CryptSvc - ok
21:48:42.0150 0x1b70 [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys
21:48:42.0197 0x1b70 CSC - ok
21:48:42.0275 0x1b70 [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll
21:48:42.0337 0x1b70 CscService - ok
21:48:42.0384 0x1b70 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:48:42.0500 0x1b70 DcomLaunch - ok
21:48:42.0543 0x1b70 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
21:48:42.0626 0x1b70 defragsvc - ok
21:48:42.0642 0x1b70 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:48:42.0720 0x1b70 DfsC - ok
21:48:42.0767 0x1b70 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
21:48:42.0801 0x1b70 Dhcp - ok
21:48:42.0816 0x1b70 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
21:48:42.0894 0x1b70 discache - ok
21:48:42.0910 0x1b70 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
21:48:42.0925 0x1b70 Disk - ok
21:48:42.0941 0x1b70 [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
21:48:42.0957 0x1b70 dmvsc - ok
21:48:42.0988 0x1b70 [ 1306282CA3A15DBA9515D0ACDFCBAC9B, 2F9CD4A0127E011B88C3675D752DEA1E7C2437932DB1C4CE22F73B7F46A44BCE ] DNE C:\Windows\system32\DRIVERS\dnelwf64.sys
21:48:43.0003 0x1b70 DNE - ok
21:48:43.0035 0x1b70 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:48:43.0067 0x1b70 Dnscache - ok
21:48:43.0095 0x1b70 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
21:48:43.0182 0x1b70 dot3svc - ok
21:48:43.0205 0x1b70 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
21:48:43.0285 0x1b70 DPS - ok
21:48:43.0295 0x1b70 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:48:43.0315 0x1b70 drmkaud - ok
21:48:43.0345 0x1b70 [ EE8684BF88C1B74D47647802281ED085, 9CA7803E2544304D3EDC19D2706ED8AC066E97BBF700ACC532C787537CDA99A4 ] DTSAudioSvc C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
21:48:43.0376 0x1b70 DTSAudioSvc - ok
21:48:43.0391 0x1b70 [ 1BDD188E026BA29B39637CCA616E2445, 876D7A8EBF70ED2DBB20EA570F307026C8DEC88E25F4D03C19CAE86ED2656F24 ] dvctprov C:\Windows\system32\DRIVERS\dvctprov.sys
21:48:43.0407 0x1b70 dvctprov - ok
21:48:43.0516 0x1b70 [ F59E2FE2687A5C30598F9099F318EB73, 80A0B1CC758BD3C4AEAB8E5804120D8A145F918B527F41DEF02A0E4EBE170F37 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:48:43.0594 0x1b70 DXGKrnl - ok
21:48:43.0657 0x1b70 [ 73F8DE25B04A66CE3BE5D09A10DE56E6, ABA5AA50D936897CC71D710BBCF9A1B1CCCAC290FCD10A710E4471C1CDDE1093 ] e1dexpress C:\Windows\system32\DRIVERS\e1d62x64.sys
21:48:43.0703 0x1b70 e1dexpress - ok
21:48:43.0719 0x1b70 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
21:48:43.0813 0x1b70 EapHost - ok
21:48:44.0062 0x1b70 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
21:48:44.0281 0x1b70 ebdrv - ok
21:48:44.0296 0x1b70 [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] EFS C:\Windows\System32\lsass.exe
21:48:44.0312 0x1b70 EFS - ok
21:48:44.0374 0x1b70 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:48:44.0421 0x1b70 ehRecvr - ok
21:48:44.0452 0x1b70 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
21:48:44.0468 0x1b70 ehSched - ok
21:48:44.0515 0x1b70 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
21:48:44.0561 0x1b70 elxstor - ok
21:48:44.0561 0x1b70 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:48:44.0593 0x1b70 ErrDev - ok
21:48:44.0624 0x1b70 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
21:48:44.0717 0x1b70 EventSystem - ok
21:48:44.0795 0x1b70 [ 50F9ACB987E517E6643E1F448BEAD8A0, C38A1271F2699B379D536A84C6097412BF1F9B3578E8C5AB0EFF77E459F283C1 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
21:48:44.0842 0x1b70 EvtEng - ok
21:48:44.0858 0x1b70 [ 7230F4CF9F20DCD1DBF4BB3296EEED68, 0B9EAA411271AAB9C84680AAF8910854124D8A318A7388E0E356869126BE533D ] ew_hwusbdev C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
21:48:44.0889 0x1b70 ew_hwusbdev - ok
21:48:44.0905 0x1b70 [ 5222D99C7E3245882E864D2EA7011387, 184E36074C765243783F69B7073FB2FAFC53BB18209ECD5030514CC513A47C8B ] ew_usbenumfilter C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys
21:48:44.0936 0x1b70 ew_usbenumfilter - ok
21:48:44.0951 0x1b70 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
21:48:45.0029 0x1b70 exfat - ok
21:48:45.0061 0x1b70 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:48:45.0154 0x1b70 fastfat - ok
21:48:45.0232 0x1b70 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
21:48:45.0295 0x1b70 Fax - ok
21:48:45.0310 0x1b70 [ 9955BF48FD2FA8D481848CD3024EDD0B, 327E290141625C3E810D741CA106651C5A8EEF5DFA6477ACC5843D9D80DFC6FA ] FBIOSDRV C:\Windows\system32\Drivers\FBIOSDRV.sys
21:48:45.0326 0x1b70 FBIOSDRV - ok
21:48:45.0326 0x1b70 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
21:48:45.0357 0x1b70 fdc - ok
21:48:45.0357 0x1b70 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
21:48:45.0435 0x1b70 fdPHost - ok
21:48:45.0451 0x1b70 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
21:48:45.0529 0x1b70 FDResPub - ok
21:48:45.0544 0x1b70 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:48:45.0560 0x1b70 FileInfo - ok
21:48:45.0575 0x1b70 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:48:45.0653 0x1b70 Filetrace - ok
21:48:45.0653 0x1b70 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
21:48:45.0685 0x1b70 flpydisk - ok
21:48:45.0716 0x1b70 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:48:45.0747 0x1b70 FltMgr - ok
21:48:45.0841 0x1b70 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
21:48:45.0950 0x1b70 FontCache - ok
21:48:45.0965 0x1b70 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:48:45.0981 0x1b70 FontCache3.0.0.0 - ok
21:48:45.0997 0x1b70 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:48:46.0012 0x1b70 FsDepends - ok
21:48:46.0028 0x1b70 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:48:46.0043 0x1b70 Fs_Rec - ok
21:48:46.0043 0x1b70 [ BA0C1FFDA496D8BCBCAC63F8D98D20E3, 28D37F07A58D5AFA48A18BB4A780A36A3F8D49E94DE8CA5071071CCF16C0C090 ] FUJ02B1 C:\Windows\system32\drivers\FUJ02B1.sys
21:48:46.0075 0x1b70 FUJ02B1 - ok
21:48:46.0075 0x1b70 [ 7135030CBF87D724B6037BB023923730, 1F6D9A7D7033226507DEDD53CB686C0F3CDC15FD7E77DBC5263256E8EB541E4E ] FUJ02E3 C:\Windows\system32\drivers\FUJ02E3.sys
21:48:46.0090 0x1b70 FUJ02E3 - ok
21:48:46.0121 0x1b70 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:48:46.0153 0x1b70 fvevol - ok
21:48:46.0168 0x1b70 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
21:48:46.0199 0x1b70 gagp30kx - ok
21:48:46.0277 0x1b70 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
21:48:46.0387 0x1b70 gpsvc - ok
21:48:46.0402 0x1b70 [ 6D6512575C7D4B027DD2420C84CC621A, FE8C9BAC0662C406345692F5DB35846E033AC4C3E0DF59065D7A513D9365725E ] guardian2 C:\Windows\system32\Drivers\oz776x64.sys
21:48:46.0433 0x1b70 guardian2 - ok
21:48:46.0449 0x1b70 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:48:46.0480 0x1b70 gupdate - ok
21:48:46.0496 0x1b70 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:48:46.0511 0x1b70 gupdatem - ok
21:48:46.0511 0x1b70 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:48:46.0543 0x1b70 hcw85cir - ok
21:48:46.0574 0x1b70 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:48:46.0621 0x1b70 HdAudAddService - ok
21:48:46.0652 0x1b70 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
21:48:46.0683 0x1b70 HDAudBus - ok
21:48:46.0699 0x1b70 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
21:48:46.0714 0x1b70 HidBatt - ok
21:48:46.0730 0x1b70 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
21:48:46.0761 0x1b70 HidBth - ok
21:48:46.0777 0x1b70 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
21:48:46.0808 0x1b70 HidIr - ok
21:48:46.0823 0x1b70 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
21:48:46.0901 0x1b70 hidserv - ok
21:48:46.0917 0x1b70 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:48:46.0933 0x1b70 HidUsb - ok
21:48:46.0948 0x1b70 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:48:47.0026 0x1b70 hkmsvc - ok
21:48:47.0057 0x1b70 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:48:47.0089 0x1b70 HomeGroupListener - ok
21:48:47.0120 0x1b70 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:48:47.0151 0x1b70 HomeGroupProvider - ok
21:48:47.0167 0x1b70 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:48:47.0182 0x1b70 HpSAMD - ok
21:48:47.0260 0x1b70 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:48:47.0385 0x1b70 HTTP - ok
21:48:47.0401 0x1b70 [ 5004E766075BADA25608489A7C649698, 685D6F5B99C06EF091BB126CA3FEADCA3ED3C05DD78B6709AF04A1DD0A030BAE ] huawei_cdcacm C:\Windows\system32\DRIVERS\ew_jucdcacm.sys
21:48:47.0432 0x1b70 huawei_cdcacm - ok
21:48:47.0447 0x1b70 [ D49D4E7B70AD6B1D04771AC1F7DB79C7, 093D8343CF769FC805308ED357EEF30E3D78569B817A20FE9884863A1FDBC028 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
21:48:47.0479 0x1b70 huawei_enumerator - ok
21:48:47.0525 0x1b70 [ C08814014290BF3AD581C0E9C5919269, 9C16822AC6B8977AAEFDB54C2B4295546461DD888060B62223EF20151790C934 ] HWDeviceService64.exe C:\ProgramData\DatacardService\HWDeviceService64.exe
21:48:47.0572 0x1b70 HWDeviceService64.exe - ok
21:48:47.0588 0x1b70 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:48:47.0603 0x1b70 hwpolicy - ok
21:48:47.0619 0x1b70 [ 26DA38304822C347DC65A9218C84A376, C765543D6EDDFFBAA7B262C484BAFD75993EDCF42C4FC9A0D945A63AF8708CCC ] hwusb_cdcacm C:\Windows\system32\DRIVERS\ew_cdcacm.sys
21:48:47.0650 0x1b70 hwusb_cdcacm - ok
21:48:47.0697 0x1b70 [ 8B1D65B96AA5D97C5C883279ABABD97B, EA2B804E67335352F4B318B01D334FF357CCAF0535059F1C4D57C1BD5C62AFAC ] hwusb_wwanecm C:\Windows\system32\DRIVERS\ew_wwanecm.sys
21:48:47.0728 0x1b70 hwusb_wwanecm - ok
21:48:47.0759 0x1b70 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
21:48:47.0775 0x1b70 i8042prt - ok
21:48:47.0853 0x1b70 [ 71341219FBB4BAB7F2462C4267DAB594, 0C6B684781D27F423D20186A40D7513DD6ABC38AD286D013791B37CBF5477A55 ] iaStorA C:\Windows\system32\drivers\iaStorA.sys
21:48:47.0900 0x1b70 iaStorA - ok
21:48:47.0915 0x1b70 [ B9D5AE799CB622C144AE5399C55EF29B, 5C2858590436EEDDE029C5448AEC3ACBB1C0FCED23F305302BAF831C6EC1654A ] iaStorF C:\Windows\system32\drivers\iaStorF.sys
21:48:47.0931 0x1b70 iaStorF - ok
21:48:47.0993 0x1b70 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:48:48.0025 0x1b70 iaStorV - ok
21:48:48.0056 0x1b70 [ 617EEDD27FB557C9D95D68096564C930, 59AA6F9884C9B504D5B524B6EFF8148669251085FAF12AE3634F0C753850CDC3 ] ibtusb C:\Windows\system32\DRIVERS\ibtusb.sys
21:48:48.0071 0x1b70 ibtusb - ok
21:48:48.0165 0x1b70 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:48:48.0243 0x1b70 idsvc - ok
21:48:48.0259 0x1b70 IEEtwCollectorService - ok
21:48:48.0664 0x1b70 [ AEF200DC087141A5F66A6B006D2F0FD4, A38A0684637D9FE58271D91B93184A72414948E35145D19246BF6FBC60E28B3C ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
21:48:48.0961 0x1b70 igfx - ok
21:48:49.0007 0x1b70 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
21:48:49.0023 0x1b70 iirsp - ok
21:48:49.0117 0x1b70 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
21:48:49.0195 0x1b70 IKEEXT - ok
21:48:49.0507 0x1b70 [ 24709D61F21838470F1FCC8C9710A14B, 9C63EE2DCD97F27BC251F2B4337B6FE7963B086E435D12F9947D173AE678CA29 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:48:49.0741 0x1b70 IntcAzAudAddService - ok
21:48:49.0803 0x1b70 [ EEE7376243CD8A4B49B885EF122D25E5, A3B89E7B513C95558C4DA41D3C136D464381263BA43E00EC136FC776DAA0BA94 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
21:48:49.0850 0x1b70 IntcDAud - ok
21:48:49.0943 0x1b70 [ DAE6C3099D291EED8922A65C29ABCF52, AD0A932345382824122F84AF97A8609BAE1B916A3B9FD608779A1411E37D3643 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
21:48:49.0990 0x1b70 Intel(R) Capability Licensing Service Interface - detected UnsignedFile.Multi.Generic ( 1 )
21:48:52.0455 0x1b70 Detect skipped due to KSN trusted
21:48:52.0455 0x1b70 Intel(R) Capability Licensing Service Interface - ok
21:48:52.0533 0x1b70 [ D45226E3E7A25F1E7CE8DF8FD0A2A098, 7BD74E9E3CB0A83D26BA3FD8177C6B9BA46A8695B6569CF7887FDC87947DA2D6 ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
21:48:52.0595 0x1b70 Intel(R) Capability Licensing Service TCP IP Interface - ok
21:48:52.0611 0x1b70 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
21:48:52.0627 0x1b70 intelide - ok
21:48:52.0642 0x1b70 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:48:52.0673 0x1b70 intelppm - ok
21:48:52.0754 0x1b70 [ 477BE2027FB0E5F50A6CD424BFDB3BAA, B9311F9F9685D13FA83B1E168EB6D3555ABAA8C402B4C47EB2629BA6F11444E8 ] Internet Manager. RunOuc C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe
21:48:52.0801 0x1b70 Internet Manager. RunOuc - ok
21:48:52.0832 0x1b70 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:48:52.0910 0x1b70 IPBusEnum - ok
21:48:52.0925 0x1b70 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:48:53.0003 0x1b70 IpFilterDriver - ok
21:48:53.0066 0x1b70 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:48:53.0128 0x1b70 iphlpsvc - ok
21:48:53.0144 0x1b70 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:48:53.0159 0x1b70 IPMIDRV - ok
21:48:53.0191 0x1b70 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:48:53.0269 0x1b70 IPNAT - ok
21:48:53.0269 0x1b70 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:48:53.0315 0x1b70 IRENUM - ok
21:48:53.0315 0x1b70 [ 4D9B9A794F22415B8C3E0CCFBE61BC7A, 4CF01BC95F0AD7DC42AF8A0FCE032DF00610524A98CF52F531E9DE93137E7B87 ] irstrtdv C:\Windows\system32\DRIVERS\irstrtdv.sys
21:48:53.0347 0x1b70 irstrtdv - ok
21:48:53.0425 0x1b70 [ 52BEB745BA22FB8BA70B9DB438711D94, 4563A3FF3B8339E6763750FA35C2729A301F18290C6218FECC2CA1780A98C462 ] irstrtsv C:\Windows\SysWOW64\irstrtsv.exe
21:48:53.0487 0x1b70 irstrtsv - ok
21:48:53.0487 0x1b70 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:48:53.0503 0x1b70 isapnp - ok
21:48:53.0549 0x1b70 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:48:53.0581 0x1b70 iScsiPrt - ok
21:48:53.0581 0x1b70 [ 78D369F8A81A341109FBA1DB64B4C512, E584F693255CCBF7006E7D35984149CF599BB0849A8F02EFDD6223DF0D606049 ] iusb3hcs C:\Windows\system32\drivers\iusb3hcs.sys
21:48:53.0596 0x1b70 iusb3hcs - ok
21:48:53.0643 0x1b70 [ 5B632ABA038CE2E2D5D2D1115C6B26D1, 605A8FFA704E4369CF9D17DF8630DC9E196B8920D47F1CC5151759E60B234C1F ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
21:48:53.0659 0x1b70 iusb3hub - ok
21:48:53.0742 0x1b70 [ EA841584EF59528D11F20355770E427E, 515737761BB2A0A233F4AD141E28D93E3B9789320A15B7D5FB3DB5AC3CD8E249 ] iusb3xhc C:\Windows\system32\drivers\iusb3xhc.sys
21:48:53.0788 0x1b70 iusb3xhc - ok
21:48:53.0820 0x1b70 [ 52069AEB42D3D0F97CBCA1085EBF55E6, ADB2EFFF563B3FE113FCD156FD1E469BC24FC1D68AFEDCA21306F76592C9FF88 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
21:48:53.0835 0x1b70 jhi_service - ok
21:48:53.0851 0x1b70 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
21:48:53.0866 0x1b70 kbdclass - ok
21:48:53.0866 0x1b70 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
21:48:53.0898 0x1b70 kbdhid - ok
21:48:53.0898 0x1b70 [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] KeyIso C:\Windows\system32\lsass.exe
21:48:53.0913 0x1b70 KeyIso - ok
21:48:53.0929 0x1b70 [ 56ED3EE5FED6BF2FC1305CF872042868, 44F77AE3CD83284800FF106156ABCB63047327855E2535EE278289AF6F05579C ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:48:53.0944 0x1b70 KSecDD - ok
21:48:53.0960 0x1b70 [ 8BA90F480705D7153AD0060CCA62222A, B3E610DFAB382368114D026947084A72AFC4F5BF9C28317F411D4ED91E0B3192 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:48:53.0976 0x1b70 KSecPkg - ok
21:48:53.0991 0x1b70 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:48:54.0054 0x1b70 ksthunk - ok
21:48:54.0085 0x1b70 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
21:48:54.0163 0x1b70 KtmRm - ok
21:48:54.0194 0x1b70 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
21:48:54.0256 0x1b70 LanmanServer - ok
21:48:54.0272 0x1b70 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:48:54.0334 0x1b70 LanmanWorkstation - ok
21:48:54.0350 0x1b70 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:48:54.0412 0x1b70 lltdio - ok
21:48:54.0444 0x1b70 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:48:54.0522 0x1b70 lltdsvc - ok
21:48:54.0522 0x1b70 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:48:54.0584 0x1b70 lmhosts - ok
21:48:54.0631 0x1b70 [ 08E2B577DB95156F9A658C988EE71F5D, D229FFD97EE9478169D2418A722FD2AD6AD10108FF1B0156BE9A1ADF38B5633A ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
21:48:54.0662 0x1b70 LMS - ok
21:48:54.0683 0x1b70 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
21:48:54.0698 0x1b70 LSI_FC - ok
21:48:54.0714 0x1b70 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
21:48:54.0729 0x1b70 LSI_SAS - ok
21:48:54.0745 0x1b70 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
21:48:54.0761 0x1b70 LSI_SAS2 - ok
21:48:54.0776 0x1b70 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
21:48:54.0792 0x1b70 LSI_SCSI - ok
21:48:54.0807 0x1b70 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
21:48:54.0885 0x1b70 luafv - ok
21:48:54.0901 0x1b70 [ CF12E148C6FC151335B7D7FE03F1C7A2, 7087DF6D884AF0A57AC22D7AE9C2903913AAB4CE52D19666B6513C3D5706E43C ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
21:48:54.0932 0x1b70 MBAMProtector - ok
21:48:54.0995 0x1b70 [ E27891A49DF92004041FEC5C3A2D4230, A4679A1F10F84935875E35A83FC7075499B8F4CBB543209A38C0D946347CD264 ] MBAMService C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
21:48:55.0073 0x1b70 MBAMService - ok
21:48:55.0088 0x1b70 [ 0CE2F3E26C770CBAEB50787A2C1FD09E, 2DDB1827027D2CC8E78FE737B5DA21783EFCD13430DBB140C34DAACACD6EF492 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
21:48:55.0104 0x1b70 MBAMWebAccessControl - ok
21:48:55.0119 0x1b70 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:48:55.0151 0x1b70 Mcx2Svc - ok
21:48:55.0166 0x1b70 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
21:48:55.0182 0x1b70 megasas - ok
21:48:55.0213 0x1b70 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
21:48:55.0244 0x1b70 MegaSR - ok
21:48:55.0275 0x1b70 [ E0EF6C1399A9B1AAA0B28590411BED04, 10C193D1ED434A6DC2AD8C450012B9AF1C848A0A0B3B775F13495648FB77E009 ] MEIx64 C:\Windows\system32\DRIVERS\TeeDriverx64.sys
21:48:55.0291 0x1b70 MEIx64 - ok
21:48:55.0307 0x1b70 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
21:48:55.0385 0x1b70 MMCSS - ok
21:48:55.0400 0x1b70 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
21:48:55.0478 0x1b70 Modem - ok
21:48:55.0478 0x1b70 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:48:55.0509 0x1b70 monitor - ok
21:48:55.0525 0x1b70 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:48:55.0541 0x1b70 mouclass - ok
21:48:55.0556 0x1b70 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:48:55.0572 0x1b70 mouhid - ok
21:48:55.0587 0x1b70 [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:48:55.0619 0x1b70 mountmgr - ok
21:48:55.0634 0x1b70 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
21:48:55.0665 0x1b70 mpio - ok
21:48:55.0681 0x1b70 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:48:55.0748 0x1b70 mpsdrv - ok
21:48:55.0842 0x1b70 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:48:55.0951 0x1b70 MpsSvc - ok
21:48:55.0982 0x1b70 [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:48:56.0014 0x1b70 MRxDAV - ok
21:48:56.0029 0x1b70 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:48:56.0060 0x1b70 mrxsmb - ok
21:48:56.0092 0x1b70 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:48:56.0123 0x1b70 mrxsmb10 - ok
21:48:56.0138 0x1b70 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:48:56.0170 0x1b70 mrxsmb20 - ok
21:48:56.0185 0x1b70 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
21:48:56.0201 0x1b70 msahci - ok
21:48:56.0216 0x1b70 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:48:56.0248 0x1b70 msdsm - ok
21:48:56.0263 0x1b70 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
21:48:56.0294 0x1b70 MSDTC - ok
21:48:56.0310 0x1b70 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:48:56.0388 0x1b70 Msfs - ok
21:48:56.0404 0x1b70 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:48:56.0482 0x1b70 mshidkmdf - ok
21:48:56.0482 0x1b70 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:48:56.0497 0x1b70 msisadrv - ok
21:48:56.0528 0x1b70 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:48:56.0606 0x1b70 MSiSCSI - ok
21:48:56.0622 0x1b70 msiserver - ok
21:48:56.0622 0x1b70 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:48:56.0703 0x1b70 MSKSSRV - ok
21:48:56.0703 0x1b70 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:48:56.0781 0x1b70 MSPCLOCK - ok
21:48:56.0796 0x1b70 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:48:56.0859 0x1b70 MSPQM - ok
21:48:56.0905 0x1b70 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:48:56.0937 0x1b70 MsRPC - ok
21:48:56.0952 0x1b70 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
21:48:56.0983 0x1b70 mssmbios - ok
21:48:56.0983 0x1b70 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:48:57.0061 0x1b70 MSTEE - ok
21:48:57.0077 0x1b70 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
21:48:57.0093 0x1b70 MTConfig - ok
21:48:57.0108 0x1b70 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
21:48:57.0124 0x1b70 Mup - ok
21:48:57.0155 0x1b70 [ 0F2D4F6F18910DADD7F8C25F12569571, 8C50DDA70F0EFD133DF51BC07062D1E89D141B75EFA718BAFA65D2190F885686 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
21:48:57.0186 0x1b70 MyWiFiDHCPDNS - ok
21:48:57.0233 0x1b70 [ 3AF44CF68583D76B7F14722E6E8C04A9, 18C81D4574C8131D060693B5E9FE9C87789792D27FB97B76E2B05CA703FCC1F6 ] NanoServiceMain C:\Program Files (x86)\Panda Security\WAC\PSANHost.exe
21:48:57.0249 0x1b70 NanoServiceMain - ok
21:48:57.0295 0x1b70 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
21:48:57.0405 0x1b70 napagent - ok
21:48:57.0451 0x1b70 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:48:57.0498 0x1b70 NativeWifiP - ok
21:48:57.0576 0x1b70 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
21:48:57.0654 0x1b70 NDIS - ok
21:48:57.0670 0x1b70 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:48:57.0748 0x1b70 NdisCap - ok
21:48:57.0748 0x1b70 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:48:57.0826 0x1b70 NdisTapi - ok
21:48:57.0841 0x1b70 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:48:57.0919 0x1b70 Ndisuio - ok
21:48:57.0935 0x1b70 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:48:58.0013 0x1b70 NdisWan - ok
21:48:58.0029 0x1b70 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:48:58.0107 0x1b70 NDProxy - ok
21:48:58.0107 0x1b70 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:48:58.0185 0x1b70 NetBIOS - ok
21:48:58.0216 0x1b70 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:48:58.0309 0x1b70 NetBT - ok
21:48:58.0309 0x1b70 [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] Netlogon C:\Windows\system32\lsass.exe
21:48:58.0341 0x1b70 Netlogon - ok
21:48:58.0372 0x1b70 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
21:48:58.0465 0x1b70 Netman - ok
21:48:58.0512 0x1b70 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:48:58.0543 0x1b70 NetMsmqActivator - ok
21:48:58.0559 0x1b70 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:48:58.0590 0x1b70 NetPipeActivator - ok
21:48:58.0637 0x1b70 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
21:48:58.0749 0x1b70 netprofm - ok
21:48:58.0764 0x1b70 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:48:58.0795 0x1b70 NetTcpActivator - ok
21:48:58.0811 0x1b70 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:48:58.0842 0x1b70 NetTcpPortSharing - ok
21:48:59.0217 0x1b70 [ AC4ADBF02E7AED8B4C7F3099D920BCED, 907CB2D81BC7DB77A488FE074B0228592A05238F0409FB3690FDB734614518A2 ] NETwNs64 C:\Windows\system32\DRIVERS\NETwsw02.sys
21:48:59.0451 0x1b70 NETwNs64 - ok
21:48:59.0466 0x1b70 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
21:48:59.0497 0x1b70 nfrd960 - ok
21:48:59.0529 0x1b70 [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll
21:48:59.0560 0x1b70 NlaSvc - ok
21:48:59.0575 0x1b70 [ 4516E83F2C561074EF313E953398A883, 6997DE0C5B4972D90FA903C124B31BB6CA7789CADC5C4F84F43ECE857104B4BC ] NNSALPC C:\Windows\system32\DRIVERS\NNSAlpc.sys
21:48:59.0607 0x1b70 NNSALPC - ok
21:48:59.0622 0x1b70 [ 43C2B47B6DABA4589900446D029FF2E8, 564CA5B27266A8897FBF76F9AE3BA070835EB8679315F67FB6CC33A2D145D077 ] NNSHTTP C:\Windows\system32\DRIVERS\NNSHttp.sys
21:48:59.0638 0x1b70 NNSHTTP - ok
21:48:59.0669 0x1b70 [ 3243F6EAB60ABD6B41C4E7C1DD58D5B2, 59685A60AADC8EBA0559D0E2071689B85EBD8CB016A777F58F7E2D5490B76F6F ] NNSHTTPS C:\Windows\system32\DRIVERS\NNSHttps.sys
21:48:59.0685 0x1b70 NNSHTTPS - ok
21:48:59.0705 0x1b70 [ 7EE82878FF544EA90979D021A0E719E2, 93F045D16F478D994974396EC903CADAE0292FF837D06F47709DB5C20F7737C9 ] NNSIDS C:\Windows\system32\DRIVERS\NNSIds.sys
21:48:59.0736 0x1b70 NNSIDS - ok
21:48:59.0752 0x1b70 [ 2F203B131100EC5575BBFC868E8BB5E0, 901F874854C96D1B7B8ED545DE75C60ED31A36E9DAB99A7F4E96709CB9FEE583 ] NNSPICC C:\Windows\system32\DRIVERS\NNSPicc.sys
21:48:59.0768 0x1b70 NNSPICC - ok
21:48:59.0783 0x1b70 [ 0C71237EC1E2FA452562270BDBA1AFB9, C2315E9C29EB168E4B89F8587320D2471F5CBE44CB53F7D4D7ECC4C471C6C039 ] NNSPIHSW C:\Windows\system32\DRIVERS\NNSPihsw.sys
21:48:59.0814 0x1b70 NNSPIHSW - ok
21:48:59.0830 0x1b70 [ D622E5079A58C34FAAB9877B4599136E, 7E4B1AF98DECD12F2AC305C8630BA31B45643565012B6A2F999B63628BD43BD3 ] NNSPOP3 C:\Windows\system32\DRIVERS\NNSPop3.sys
21:48:59.0861 0x1b70 NNSPOP3 - ok
21:48:59.0892 0x1b70 [ 2BC361B791886478EECEB763BB2D4A3D, B8E0B7EA237B588A90343110E22A989D01C742E2EE5A77974AB99E083EFDCB15 ] NNSPROT C:\Windows\system32\DRIVERS\NNSProt.sys
21:48:59.0939 0x1b70 NNSPROT - ok
21:48:59.0955 0x1b70 [ 3F00FEF52455214CCFEF97D4CC7C5946, AB7CECF14DE6E4F5EE76B7456D5B92CC73197C552B53FD59DA261A398ECE3130 ] NNSPRV C:\Windows\system32\DRIVERS\NNSPrv.sys
21:48:59.0986 0x1b70 NNSPRV - ok
21:49:00.0002 0x1b70 [ 193CB6CDCB81AAB58E69A0CC84CB34BC, B79A0646358D592AE0A06C34AF3AEDACAAB14A782C4E1BED3E6688B822C91574 ] NNSSMTP C:\Windows\system32\DRIVERS\NNSSmtp.sys
21:49:00.0017 0x1b70 NNSSMTP - ok
21:49:00.0064 0x1b70 [ 495B24E7C9EE8AA58478E6AC057FF5CE, AF8D85D5486988B8D487E983DC81E1116DE80C2AC956C70C7B0A0AC12882EB25 ] NNSSTRM C:\Windows\system32\DRIVERS\NNSStrm.sys
21:49:00.0095 0x1b70 NNSSTRM - ok
21:49:00.0111 0x1b70 [ EF3C5E7443ACA2472B77AD16B1DF9EBB, ECEB9E46B1231064A60C9D0893A683736549D9447E41D28B99DFC6CB0D7C52BA ] NNSTLSC C:\Windows\system32\DRIVERS\NNSTlsc.sys
21:49:00.0126 0x1b70 NNSTLSC - ok
21:49:00.0142 0x1b70 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:49:00.0220 0x1b70 Npfs - ok
21:49:00.0236 0x1b70 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
21:49:00.0314 0x1b70 nsi - ok
21:49:00.0314 0x1b70 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:49:00.0392 0x1b70 nsiproxy - ok
21:49:00.0563 0x1b70 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:49:00.0672 0x1b70 Ntfs - ok
21:49:00.0688 0x1b70 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
21:49:00.0771 0x1b70 Null - ok
21:49:00.0787 0x1b70 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:49:00.0818 0x1b70 nvraid - ok
21:49:00.0833 0x1b70 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:49:00.0865 0x1b70 nvstor - ok
21:49:00.0880 0x1b70 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:49:00.0911 0x1b70 nv_agp - ok
21:49:00.0911 0x1b70 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:49:00.0943 0x1b70 ohci1394 - ok
21:49:00.0974 0x1b70 [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:49:00.0989 0x1b70 ose - ok
21:49:01.0489 0x1b70 [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:49:01.0790 0x1b70 osppsvc - ok
21:49:01.0837 0x1b70 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:49:01.0868 0x1b70 p2pimsvc - ok
21:49:01.0915 0x1b70 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
21:49:01.0962 0x1b70 p2psvc - ok
21:49:01.0977 0x1b70 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys
21:49:01.0993 0x1b70 Parport - ok
21:49:02.0008 0x1b70 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:49:02.0024 0x1b70 partmgr - ok
21:49:02.0040 0x1b70 [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:49:02.0071 0x1b70 PcaSvc - ok
21:49:02.0102 0x1b70 [ B26E102E0F54773119B162F56C9DD994, B28724DF87E838CFF7AC0E70E66C5F8FFA21B66BAEF8AE9CA148A7B51EF316CF ] pci C:\Windows\system32\drivers\pci.sys
21:49:02.0118 0x1b70 pci - ok
21:49:02.0133 0x1b70 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
21:49:02.0149 0x1b70 pciide - ok
21:49:02.0164 0x1b70 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
21:49:02.0196 0x1b70 pcmcia - ok
21:49:02.0211 0x1b70 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
21:49:02.0227 0x1b70 pcw - ok
21:49:02.0258 0x1b70 [ C1C3BAF078BE5A14384A4BA2D730817D, 6E4D2F73A1CB250B3EE270CCE806A37EB2140E34EAF9F48C45CC12D2A451AA16 ] PDFProFiltSrvPP C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
21:49:02.0289 0x1b70 PDFProFiltSrvPP - ok
21:49:02.0336 0x1b70 [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:49:02.0398 0x1b70 PEAUTH - ok
21:49:02.0523 0x1b70 [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
21:49:02.0632 0x1b70 PeerDistSvc - ok
21:49:02.0695 0x1b70 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:49:02.0731 0x1b70 PerfHost - ok
21:49:02.0949 0x1b70 [ AB5CB118C78A43CFDACFA2E7F1A18515, 9C37965D6D9DC260D5219A6811938228792CD2DDCF4C13FAE6AF592C70775476 ] PFNService C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
21:49:03.0105 0x1b70 PFNService - detected UnsignedFile.Multi.Generic ( 1 )
21:49:05.0903 0x1b70 PFNService ( UnsignedFile.Multi.Generic ) - warning
21:49:08.0622 0x1b70 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
21:49:08.0794 0x1b70 pla - ok
21:49:08.0856 0x1b70 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:49:08.0903 0x1b70 PlugPlay - ok
21:49:08.0903 0x1b70 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:49:08.0934 0x1b70 PNRPAutoReg - ok
21:49:08.0965 0x1b70 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:49:09.0012 0x1b70 PNRPsvc - ok
21:49:09.0075 0x1b70 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:49:09.0168 0x1b70 PolicyAgent - ok
21:49:09.0199 0x1b70 [ A2CCA4FB273E6050F17A0A416CFF2FCD, C42BA18DF0C8E3F7358669A784E51E4DC7A4112096345EA699EDC95F561E0255 ] Power C:\Windows\system32\umpo.dll
21:49:09.0231 0x1b70 Power - ok
21:49:09.0246 0x1b70 [ 52598639202DE0CEAEC6E71E6A0E0E69, 1E3B9781BBB146441D94D6A07BC97D0175A866CBE9D7CA06D9ADFB41D1238F13 ] PowerSavingUtilityService C:\Program Files\Fujitsu\PSUtility\PSUService.exe
21:49:09.0262 0x1b70 PowerSavingUtilityService - ok
21:49:09.0277 0x1b70 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:49:09.0355 0x1b70 PptpMiniport - ok
21:49:09.0371 0x1b70 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
21:49:09.0387 0x1b70 Processor - ok
21:49:09.0418 0x1b70 [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll
21:49:09.0449 0x1b70 ProfSvc - ok
21:49:09.0465 0x1b70 [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:49:09.0480 0x1b70 ProtectedStorage - ok
21:49:09.0496 0x1b70 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:49:09.0574 0x1b70 Psched - ok
21:49:09.0605 0x1b70 [ AA0C0C6F0400B8D314F84B06524DEDAA, 12EF0446F9D139954443178EAF6EB53B9E6BA6F0242FBD99C0EB85D65F0CB54B ] PSINAflt C:\Windows\system32\DRIVERS\PSINAflt.sys
21:49:09.0636 0x1b70 PSINAflt - ok
21:49:09.0652 0x1b70 [ D04814EC1362ECA6E830B638DA7AD283, 3677794BF5CBF646624940B85A84D0ECCA5F4214FE2BB2CF679419E53EA5A9A5 ] PSINDvct C:\Windows\system32\DRIVERS\PSINDvct.sys
21:49:09.0667 0x1b70 PSINDvct - ok
21:49:09.0683 0x1b70 [ CD2E70AFCAC449F9ECA9E12398A45F54, 3D21CAE9FBD5174E92FBDE5C60BD3F0A77E8D54CA13C8D6591B0B3A6258F74F6 ] PSINFile C:\Windows\system32\DRIVERS\PSINFile.sys
21:49:09.0714 0x1b70 PSINFile - ok
21:49:09.0745 0x1b70 [ 17ECD423F49440F9917772DF88B2751D, 3841009CC8FAFFC5B2E4B19DB56F7F5D5BFF07056E26285392DC319C5C4BB5D2 ] PSINKNC C:\Windows\system32\DRIVERS\psinknc.sys
21:49:09.0761 0x1b70 PSINKNC - ok
21:49:09.0792 0x1b70 [ D957484B7406785A574C19639A49E919, 8B4F6786AFB964476E63E028ED42C38ADE0285BBE560F7400E5DD9A1A083FEB6 ] PSINProc C:\Windows\system32\DRIVERS\PSINProc.sys
21:49:09.0808 0x1b70 PSINProc - ok
21:49:09.0839 0x1b70 [ 1F008396FC4FD5D997ECEBC62A77F3EB, 812BC1DF0F1F583FC015B9369BC55DFDDF0A59FFCC2FA8695A7E1629172F5617 ] PSINProt C:\Windows\system32\DRIVERS\PSINProt.sys
21:49:09.0855 0x1b70 PSINProt - ok
21:49:09.0870 0x1b70 [ B3D55D17538F0FE4373206E82600D612, CDA83A92CF67280D5A17E203ED4C55E2BE93F8200B115B6BA33664861F0E5130 ] PSKMAD C:\Windows\system32\DRIVERS\PSKMAD.sys
21:49:09.0886 0x1b70 PSKMAD - ok
21:49:09.0917 0x1b70 [ 7C25265ABD16AA13BFFDDCFF2C204402, BBCF14646E2A50F25B020A14B7AD6C4868D4E76418336F85DA5DECBA690F1733 ] PSUAService C:\Program Files (x86)\Panda Security\WAC\PSUAService.exe
21:49:09.0933 0x1b70 PSUAService - ok
21:49:10.0073 0x1b70 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
21:49:10.0182 0x1b70 ql2300 - ok
21:49:10.0213 0x1b70 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
21:49:10.0245 0x1b70 ql40xx - ok
21:49:10.0260 0x1b70 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
21:49:10.0323 0x1b70 QWAVE - ok
21:49:10.0323 0x1b70 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:49:10.0369 0x1b70 QWAVEdrv - ok
21:49:10.0369 0x1b70 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:49:10.0447 0x1b70 RasAcd - ok
21:49:10.0463 0x1b70 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:49:10.0541 0x1b70 RasAgileVpn - ok
21:49:10.0557 0x1b70 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
21:49:10.0635 0x1b70 RasAuto - ok
21:49:10.0650 0x1b70 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:49:10.0728 0x1b70 Rasl2tp - ok
21:49:10.0775 0x1b70 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
21:49:10.0869 0x1b70 RasMan - ok
21:49:10.0884 0x1b70 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:49:10.0962 0x1b70 RasPppoe - ok
21:49:10.0978 0x1b70 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:49:11.0056 0x1b70 RasSstp - ok
21:49:11.0103 0x1b70 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:49:11.0181 0x1b70 rdbss - ok
21:49:11.0196 0x1b70 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
21:49:11.0227 0x1b70 rdpbus - ok
21:49:11.0243 0x1b70 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:49:11.0305 0x1b70 RDPCDD - ok
21:49:11.0337 0x1b70 [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
21:49:11.0368 0x1b70 RDPDR - ok
21:49:11.0368 0x1b70 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:49:11.0446 0x1b70 RDPENCDD - ok
21:49:11.0461 0x1b70 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:49:11.0539 0x1b70 RDPREFMP - ok
21:49:11.0555 0x1b70 [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
21:49:11.0571 0x1b70 RdpVideoMiniport - ok
21:49:11.0602 0x1b70 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:49:11.0633 0x1b70 RDPWD - ok
21:49:11.0664 0x1b70 [ A115F49BEA840A5F049BC6310F35F776, 3A4D681959A493ECC24C4B0925F5F4FD336F93C317198C210907E466D3F704CA ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:49:11.0695 0x1b70 rdyboost - ok
21:49:11.0711 0x1b70 [ 51D90954481235A14CB5264C34CEC68B, E0C006A232201F24D29268910D2FE5AA36099AA90853A89335D0C76A369F821B ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
21:49:11.0742 0x1b70 RegSrvc - ok
21:49:11.0758 0x1b70 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:49:11.0836 0x1b70 RemoteAccess - ok
21:49:11.0851 0x1b70 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:49:11.0945 0x1b70 RemoteRegistry - ok
21:49:11.0961 0x1b70 [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
21:49:12.0007 0x1b70 RFCOMM - ok
21:49:12.0023 0x1b70 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:49:12.0101 0x1b70 RpcEptMapper - ok
21:49:12.0101 0x1b70 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
21:49:12.0132 0x1b70 RpcLocator - ok
21:49:12.0179 0x1b70 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
21:49:12.0288 0x1b70 RpcSs - ok
21:49:12.0304 0x1b70 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:49:12.0382 0x1b70 rspndr - ok
21:49:12.0429 0x1b70 [ 61EF084BB097FFAB50D05EE5115F7F98, 334E691C45A473977301DB8E8D03747388D2A2D940D3BC15493476404D801645 ] RTSPER C:\Windows\system32\DRIVERS\RtsPer.sys
21:49:12.0475 0x1b70 RTSPER - ok
21:49:13.0209 0x1b70 [ 47A84C885605E924B39FDBD9A5F49120, BFFF96F768FA2E891D57511478ABA885A3E03A5990ED74B9009A48E73D99C4AC ] rtsuvc C:\Windows\system32\DRIVERS\rtsuvc.sys
21:49:13.0723 0x1b70 rtsuvc - ok
21:49:13.0770 0x1b70 [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys
21:49:13.0786 0x1b70 s3cap - ok
21:49:13.0801 0x1b70 [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] SamSs C:\Windows\system32\lsass.exe
21:49:13.0817 0x1b70 SamSs - ok
21:49:13.0833 0x1b70 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:49:13.0864 0x1b70 sbp2port - ok
21:49:13.0879 0x1b70 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:49:13.0973 0x1b70 SCardSvr - ok
21:49:13.0989 0x1b70 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:49:14.0051 0x1b70 scfilter - ok
21:49:14.0160 0x1b70 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
21:49:14.0301 0x1b70 Schedule - ok
21:49:14.0316 0x1b70 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
21:49:14.0394 0x1b70 SCPolicySvc - ok
21:49:14.0425 0x1b70 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:49:14.0457 0x1b70 SDRSVC - ok
21:49:14.0457 0x1b70 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:49:14.0535 0x1b70 secdrv - ok
21:49:14.0550 0x1b70 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
21:49:14.0628 0x1b70 seclogon - ok
21:49:14.0644 0x1b70 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
21:49:14.0722 0x1b70 SENS - ok
21:49:14.0737 0x1b70 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:49:14.0753 0x1b70 SensrSvc - ok
21:49:14.0769 0x1b70 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:49:14.0784 0x1b70 Serenum - ok
21:49:14.0800 0x1b70 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:49:14.0831 0x1b70 Serial - ok
21:49:14.0831 0x1b70 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
21:49:14.0862 0x1b70 sermouse - ok
21:49:14.0893 0x1b70 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
21:49:14.0971 0x1b70 SessionEnv - ok
21:49:14.0971 0x1b70 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:49:15.0003 0x1b70 sffdisk - ok
21:49:15.0018 0x1b70 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:49:15.0049 0x1b70 sffp_mmc - ok
21:49:15.0049 0x1b70 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:49:15.0081 0x1b70 sffp_sd - ok
21:49:15.0096 0x1b70 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
21:49:15.0112 0x1b70 sfloppy - ok
21:49:15.0159 0x1b70 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:49:15.0252 0x1b70 SharedAccess - ok
21:49:15.0299 0x1b70 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:49:15.0393 0x1b70 ShellHWDetection - ok
21:49:15.0408 0x1b70 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
21:49:15.0424 0x1b70 SiSRaid2 - ok
21:49:15.0439 0x1b70 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
21:49:15.0471 0x1b70 SiSRaid4 - ok
21:49:15.0486 0x1b70 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:49:15.0564 0x1b70 Smb - ok
21:49:15.0580 0x1b70 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:49:15.0595 0x1b70 SNMPTRAP - ok
21:49:15.0611 0x1b70 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
21:49:15.0627 0x1b70 spldr - ok
21:49:15.0689 0x1b70 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
21:49:15.0751 0x1b70 Spooler - ok
21:49:16.0095 0x1b70 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
21:49:16.0360 0x1b70 sppsvc - ok
21:49:16.0391 0x1b70 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:49:16.0453 0x1b70 sppuinotify - ok
21:49:16.0500 0x1b70 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
21:49:16.0547 0x1b70 srv - ok
21:49:16.0578 0x1b70 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:49:16.0625 0x1b70 srv2 - ok
21:49:16.0641 0x1b70 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:49:16.0656 0x1b70 srvnet - ok
21:49:16.0687 0x1b70 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:49:16.0765 0x1b70 SSDPSRV - ok
21:49:16.0781 0x1b70 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:49:16.0859 0x1b70 SstpSvc - ok
21:49:16.0859 0x1b70 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
21:49:16.0875 0x1b70 stexstor - ok
21:49:16.0937 0x1b70 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
21:49:16.0999 0x1b70 stisvc - ok
21:49:17.0015 0x1b70 [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\Windows\system32\drivers\vmstorfl.sys
21:49:17.0031 0x1b70 storflt - ok
21:49:17.0046 0x1b70 [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc C:\Windows\system32\storsvc.dll
21:49:17.0062 0x1b70 StorSvc - ok
21:49:17.0077 0x1b70 [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys
21:49:17.0093 0x1b70 storvsc - ok
21:49:17.0109 0x1b70 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
21:49:17.0124 0x1b70 swenum - ok
21:49:17.0171 0x1b70 [ 07174612514E565929886D7BC3D2206F, DE8D286F0A35FF0A0516E847E24C6A028B5988AC0B334A5A0AB2A4847FC3DE8D ] SWGVCSvc C:\Program Files\Dell SonicWALL\Global VPN Client\SWGVCSvc.exe
21:49:17.0202 0x1b70 SWGVCSvc - ok
21:49:17.0218 0x1b70 [ F250B5AD0529E8D9E588B8529E479C5A, 5773FD4DE6A8FB8DCBA961EC4ACC55357428BDAD24DC96BF241CC2853FB73EB6 ] SWIPsec C:\Windows\system32\Drivers\SWIPsec.sys
21:49:17.0249 0x1b70 SWIPsec - ok
21:49:17.0296 0x1b70 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
21:49:17.0389 0x1b70 swprv - ok
21:49:17.0389 0x1b70 [ DCF11E08A8524B19EC47515C22BE492E, 538A8C62FA25B37B9A8F23FB61A343C79767829CE6B408AADF941DCB5ABF225A ] SWVNIC C:\Windows\system32\DRIVERS\swvnic.sys
21:49:17.0405 0x1b70 SWVNIC - ok
21:49:17.0467 0x1b70 [ DB9EF6FB07748CCD3075C15BEB41FDFE, 96F4D946F67987FC49DBA503D44FB10A711F2C4CEEC30D29FF90B60A6F9E8EE9 ] SynTP C:\Windows\system32\drivers\SynTP.sys
21:49:17.0499 0x1b70 SynTP - ok
21:49:17.0686 0x1b70 [ 7BE4CDEA6BC7832BFE3112A350D8B9EA, B51BD5A02D20C1CD8F7B4326114C2FA57ABD8D75133D6CE906CB65E97AAB7F70 ] SysMain C:\Windows\system32\sysmain.dll
21:49:17.0811 0x1b70 SysMain - ok
21:49:17.0842 0x1b70 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:49:17.0873 0x1b70 TabletInputService - ok
21:49:17.0920 0x1b70 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
21:49:18.0013 0x1b70 TapiSrv - ok
21:49:18.0013 0x1b70 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
21:49:18.0107 0x1b70 TBS - ok
21:49:18.0247 0x1b70 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:49:18.0388 0x1b70 Tcpip - ok
21:49:18.0544 0x1b70 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:49:18.0684 0x1b70 TCPIP6 - ok
21:49:18.0700 0x1b70 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:49:18.0731 0x1b70 tcpipreg - ok
21:49:18.0747 0x1b70 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:49:18.0762 0x1b70 TDPIPE - ok
21:49:18.0762 0x1b70 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:49:18.0793 0x1b70 TDTCP - ok
21:49:18.0809 0x1b70 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:49:18.0887 0x1b70 tdx - ok
21:49:18.0903 0x1b70 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
21:49:18.0918 0x1b70 TermDD - ok
21:49:18.0996 0x1b70 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
21:49:19.0059 0x1b70 TermService - ok
21:49:19.0074 0x1b70 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
21:49:19.0105 0x1b70 Themes - ok
21:49:19.0121 0x1b70 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
21:49:19.0199 0x1b70 THREADORDER - ok
21:49:19.0215 0x1b70 [ DBCC20C02E8A3E43B03C304A4E40A84F, BF5F3ACCB0342304A6870E94D2576644B08DBF307C853C7DBA4B82B0C7309DA4 ] TPM C:\Windows\system32\drivers\tpm.sys
21:49:19.0246 0x1b70 TPM - ok
21:49:19.0261 0x1b70 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
21:49:19.0339 0x1b70 TrkWks - ok
21:49:19.0371 0x1b70 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:49:19.0449 0x1b70 TrustedInstaller - ok
21:49:19.0464 0x1b70 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:49:19.0480 0x1b70 tssecsrv - ok
21:49:19.0495 0x1b70 [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:49:19.0527 0x1b70 TsUsbFlt - ok
21:49:19.0527 0x1b70 [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
21:49:19.0558 0x1b70 TsUsbGD - ok
21:49:19.0573 0x1b70 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:49:19.0651 0x1b70 tunnel - ok
21:49:19.0667 0x1b70 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
21:49:19.0683 0x1b70 uagp35 - ok
21:49:19.0729 0x1b70 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:49:19.0823 0x1b70 udfs - ok
21:49:19.0839 0x1b70 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:49:19.0870 0x1b70 UI0Detect - ok
21:49:19.0885 0x1b70 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:49:19.0901 0x1b70 uliagpkx - ok
21:49:19.0917 0x1b70 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:49:19.0948 0x1b70 umbus - ok
21:49:19.0948 0x1b70 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys
21:49:19.0979 0x1b70 UmPass - ok
21:49:19.0995 0x1b70 [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll
21:49:20.0041 0x1b70 UmRdpService - ok
21:49:20.0073 0x1b70 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
21:49:20.0182 0x1b70 upnphost - ok
21:49:20.0197 0x1b70 [ 91D3C92A44FC682DD791147604E79152, AA0B6799BF9C26C2C1793C91295288A4989AA43EC5E070B650DA7F0A142817CE ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:49:20.0229 0x1b70 usbccgp - ok
21:49:20.0244 0x1b70 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:49:20.0260 0x1b70 usbcir - ok
21:49:20.0275 0x1b70 [ F7FFDF2A1D19A76A87759126B244C816, C91F09D77E22D976952A46F7B93F611B719EDAF694D538242FA8FAF1BA9BB2F0 ] usbehci C:\Windows\system32\drivers\usbehci.sys
21:49:20.0307 0x1b70 usbehci - ok
21:49:20.0338 0x1b70 [ 245FE7FC634D6A993E682E0A9EBA4ABB, F7A536D215EE3A63358EC8B5946D7BB3B56357BF91347B07013E00DAC98775B6 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:49:20.0385 0x1b70 usbhub - ok
21:49:20.0400 0x1b70 [ F4A4255E930B6D007A3501C35A3DACC4, E0D0EF801100BE57A199A483330A80FB6C6FF29AEBF3380BEE16BB364A8D7FC7 ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:49:20.0416 0x1b70 usbohci - ok
21:49:20.0431 0x1b70 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\drivers\usbprint.sys
21:49:20.0463 0x1b70 usbprint - ok
21:49:20.0478 0x1b70 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:49:20.0494 0x1b70 USBSTOR - ok
21:49:20.0509 0x1b70 [ 9462E6B70615C1703D4A95FA61FC54A1, A66E75A42E58E126F575F1AFC3BE47E119CF53431CED511776D878A78F597015 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
21:49:20.0541 0x1b70 usbuhci - ok
21:49:20.0556 0x1b70 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
21:49:20.0587 0x1b70 usbvideo - ok
21:49:20.0603 0x1b70 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
21:49:20.0681 0x1b70 UxSms - ok
21:49:20.0697 0x1b70 [ 58BC0FCE15EE02CEA5AE6D897E97F0DB, 8035C226FCD7DAE47EAD45E318B67050B447BC6AEF3C40A36ADB4419535053A5 ] valWBFPolicyService C:\Windows\system32\valWBFPolicyService.exe
21:49:20.0712 0x1b70 valWBFPolicyService - detected UnsignedFile.Multi.Generic ( 1 )
21:49:23.0146 0x1b70 Detect skipped due to KSN trusted
21:49:23.0146 0x1b70 valWBFPolicyService - ok
21:49:23.0146 0x1b70 [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] VaultSvc C:\Windows\system32\lsass.exe
21:49:23.0177 0x1b70 VaultSvc - ok
21:49:23.0193 0x1b70 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:49:23.0208 0x1b70 vdrvroot - ok
21:49:23.0271 0x1b70 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
21:49:23.0364 0x1b70 vds - ok
21:49:23.0380 0x1b70 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:49:23.0411 0x1b70 vga - ok
21:49:23.0427 0x1b70 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
21:49:23.0489 0x1b70 VgaSave - ok
21:49:23.0520 0x1b70 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:49:23.0551 0x1b70 vhdmp - ok
21:49:23.0567 0x1b70 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
21:49:23.0583 0x1b70 viaide - ok
21:49:23.0614 0x1b70 [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\Windows\system32\drivers\vmbus.sys
21:49:23.0645 0x1b70 vmbus - ok
21:49:23.0645 0x1b70 [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
21:49:23.0676 0x1b70 VMBusHID - ok
21:49:23.0692 0x1b70 [ 071E1B172D49154EE1D23A2ACC472EFB, 2E75ECE68F911F1FB0E8BEEFD8C7B8F794164335E1A1F2CE5D14126C9445BB7C ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:49:23.0707 0x1b70 volmgr - ok
21:49:23.0754 0x1b70 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:49:23.0801 0x1b70 volmgrx - ok
21:49:23.0832 0x1b70 [ DF8126BD41180351A093A3AD2FC8903B, AEFF4AA89CDDAAAD43CDE17C6B6EB2A397A0AC1651CBD51B889161EC2BC6527A ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:49:23.0863 0x1b70 volsnap - ok
21:49:23.0895 0x1b70 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
21:49:23.0910 0x1b70 vsmraid - ok
21:49:24.0066 0x1b70 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
21:49:24.0238 0x1b70 VSS - ok
21:49:24.0253 0x1b70 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
21:49:24.0269 0x1b70 vwifibus - ok
21:49:24.0285 0x1b70 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
21:49:24.0316 0x1b70 vwififlt - ok
21:49:24.0316 0x1b70 [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
21:49:24.0347 0x1b70 vwifimp - ok
21:49:24.0378 0x1b70 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
21:49:24.0456 0x1b70 W32Time - ok
21:49:24.0472 0x1b70 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
21:49:24.0503 0x1b70 WacomPen - ok
21:49:24.0550 0x1b70 [ 990B01216C7569C887AA46A18851BEF3, D7C9C476CE636D9AD636FB6E7C10CEEFE769D697235A4206B00440C169024CA5 ] WAHost C:\Program Files (x86)\Panda Security\WaAgent\WAHost\WAHost.exe
21:49:24.0597 0x1b70 WAHost - ok
21:49:24.0612 0x1b70 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:49:24.0675 0x1b70 WANARP - ok
21:49:24.0690 0x1b70 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:49:24.0753 0x1b70 Wanarpv6 - ok
21:49:24.0862 0x1b70 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
21:49:24.0955 0x1b70 wbengine - ok
21:49:24.0987 0x1b70 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:49:25.0033 0x1b70 WbioSrvc - ok
21:49:25.0065 0x1b70 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:49:25.0127 0x1b70 wcncsvc - ok
21:49:25.0143 0x1b70 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:49:25.0174 0x1b70 WcsPlugInService - ok
21:49:25.0174 0x1b70 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
21:49:25.0189 0x1b70 Wd - ok
21:49:25.0283 0x1b70 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:49:25.0345 0x1b70 Wdf01000 - ok
21:49:25.0361 0x1b70 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:49:25.0408 0x1b70 WdiServiceHost - ok
21:49:25.0423 0x1b70 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:49:25.0455 0x1b70 WdiSystemHost - ok
21:49:25.0486 0x1b70 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
21:49:25.0533 0x1b70 WebClient - ok
21:49:25.0564 0x1b70 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:49:25.0642 0x1b70 Wecsvc - ok
21:49:25.0657 0x1b70 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:49:25.0735 0x1b70 wercplsupport - ok
21:49:25.0751 0x1b70 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
21:49:25.0845 0x1b70 WerSvc - ok
21:49:25.0845 0x1b70 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:49:25.0907 0x1b70 WfpLwf - ok
21:49:25.0923 0x1b70 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:49:25.0938 0x1b70 WIMMount - ok
21:49:25.0938 0x1b70 WinDefend - ok
21:49:25.0954 0x1b70 WinHttpAutoProxySvc - ok
21:49:25.0985 0x1b70 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:49:26.0047 0x1b70 Winmgmt - ok
21:49:26.0219 0x1b70 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
21:49:26.0422 0x1b70 WinRM - ok
21:49:26.0453 0x1b70 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\drivers\WinUSB.sys
21:49:26.0484 0x1b70 WinUsb - ok
21:49:26.0562 0x1b70 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
21:49:26.0640 0x1b70 Wlansvc - ok
21:49:26.0656 0x1b70 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:49:26.0687 0x1b70 WmiAcpi - ok
21:49:26.0703 0x1b70 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:49:26.0749 0x1b70 wmiApSrv - ok
21:49:26.0749 0x1b70 WMPNetworkSvc - ok
21:49:26.0765 0x1b70 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:49:26.0781 0x1b70 WPCSvc - ok
21:49:26.0796 0x1b70 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:49:26.0827 0x1b70 WPDBusEnum - ok
21:49:26.0843 0x1b70 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:49:26.0921 0x1b70 ws2ifsl - ok
21:49:26.0937 0x1b70 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
21:49:26.0983 0x1b70 wscsvc - ok
21:49:26.0983 0x1b70 [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
21:49:27.0015 0x1b70 WSDPrintDevice - ok
21:49:27.0030 0x1b70 [ 4A2A5C50DD1A63577D3ACA94269FBC7F, F75C1906D431CF871AD954218DF32A0F206E45FF49332DEF9F13C0A36A407047 ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
21:49:27.0046 0x1b70 WSDScan - ok
21:49:27.0061 0x1b70 WSearch - ok
21:49:27.0311 0x1b70 [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv C:\Windows\system32\wuaueng.dll
21:49:27.0498 0x1b70 wuauserv - ok
21:49:27.0514 0x1b70 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:49:27.0545 0x1b70 WudfPf - ok
21:49:27.0576 0x1b70 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:49:27.0607 0x1b70 WUDFRd - ok
21:49:27.0623 0x1b70 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:49:27.0654 0x1b70 wudfsvc - ok
21:49:27.0685 0x1b70 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
21:49:27.0717 0x1b70 WwanSvc - ok
21:49:28.0013 0x1b70 [ E6B8EB4EE9C4DB54EB7C413A173D877B, 9579BE94E61A32E4FFD1477FF058697555679A78AB90EA73C7D7850151C7E1E7 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
21:49:28.0231 0x1b70 ZeroConfigService - ok
21:49:28.0278 0x1b70 ================ Scan global ===============================
21:49:28.0294 0x1b70 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
21:49:28.0309 0x1b70 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
21:49:28.0356 0x1b70 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
21:49:28.0372 0x1b70 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
21:49:28.0419 0x1b70 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
21:49:28.0434 0x1b70 [ Global ] - ok
21:49:28.0434 0x1b70 ================ Scan MBR ==================================
21:49:28.0434 0x1b70 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:49:28.0559 0x1b70 \Device\Harddisk0\DR0 - ok
21:49:28.0559 0x1b70 ================ Scan VBR ==================================
21:49:28.0575 0x1b70 [ C769C3B1FC1844F1C6CD56BC2591CC4B ] \Device\Harddisk0\DR0\Partition1
21:49:28.0575 0x1b70 \Device\Harddisk0\DR0\Partition1 - ok
21:49:28.0575 0x1b70 ================ Scan generic autorun ======================
21:49:28.0590 0x1b70 [ EB3875DA6C25FE9ED79CF14F4E2980DE, 5907C09F1A282329394CF1A3857AD9A086B4F27718C876CE0632C1A8EDF1DA99 ] C:\WINDOWS\system32\igfxtray.exe
21:49:28.0621 0x1b70 IgfxTray - ok
21:49:28.0653 0x1b70 [ FAC566582A11AFDB5416B2F64EDBE2E2, 0B41A1A39EC9E9CCCC327C9FFE7EF9B94531B3F36877517AF1D1A258B5C464EC ] C:\WINDOWS\system32\hkcmd.exe
21:49:28.0699 0x1b70 HotKeysCmds - ok
21:49:28.0746 0x1b70 [ 72D7E75163E6B48BB010C8FF56E367D3, 3298610C86B452C0916F13ACD031B48C8EF6A88833DF663DD36050D79FDB0E0B ] C:\WINDOWS\system32\igfxpers.exe
21:49:28.0793 0x1b70 Persistence - ok
21:49:30.0072 0x1b70 [ F6CA3885B1CFE9487C6B17846C5EEB3F, F75D12F8B8795223FE69C2487D9DDE642A073DF75238289B20900060F46E7957 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
21:49:30.0728 0x1b70 RTHDVCPL - ok
21:49:30.0930 0x1b70 [ 977B0D97F30D5AB240361FC972C40898, 7C7526B75B420C2EBAE95C9F7F969D8BE8E086DE0A8001EBEB133E476E661A37 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
21:49:31.0024 0x1b70 RtHDVBg_DTS - ok
21:49:31.0164 0x1b70 [ 977B0D97F30D5AB240361FC972C40898, 7C7526B75B420C2EBAE95C9F7F969D8BE8E086DE0A8001EBEB133E476E661A37 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
21:49:31.0258 0x1b70 RtHDVBg_DTS_SWVOL - ok
21:49:31.0289 0x1b70 [ A74D04104C9704C08A17ADCCC5E45C4B, 5949E1C1B1FAAC73620E2D60D445275C6F08638BCC307E21BA27D66B7764561B ] C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
21:49:31.0320 0x1b70 PSUTility - ok
21:49:31.0336 0x1b70 [ F604981DAD237D25D92AFBF8944B348E, 7B51684AE719D46D7B95CABCE3AB0F99B44DA0EFE965481D60B682C0C80A9BAF ] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
21:49:31.0367 0x1b70 LoadFujitsuQuickTouch - ok
21:49:31.0367 0x1b70 [ A61C396E69A8B9ED58E1B387A539021C, CD6CDB6445E89171DD3F0176C59CA7339A20D51D58BF3FF4EAD0014FEBB74B01 ] C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
21:49:31.0383 0x1b70 LoadBtnHnd - ok
21:49:31.0383 0x1b70 SynTPEnh - ok
21:49:31.0414 0x1b70 [ C31899A03A86424346A00E26EA9EDC75, 84B33F32088EBA9FB259552D527447A238AC3E72A64836A16041D85298980EBA ] C:\Windows\RTSCM64.EXE
21:49:31.0430 0x1b70 RtsCM - ok
21:49:31.0461 0x1b70 [ 4420BBAC770EB87AB74E4B9146E18924, 6DB78DB9FD72F1E8C7651D2B3FF090CB4A8C90BA0D11F69D533960CE67170CFC ] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
21:49:31.0476 0x1b70 BLEServicesCtrl - ok
21:49:31.0492 0x1b70 BTMTrayAgent - ok
21:49:31.0523 0x1b70 [ 094E4E76FB9AB960A73F841BC6733F42, 01C1BFF17BEC6588E192EC4D7ACB74FC9B95ECA7CB8BB9585B04FC8EA73C3B43 ] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
21:49:31.0554 0x1b70 USB3MON - ok
21:49:31.0570 0x1b70 [ DEBF34BCF45FC4764CFF6F4CEBD1E03C, BD82FBC62B14181BD6714D797CA0869AD5E2D8F69D05EAEF295BB069730A9289 ] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
21:49:31.0586 0x1b70 IndicatorUtility - ok
21:49:31.0679 0x1b70 [ 48BE298F7FD1BEF4D8FBACB04D8D95C4, D375B3F6E850E4B0EC81BAA0E554C356BE2248AA77C6C56F5267CA05460FE4EB ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
21:49:31.0757 0x1b70 Adobe ARM - ok
21:49:31.0773 0x1b70 [ 7115963C66310591C8C8C50C3DD7D0DE, ECA82D68A95AA651BFAE6EC309F36E94F01502E9E4F854A3153873B088E367A6 ] C:\Program Files (x86)\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe
21:49:31.0804 0x1b70 DeskUpdateNotifier - ok
21:49:31.0820 0x1b70 [ 3AC269FDBF84B8BE16D5EBAD1F373550, 9EEEFB96D7940816C681968ABA15F7E05DFF4D5D29B93BF5E9D5D3F8475C0DF2 ] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe
21:49:31.0835 0x1b70 IMSS - ok
21:49:31.0866 0x1b70 [ E20236A5719472D23B7463D45F73A38F, 8DC8177AD3C978CED58B98AE6F432FCDBB2FC7F627ABDD6A834B372D8413435C ] C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
21:49:31.0898 0x1b70 YouCam Service - ok
21:49:31.0913 0x1b70 [ 040CDFE9635028456958DB4623994F70, A17E54A982973FC371D8441C09F37E29D00D6EC91F8F73107ECADAEED2100975 ] C:\Program Files (x86)\Panda Security\WAC\PSUAMain.exe
21:49:31.0929 0x1b70 PSUAMain - ok
21:49:31.0960 0x1b70 [ 07C4EBD3107799774FA3103956CD1C40, BB798DE0F18D2A28B18467D958B68C23DBA0A802512C36E708D9EBD9352492F6 ] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe
21:49:31.0976 0x1b70 IndexSearch - ok
21:49:31.0991 0x1b70 [ E5F1D2C7D51C816437BBE2306828BC4B, BBBEB3294EF02F3E4C73A3A2FAE83C261A095602D86E1FF272C6FDFCE0C05E1B ] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
21:49:32.0007 0x1b70 PaperPort PTD - ok
21:49:32.0038 0x1b70 [ 0D1D2FBAE112BDDB9F77B7BC7A956D3A, BD833CF275B4EC4EC12E868EB2EE049A6F9F0792A326BEAEB1433586257C098F ] C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe
21:49:32.0069 0x1b70 PPort12reminder - ok
21:49:32.0132 0x1b70 [ 9F0ACAA725CF5A391AF7E2067AE45746, CA7F3C2C9D4DCB135ECBFFEB3448D272552B5DB720E0A526B4AC07B1F5E8BC9E ] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
21:49:32.0178 0x1b70 PDFHook - ok
21:49:32.0194 0x1b70 [ 154420A93E4F676AA33A055A116255D9, DF76577C22EBB439DF2B72D1B6B7A465F067CCEC886FC7A7FB337865DA1DB914 ] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
21:49:32.0210 0x1b70 PDF5 Registry Controller - ok
21:49:32.0475 0x1b70 [ 7F42FFCD6FF7CA558C2D95DADCD5EFA9, CD9E71A718AD3FF465950A7D3937884154F021A296C301BE2FECD0AE69F04713 ] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
21:49:32.0646 0x1b70 BrStsMon00 - detected UnsignedFile.Multi.Generic ( 1 )
21:49:35.0096 0x1b70 Detect skipped due to KSN trusted
21:49:35.0096 0x1b70 BrStsMon00 - ok
21:49:35.0205 0x1b70 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
21:49:35.0298 0x1b70 Sidebar - ok
21:49:35.0314 0x1b70 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
21:49:35.0361 0x1b70 mctadmin - ok
21:49:35.0470 0x1b70 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
21:49:35.0548 0x1b70 Sidebar - ok
21:49:35.0564 0x1b70 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
21:49:35.0610 0x1b70 mctadmin - ok
21:49:35.0642 0x1b70 [ 6BF7676296D5359AFC135A5397000053, D31B9BCB856D6EFDEA27E4D4D341FF939BCBF0E8C97786B447C2074B3C68298E ] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
21:49:35.0657 0x1b70 ISUSPM - ok
21:49:35.0657 0x1b70 Waiting for KSN requests completion. In queue: 210
21:49:36.0671 0x1b70 Waiting for KSN requests completion. In queue: 210
21:49:37.0685 0x1b70 Waiting for KSN requests completion. In queue: 5
21:49:38.0715 0x1b70 AV detected via SS2: Panda Endpoint Protection, ( ), 0x71000 ( enabled : updated )
21:49:38.0715 0x1b70 FW detected via SS2: Panda Endpoint Protection Firewall, ( ), 0x70010 ( disabled )
21:49:38.0730 0x1b70 Win FW state via NFP2: enabled
21:49:41.0382 0x1b70 ============================================================
21:49:41.0382 0x1b70 Scan finished
21:49:41.0382 0x1b70 ============================================================
21:49:41.0382 0x143c Detected object count: 1
21:49:41.0382 0x143c Actual detected object count: 1
21:50:29.0985 0x143c PFNService ( UnsignedFile.Multi.Generic ) - skipped by user
21:50:29.0985 0x143c PFNService ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
26.03.2015, 16:56
| #4 |
| /// the machine /// TB-Ausbilder | Windows 7: Volksbank Trojaner "Fiducia": Fraglicher Trojaner eingefangen hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
26.03.2015, 19:08
| #5 |
| | Windows 7: Volksbank Trojaner "Fiducia": Fraglicher Trojaner eingefangen Hi, habe Combifix ausgeführt und post das Logfile. Allerdings kam die Meldung, das Panta virus protection noch aktiv sei, obwohl ich die Firewall ausgeschaltet habe (sollte ich Dir mitteilen) Logfile: Code:
ATTFilter Combofix Logfile: |
|
27.03.2015, 10:30
| #6 |
| /// the machine /// TB-Ausbilder | Windows 7: Volksbank Trojaner "Fiducia": Fraglicher Trojaner eingefangen Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Windows 7: Volksbank Trojaner "Fiducia": Fraglicher Trojaner eingefangen |
|
27.03.2015, 12:36
| #7 |
| | Windows 7: Volksbank Trojaner "Fiducia": Fraglicher Trojaner eingefangen Hallo und Danke schrauber, ist doch ganz schön aufwändig. Vielen Dank für Deine Zeit und Mühe. Hier die Logfiles: mbam.txt: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 27.03.2015 Suchlauf-Zeit: 11:56:55 Logdatei: mbam 27.3..txt Administrator: Ja Version: 2.01.4.1018 Malware Datenbank: v2015.03.27.04 Rootkit Datenbank: v2015.03.26.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Praxis Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 358845 Verstrichene Zeit: 12 Min, 15 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 0 (Keine schädliche Elemente gefunden) Registrierungswerte: 0 (Keine schädliche Elemente gefunden) Registrierungsdaten: 0 (Keine schädliche Elemente gefunden) Ordner: 0 (Keine schädliche Elemente gefunden) Dateien: 0 (Keine schädliche Elemente gefunden) Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) adwcleaner.txt: AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.113 - Bericht erstellt 27/03/2015 um 12:14:15
# Aktualisiert 22/03/2015 von Xplode
# Datenbank : 2015-03-26.1 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x64)
# Benutzername : Praxis - HOMEOFFICE
# Gestarted von : C:\Users\Praxis\Downloads\AdwCleaner_4.113.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17689
-\\ Google Chrome v41.0.2272.101
*************************
AdwCleaner[R0].txt - [1097 Bytes] - [23/03/2015 23:30:15]
AdwCleaner[R1].txt - [910 Bytes] - [27/03/2015 12:11:54]
AdwCleaner[S0].txt - [1103 Bytes] - [23/03/2015 23:32:39]
AdwCleaner[S1].txt - [833 Bytes] - [27/03/2015 12:14:15]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [891 Bytes] ##########
[/CODE] JRT.txt: JRT Logfile: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.6 (03.22.2015:1)
OS: Windows 7 Professional x64
Ran by Praxis on 27.03.2015 at 12:17:09,75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\isuspm
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\flexnet"
Successfully deleted: [Folder] "C:\Users\Praxis\AppData\Roaming\flexnet"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.03.2015 at 12:26:28,37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST.txt FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Praxis (administrator) on HOMEOFFICE on 27-03-2015 12:27:49
Running from C:\Users\Praxis\Downloads
Loaded Profiles: Praxis (Available profiles: Praxis)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(REINER SCT) C:\Windows\SysWOW64\cjpcsc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
() C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\WAC\PSANHost.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\WAC\PSUAService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor Corp.) C:\Windows\RtsCM64.exe
(Dell SonicWALL, Inc.) C:\Program Files\Dell SonicWALL\Global VPN Client\SWGVCSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Validity Sensors, Inc.) C:\Windows\System32\valWBFPolicyService.exe
(Panda Security International) C:\Program Files (x86)\Panda Security\WaAgent\WAHost\WAHost.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
(Fujitsu Technology Solutions) C:\Program Files (x86)\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\WAC\PSUAMain.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Intel Corporation) C:\Windows\Temp\irstrtsv\scrncap.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNetDm.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13632216 2013-07-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS_SWVOL] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-04] (Realtek Semiconductor)
HKLM\...\Run: [PSUTility] => C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [171344 2013-07-28] (FUJITSU LIMITED)
HKLM\...\Run: [LoadFujitsuQuickTouch] => C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [158416 2013-07-09] (FUJITSU LIMITED)
HKLM\...\Run: [LoadBtnHnd] => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [23248 2013-07-09] (FUJITSU LIMITED)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2967352 2012-10-26] (Synaptics Incorporated)
HKLM\...\Run: [RtsCM] => C:\Windows\RTSCM64.EXE [144456 2013-03-06] (Realtek Semiconductor Corp.)
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184112 2012-09-17] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [IndicatorUtility] => C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [48752 2010-09-30] (FUJITSU LIMITED)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DeskUpdateNotifier] => C:\Program Files (x86)\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe [101728 2013-09-02] (Fujitsu Technology Solutions)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-09-16] (Intel Corporation)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-05-31] (CyberLink Corp.)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\WAC\PSUAMain.exe [32736 2013-10-17] (Panda Security, S.L.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] => C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\lcStarter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\lcStarter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Praxis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Praxis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zahlungserinnerung.lnk
ShortcutTarget: Zahlungserinnerung.lnk -> C:\Profi cash\wzed.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-51947407-3838788826-2378728623-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-51947407-3838788826-2378728623-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-51947407-3838788826-2378728623-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://fujitsu13.msn.com/?pc=FSJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{2326B32C-7A61-4E51-B966-E7FE66D95D9D}: [NameServer] 10.74.210.210 10.74.210.211
Tcpip\..\Interfaces\{A52A4A78-065F-4E85-9DB6-7C87A72A66DA}: [NameServer] 145.253.2.11
FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-09-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\Praxis\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Praxis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-18]
CHR Extension: (Google Docs) - C:\Users\Praxis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-18]
CHR Extension: (Google Drive) - C:\Users\Praxis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-18]
CHR Extension: (YouTube) - C:\Users\Praxis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-18]
CHR Extension: (Google Search) - C:\Users\Praxis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-18]
CHR Extension: (Google Sheets) - C:\Users\Praxis\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-18]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Praxis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-18]
CHR Extension: (Google Wallet) - C:\Users\Praxis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-18]
CHR Extension: (Gmail) - C:\Users\Praxis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-18]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [518192 2014-01-27] (REINER SCT)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [240584 2012-10-02] (DTS, Inc)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2014-01-15] ()
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
S2 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [682064 2014-04-26] ()
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [781280 2013-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-02] ()
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\WAC\PSANHost.exe [140768 2013-12-20] (Panda Security, S.L.)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [2219520 2012-07-11] (FUJITSU LIMITED) [File not signed]
R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [51608 2013-07-13] (FUJITSU LIMITED)
R2 PSUAService; C:\Program Files (x86)\Panda Security\WAC\PSUAService.exe [37344 2013-10-17] (Panda Security, S.L.)
R2 SWGVCSvc; C:\Program Files\Dell SonicWALL\Global VPN Client\SWGVCSvc.exe [336616 2013-12-03] (Dell SonicWALL, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [35328 2013-09-04] (Validity Sensors, Inc.) [File not signed]
R2 WAHost; C:\Program Files (x86)\Panda Security\WaAgent\WAHost\WAHost.exe [558840 2014-06-25] (Panda Security International)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-08-05] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-02] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1385272 2013-08-08] (Motorola Solutions, Inc.)
S3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [35192 2012-09-04] (REINER SCT)
R1 DNE; C:\Windows\System32\DRIVERS\dnelwf64.sys [133456 2013-10-03] (Citrix Systems, Inc.)
R2 dvctprov; C:\Windows\System32\DRIVERS\dvctprov.sys [105704 2013-08-30] (Panda Security, S.L.)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [495376 2013-05-30] (Intel Corporation)
R0 FBIOSDRV; C:\Windows\System32\Drivers\FBIOSDRV.sys [21104 2009-06-24] (FUJITSU LIMITED)
R3 FUJ02B1; C:\Windows\system32\drivers\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\system32\drivers\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
R3 guardian2; C:\Windows\System32\Drivers\oz776x64.sys [87696 2013-01-10] (O2Micro)
S3 hwusb_cdcacm; C:\Windows\System32\DRIVERS\ew_cdcacm.sys [125952 2014-07-25] (Huawei Technologies Co., Ltd.)
S3 hwusb_wwanecm; C:\Windows\System32\DRIVERS\ew_wwanecm.sys [380672 2014-07-23] (Huawei Technologies Co., Ltd.)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-08-31] (Intel Corporation)
R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [113096 2013-08-07] (Intel Corporation)
R3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [43800 2013-06-27] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw02.sys [3584992 2013-07-31] (Intel Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [93440 2014-01-22] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [124160 2014-01-16] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110624 2014-02-26] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [116480 2014-01-16] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [97024 2014-01-16] (Panda Security, S.L.)
S4 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [71424 2014-01-16] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [127744 2014-01-22] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [307456 2014-02-24] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [123648 2014-01-16] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [116992 2014-01-16] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [259328 2014-02-24] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109824 2014-01-22] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [170752 2014-01-17] (Panda Security, S.L.)
R0 PSINDvct; C:\Windows\System32\DRIVERS\PSINDvct.sys [53480 2013-08-30] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [124160 2014-01-17] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [207616 2014-01-26] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [126208 2014-01-17] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [139520 2014-01-17] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [58360 2012-11-07] (Panda Security, S.L.)
R3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [418008 2013-06-24] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8243144 2013-03-06] (Realtek Semiconductor Corp.)
R2 SWIPsec; C:\Windows\system32\Drivers\SWIPsec.sys [110064 2013-12-03] (Dell SonicWALL, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-27 12:27 - 2015-03-27 12:28 - 00021900 _____ () C:\Users\Praxis\Downloads\FRST.txt
2015-03-27 12:26 - 2015-03-27 12:26 - 00000873 _____ () C:\Users\Praxis\Desktop\JRT.txt
2015-03-27 12:16 - 2015-03-27 12:16 - 01388782 _____ (Thisisu) C:\Users\Praxis\Downloads\JRT.exe
2015-03-27 12:11 - 2015-03-27 12:11 - 02168320 _____ () C:\Users\Praxis\Downloads\AdwCleaner_4.113.exe
2015-03-27 12:10 - 2015-03-27 12:10 - 00001218 _____ () C:\Users\Praxis\Downloads\mbam 27.3..txt
2015-03-26 20:03 - 2012-11-07 08:00 - 00058360 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2015-03-26 19:05 - 2015-03-26 19:05 - 00024051 _____ () C:\ComboFix.txt
2015-03-26 18:53 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-26 18:53 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-26 18:53 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-26 18:53 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-26 18:53 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-26 18:53 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-26 18:53 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-26 18:53 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-26 18:49 - 2015-03-26 19:05 - 00000000 ____D () C:\Qoobox
2015-03-26 18:48 - 2015-03-26 19:02 - 00000000 ____D () C:\Windows\erdnt
2015-03-26 18:47 - 2015-03-26 18:47 - 05615749 ____R (Swearware) C:\Users\Praxis\Downloads\ComboFix.exe
2015-03-25 21:44 - 2015-03-25 21:47 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Praxis\Downloads\tdsskiller.exe
2015-03-25 21:27 - 2015-03-25 21:40 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-25 21:26 - 2015-03-25 21:40 - 00000000 ____D () C:\Users\Praxis\Desktop\mbar
2015-03-25 21:25 - 2015-03-25 21:26 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Praxis\Downloads\mbar-1.09.1.1004.exe
2015-03-25 21:23 - 2015-03-25 21:24 - 00000000 ____D () C:\Users\Praxis\Downloads\Textordner
2015-03-25 21:20 - 2015-03-25 21:20 - 00001230 _____ () C:\Users\Praxis\Desktop\Revo Uninstaller.lnk
2015-03-25 21:20 - 2015-03-25 21:20 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-03-25 21:19 - 2015-03-25 21:19 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Praxis\Downloads\revosetup95.exe
2015-03-25 20:58 - 2015-03-25 20:58 - 608427405 _____ () C:\Windows\MEMORY.DMP
2015-03-25 20:58 - 2015-03-25 20:58 - 00722776 _____ () C:\Windows\Minidump\032515-14726-01.dmp
2015-03-25 20:58 - 2015-03-25 20:58 - 00000000 ____D () C:\Windows\Minidump
2015-03-25 19:38 - 2015-03-25 19:38 - 00380416 _____ () C:\Users\Praxis\Downloads\Gmer-19357.exe
2015-03-25 19:30 - 2015-03-27 12:27 - 00000000 ____D () C:\FRST
2015-03-25 19:30 - 2015-03-25 19:30 - 02095616 _____ (Farbar) C:\Users\Praxis\Downloads\FRST64.exe
2015-03-25 19:28 - 2015-03-25 19:28 - 00000000 _____ () C:\Users\Praxis\defogger_reenable
2015-03-25 19:27 - 2015-03-25 19:27 - 00050477 _____ () C:\Users\Praxis\Downloads\Defogger.exe
2015-03-24 00:28 - 2015-03-24 00:28 - 00380416 _____ () C:\Users\Praxis\Downloads\hsi9rdmq.exe
2015-03-24 00:27 - 2015-03-24 00:27 - 00380416 _____ () C:\Users\Praxis\Downloads\mlo9le1h.exe
2015-03-23 23:40 - 2015-03-23 23:40 - 02347384 _____ (ESET) C:\Users\Praxis\Downloads\esetsmartinstaller_deu.exe
2015-03-23 23:40 - 2015-03-23 23:40 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-03-23 23:36 - 2015-03-23 23:36 - 00448512 _____ (OldTimer Tools) C:\Users\Praxis\Downloads\TFC.exe
2015-03-23 23:29 - 2015-03-27 12:14 - 00000000 ____D () C:\AdwCleaner
2015-03-23 23:11 - 2015-03-27 11:56 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-23 23:11 - 2015-03-23 23:11 - 00001068 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-23 23:11 - 2015-03-23 23:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-03-23 23:10 - 2015-03-25 21:26 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-23 23:10 - 2015-03-23 23:11 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-03-23 23:10 - 2015-03-23 23:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-23 23:10 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-23 23:10 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-11 20:17 - 2015-02-20 05:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 20:17 - 2015-02-20 05:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 20:17 - 2015-02-20 05:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 20:17 - 2015-02-20 05:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 20:17 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-11 20:17 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 20:17 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-11 20:17 - 2015-02-20 05:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-11 20:17 - 2015-02-20 04:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 20:17 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 20:16 - 2015-02-03 04:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 20:16 - 2015-02-03 04:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-11 20:16 - 2015-02-03 04:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 20:16 - 2015-02-03 04:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-11 20:16 - 2015-02-03 04:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 20:16 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 20:16 - 2015-02-03 04:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 20:16 - 2015-02-03 04:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 20:16 - 2015-02-03 04:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 20:16 - 2015-02-03 04:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 20:16 - 2015-02-03 04:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 20:16 - 2015-02-03 04:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 20:16 - 2015-02-03 04:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 20:16 - 2015-02-03 04:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 20:16 - 2015-02-03 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 20:16 - 2015-02-03 04:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 20:16 - 2015-02-03 04:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 20:16 - 2015-02-03 04:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 20:16 - 2015-02-03 04:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 20:16 - 2015-02-03 04:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 20:16 - 2015-02-03 04:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 20:16 - 2015-02-03 04:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 20:16 - 2015-02-03 04:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 20:16 - 2015-02-03 04:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 20:16 - 2015-02-03 04:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 20:16 - 2015-02-03 04:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 20:16 - 2015-02-03 04:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 20:16 - 2015-02-03 04:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 20:16 - 2015-02-03 04:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 20:16 - 2015-02-03 04:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 20:16 - 2015-02-03 04:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 20:16 - 2015-02-03 04:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 20:16 - 2015-02-03 04:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 20:16 - 2015-02-03 04:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 20:16 - 2015-02-03 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 20:16 - 2015-02-03 04:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 20:16 - 2015-02-03 04:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-11 20:16 - 2015-02-03 04:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-11 20:16 - 2015-02-03 04:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-11 20:16 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-11 20:16 - 2015-02-03 04:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-11 20:16 - 2015-02-03 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-11 20:16 - 2015-02-03 04:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-11 20:16 - 2015-02-03 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-11 20:16 - 2015-02-03 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-11 20:16 - 2015-02-03 03:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 20:16 - 2015-01-31 04:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-11 20:16 - 2015-01-31 04:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-11 20:16 - 2015-01-31 00:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-11 20:16 - 2014-10-31 23:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 20:16 - 2014-06-28 01:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-11 20:16 - 2014-06-28 01:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-11 20:15 - 2015-03-06 06:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 20:15 - 2015-03-06 06:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 20:15 - 2015-03-06 06:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 20:15 - 2015-03-06 06:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 20:15 - 2015-03-06 06:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 20:15 - 2015-03-06 06:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 20:15 - 2015-03-06 06:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 20:15 - 2015-03-06 06:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 20:15 - 2015-03-06 06:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 20:15 - 2015-03-06 06:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 20:15 - 2015-03-06 06:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 20:15 - 2015-03-06 06:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 20:15 - 2015-03-06 06:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 20:15 - 2015-03-06 06:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 20:15 - 2015-03-06 06:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 20:15 - 2015-03-06 06:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 20:15 - 2015-03-06 06:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 20:15 - 2015-03-06 06:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 20:15 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-11 20:15 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-11 20:15 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 20:15 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-11 20:15 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-11 20:15 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-11 20:15 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 20:15 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 20:15 - 2015-03-06 06:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 20:15 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-11 20:15 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-11 20:15 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-11 20:15 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-11 20:15 - 2015-02-26 04:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 20:15 - 2015-02-24 04:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 20:15 - 2015-02-24 03:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-11 20:15 - 2015-02-21 02:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 20:15 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 20:15 - 2015-02-21 01:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-11 20:15 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 20:15 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 20:15 - 2015-02-21 00:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 20:15 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 20:15 - 2015-02-20 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 20:15 - 2015-02-20 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 20:15 - 2015-02-20 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 20:15 - 2015-02-20 03:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 20:15 - 2015-02-20 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 20:15 - 2015-02-20 03:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 20:15 - 2015-02-20 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 20:15 - 2015-02-20 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 20:15 - 2015-02-20 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 20:15 - 2015-02-20 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 20:15 - 2015-02-20 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 20:15 - 2015-02-20 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 20:15 - 2015-02-20 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 20:15 - 2015-02-20 03:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 20:15 - 2015-02-20 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 20:15 - 2015-02-20 03:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-11 20:15 - 2015-02-20 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 20:15 - 2015-02-20 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 20:15 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 20:15 - 2015-02-20 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 20:15 - 2015-02-20 03:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-11 20:15 - 2015-02-20 03:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-11 20:15 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 20:15 - 2015-02-20 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 20:15 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 20:15 - 2015-02-20 03:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-11 20:15 - 2015-02-20 03:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-11 20:15 - 2015-02-20 02:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-11 20:15 - 2015-02-20 02:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-11 20:15 - 2015-02-20 02:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-11 20:15 - 2015-02-20 02:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 20:15 - 2015-02-20 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 20:15 - 2015-02-20 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 20:15 - 2015-02-20 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 20:15 - 2015-02-20 02:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 20:15 - 2015-02-20 02:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-11 20:15 - 2015-02-20 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-11 20:15 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 20:15 - 2015-02-20 02:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 20:15 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 20:15 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 20:15 - 2015-02-20 02:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-11 20:15 - 2015-02-20 02:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 20:15 - 2015-02-20 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 20:15 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 20:15 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 20:15 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 20:15 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 20:15 - 2015-02-13 06:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 20:15 - 2015-02-03 04:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 20:15 - 2015-02-03 04:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 20:15 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 20:15 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 20:15 - 2015-01-31 00:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 20:15 - 2015-01-17 03:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 20:15 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-11 20:14 - 2015-02-04 04:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 20:14 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-27 12:22 - 2009-07-14 05:45 - 00016768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-27 12:22 - 2009-07-14 05:45 - 00016768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-27 12:19 - 2013-12-25 12:23 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2015-03-27 12:19 - 2013-12-25 12:23 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2015-03-27 12:19 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-27 12:18 - 2014-08-12 19:36 - 01952385 _____ () C:\Windows\WindowsUpdate.log
2015-03-27 12:15 - 2014-09-18 18:51 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-27 12:15 - 2014-08-15 13:40 - 00000000 ____D () C:\Users\Praxis\Documents\Youcam
2015-03-27 12:15 - 2014-08-15 13:36 - 00003308 _____ () C:\Windows\System32\Tasks\Intel(R) Rapid Start Technology Manager
2015-03-27 12:15 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-27 12:15 - 2009-07-14 05:51 - 00064029 _____ () C:\Windows\setupact.log
2015-03-27 12:14 - 2014-09-18 18:51 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-26 19:09 - 2010-11-21 04:47 - 00792542 _____ () C:\Windows\PFRO.log
2015-03-26 19:05 - 2013-12-26 07:54 - 00000000 ____D () C:\Windows\System32\Tasks\Fujitsu
2015-03-26 19:02 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-03-25 19:28 - 2014-08-15 13:34 - 00000000 ____D () C:\Users\Praxis
2015-03-23 23:27 - 2010-11-21 08:17 - 00000000 ____D () C:\Windows\ShellNew
2015-03-23 22:27 - 2014-09-18 18:52 - 00002141 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-23 21:28 - 2015-02-19 12:13 - 00000000 ____D () C:\Profi cash
2015-03-19 13:54 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-03-18 19:15 - 2014-09-18 12:28 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-03-14 20:44 - 2009-07-14 05:45 - 00373656 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-14 20:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-14 20:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-14 20:19 - 2014-08-15 16:07 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-14 20:16 - 2014-08-15 16:06 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
==================== Files in the root of some directories =======
2013-12-26 07:44 - 2013-12-26 07:44 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some content of TEMP:
====================
C:\Users\Praxis\AppData\Local\Temp\Quarantine.exe
C:\Users\Praxis\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-14 16:43
==================== End Of Log ============================
addition txt FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Praxis at 2015-03-27 12:28:29
Running from C:\Users\Praxis\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Panda Endpoint Protection (Enabled - Up to date) {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AS: Panda Endpoint Protection (Enabled - Up to date) {8F3797EF-DB90-F073-3C72-40C753554CD1}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Endpoint Protection Firewall (Disabled) {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Reader XI (11.0.03) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Brother MFL-Pro Suite MFC-7360N (HKLM-x32\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.0.9.0 - Brother Industries, Ltd.)
cyberJack Base Components (HKLM-x32\...\{FC338210-F594-11D3-BA24-00001C3AB4DF}) (Version: 6.10.8 - REINER SCT)
CyberLink YouCam 5 (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2931.0 - CyberLink Corp.)
DeskUpdate (HKLM-x32\...\DeskUpdate_is1) (Version: 4.14.0123 - Fujitsu Technology Solutions)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
FJ Camera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10220 - Realtek Semiconductor Corp.)
Fujitsu Hotkey Utility (HKLM-x32\...\InstallShield_{C8E4B31D-337C-483D-822D-16F11441669B}) (Version: 3.70.0.0 - FUJITSU LIMITED)
Fujitsu Hotkey Utility (x32 Version: 3.70.0.0 - FUJITSU LIMITED) Hidden
Global VPN Client (HKLM\...\{88C972E7-D7FC-40F3-9FE5-180957F37B45}) (Version: 4.9.0 - Dell SonicWALL)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3272 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1332.1) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0366 - Intel Corporation)
Intel(R) Rapid Start Technology (HKLM-x32\...\{3D073343-CEEB-4ce7-85AC-A69A7631B5D6}) (Version: 3.0.0.1050 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{828af006-cb5e-4d60-957a-523098a1b0f8}) (Version: 16.1.3 - Intel Corporation)
Internet Manager (HKLM-x32\...\Internet Manager) (Version: 22.001.19.05.55 - Huawei Technologies Co.,Ltd)
LIFEBOOK Application Panel (HKLM-x32\...\InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}) (Version: 8.3.3.0 - FUJITSU LIMITED)
LIFEBOOK Application Panel (Version: 8.3.3.0 - FUJITSU LIMITED) Hidden
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Business 2013 - de-de (HKLM\...\HomeBusinessRetail - de-de) (Version: 15.0.4701.1002 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-51947407-3838788826-2378728623-1000\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nuance PaperPort 12 (HKLM-x32\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
O2Micro OZ776 SCR Driver (HKLM-x32\...\InstallShield_{3D7E0A16-5365-4DA4-B7F4-63DB89F45C3C}) (Version: 2.1.4.222GS - O2Micro)
O2Micro OZ776 SCR Driver (Version: 2.1.4.222GS - O2Micro) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Panda Endpoint Agent (HKLM-x32\...\PCOP Agent) (Version: 7.00.00.0000 - Panda Security)
Panda Endpoint Agent (x32 Version: 7.00.00.0000 - Panda Security) Hidden
Panda Endpoint Protection (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 06.81.11.0000 - Panda Security)
Panda Endpoint Protection (Version: 5.15.00.0000 - Panda Security) Hidden
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 1.00.0001 - Nuance Communications, Inc.)
Plugfree NETWORK (HKLM\...\{7BA64D21-EE46-4a9a-8145-52B0175C3F86}) (Version: 7.0.0.1 - FUJITSU LIMITED)
Plugfree NETWORK (Version: 7.0.001 - FUJITSU LIMITED) Hidden
Power Saving Utility (HKLM-x32\...\InstallShield_{CB0EA768-62F2-450E-88BC-74182237F564}) (Version: 42.0.0.0 (10.001) - FUJITSU LIMITED)
Power Saving Utility (Version: 42.0.0.0 - FUJITSU LIMITED) Hidden
Profi cash (HKLM-x32\...\Profi cash) (Version: - )
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21234 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6976 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Scansoft PDF Professional (x32 Version: - ) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.21.1 - Synaptics Incorporated)
Validity WBF Driver (HKLM\...\{21B2930A-93E3-43C9-8E82-E4DFD4B15377}) (Version: 4.5.234.0 - Validity Sensors, Inc.)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-51947407-3838788826-2378728623-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Praxis\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-51947407-3838788826-2378728623-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Praxis\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-51947407-3838788826-2378728623-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Praxis\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-51947407-3838788826-2378728623-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Praxis\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
14-02-2015 16:48:22 Windows Update
15-02-2015 09:44:48 Windows Update
17-02-2015 16:20:05 Windows Update
21-02-2015 10:39:27 Windows Update
24-02-2015 21:35:15 Windows Update
04-03-2015 21:16:22 Windows Update
14-03-2015 20:13:58 Windows Update
15-03-2015 11:08:40 Windows Update
19-03-2015 08:50:09 Windows Update
25-03-2015 19:30:26 Windows Update
25-03-2015 21:21:35 Revo Uninstaller's restore point - Avast Anti-Virus Packages
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2015-03-26 19:02 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {2B2850A8-B425-48E9-958A-A2A3A32F294B} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {48AD7F3C-0D87-47C2-8AA5-D4060B8332C6} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {6050F247-607F-423B-9F73-90A3A8869BAD} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {9A38392F-1689-409F-A3B5-9AFC020A07D1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-18] (Google Inc.)
Task: {D217B3D6-80CE-4536-A969-FC3051A796CE} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-10-26] (Synaptics Incorporated)
Task: {D31EA78B-7897-4E1D-8F61-69D239C45E28} - System32\Tasks\Intel(R) Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2013-06-27] (Intel)
Task: {DD79843F-2C5D-4683-8256-85E40039C4B7} - System32\Tasks\Fujitsu\DeskUpdate => C:\Program Files (x86)\Fujitsu\DeskUpdate\ducmd.exe [2013-09-02] (Fujitsu Technology Solutions)
Task: {E462199F-5D6F-4671-8DE3-443AC96BBE0B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-18] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2014-09-27 13:25 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-01-15 04:42 - 2014-01-15 04:42 - 00351824 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2014-10-24 22:18 - 2014-04-26 07:15 - 00682064 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
2014-11-17 15:33 - 2007-05-31 07:38 - 00167936 _____ () C:\Windows\SysWOW64\SerialXP.dll
2014-10-24 22:18 - 2013-08-16 07:53 - 00011362 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\mingwm10.dll
2014-10-24 22:18 - 2013-08-16 07:53 - 00043008 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\libgcc_s_dw2-1.dll
2014-10-24 22:18 - 2014-02-15 08:31 - 02416640 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtCore4.dll
2014-10-24 22:18 - 2014-02-15 08:33 - 01148416 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtNetwork4.dll
2013-04-12 17:23 - 2013-04-12 17:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\WAC\SQLite3.dll
2014-11-23 15:15 - 2014-11-23 15:15 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2014-06-24 08:43 - 2014-06-24 08:43 - 00046336 _____ () C:\Program Files (x86)\Panda Security\WaAgent\Common\ApiCr.dll
2014-06-24 08:43 - 2014-06-24 08:43 - 00103680 _____ () C:\Program Files (x86)\Panda Security\WaAgent\Common\MiniCrypto.dll
2014-11-23 21:38 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-08-12 19:37 - 2013-09-16 04:19 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-03-23 22:26 - 2015-03-14 11:12 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libglesv2.dll
2015-03-23 22:26 - 2015-03-14 11:12 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libegl.dll
2015-03-23 22:26 - 2015-03-14 11:12 - 09278792 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\pdf.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-51947407-3838788826-2378728623-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Praxis\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-51947407-3838788826-2378728623-500 - Administrator - Disabled)
Gast (S-1-5-21-51947407-3838788826-2378728623-501 - Limited - Disabled)
Praxis (S-1-5-21-51947407-3838788826-2378728623-1000 - Administrator - Enabled) => C:\Users\Praxis
==================== Faulty Device Manager Devices =============
Name: SonicWALL Virtual NIC
Description: SonicWALL Virtual NIC
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: SonicWALL
Service: SWVNIC
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: EM7305
Description: EM7305
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2015-03-27 12:27:40.880
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-4702MQ CPU @ 2.20GHz
Percentage of memory in use: 24%
Total physical RAM: 8073.91 MB
Available physical RAM: 6104.82 MB
Total Pagefile: 16146.02 MB
Available Pagefile: 14024.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
==================== Drives ================================
Drive c: (System) (Fixed) (Total:213.82 GB) (Free:163.88 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 573692F2)
Partition 1: (Active) - (Size=2 GB) - (Type=27)
Partition 2: (Not Active) - (Size=228.5 GB) - (Type=OF Extended)
Partition 3: (Not Active) - (Size=8 GB) - (Type=84)
==================== End Of Log ============================
LG Michael |
|
27.03.2015, 20:13
| #8 |
| /// the machine /// TB-Ausbilder | Windows 7: Volksbank Trojaner "Fiducia": Fraglicher Trojaner eingefangenESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
27.03.2015, 22:11
| #9 |
| | Windows 7: Volksbank Trojaner "Fiducia": Fraglicher Trojaner eingefangen Hallo schrauber, Probleme hatte ich eigentlich keine. Ich war mir nur nicht sicher, ob ich mir durch das Anklicken des Links in der gefälschten Fiducia-Mail einen Trojaner eingefangen hatte. Hatte oder habe ich denn einen? Hier die Logfiles von Eset-online Scanner, Security check und FRST Eset-online Scanner Logfile: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=231408b048b4144fa9144497aa139520
# engine=23043
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-03-23 11:21:59
# local_time=2015-03-24 12:21:59 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Panda Cloud Antivirus'
# compatibility_mode=1552 16777213 75 93 15777270 213352493 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 316574 178782769 0 0
# scanned=129688
# found=0
# cleaned=0
# scan_time=2218
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=231408b048b4144fa9144497aa139520
# engine=23121
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-03-27 09:00:21
# local_time=2015-03-27 10:00:21 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Panda Cloud Antivirus'
# compatibility_mode=1552 16777213 75 93 16114372 213689595 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 31802 179119871 0 0
# scanned=125202
# found=0
# cleaned=0
# scan_time=3396
Code:
ATTFilter Results of screen317's Security Check version 0.99.97
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Panda Endpoint Protection
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java 64-bit 8 Update 31
Adobe Reader XI
Google Chrome (41.0.2272.101)
Google Chrome (41.0.2272.89)
````````Process Check: objlist.exe by Laurent````````
Internet Manager OnlineUpdate ouc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Praxis (administrator) on HOMEOFFICE on 27-03-2015 22:06:24
Running from C:\Users\Praxis\Downloads
Loaded Profiles: Praxis (Available profiles: Praxis)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(REINER SCT) C:\Windows\SysWOW64\cjpcsc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
() C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\WAC\PSANHost.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\WAC\PSUAService.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
(Dell SonicWALL, Inc.) C:\Program Files\Dell SonicWALL\Global VPN Client\SWGVCSvc.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor Corp.) C:\Windows\RtsCM64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Validity Sensors, Inc.) C:\Windows\System32\valWBFPolicyService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
(Fujitsu Technology Solutions) C:\Program Files (x86)\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\WAC\PSUAMain.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Windows\Temp\irstrtsv\scrncap.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNetDm.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Panda Security International) C:\Program Files (x86)\Panda Security\WaAgent\WAHost\WAHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13632216 2013-07-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS_SWVOL] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-04] (Realtek Semiconductor)
HKLM\...\Run: [PSUTility] => C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [171344 2013-07-28] (FUJITSU LIMITED)
HKLM\...\Run: [LoadFujitsuQuickTouch] => C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [158416 2013-07-09] (FUJITSU LIMITED)
HKLM\...\Run: [LoadBtnHnd] => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [23248 2013-07-09] (FUJITSU LIMITED)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2967352 2012-10-26] (Synaptics Incorporated)
HKLM\...\Run: [RtsCM] => C:\Windows\RTSCM64.EXE [144456 2013-03-06] (Realtek Semiconductor Corp.)
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184112 2012-09-17] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [IndicatorUtility] => C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [48752 2010-09-30] (FUJITSU LIMITED)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DeskUpdateNotifier] => C:\Program Files (x86)\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe [101728 2013-09-02] (Fujitsu Technology Solutions)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-09-16] (Intel Corporation)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-05-31] (CyberLink Corp.)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\WAC\PSUAMain.exe [32736 2013-10-17] (Panda Security, S.L.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] => C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\lcStarter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\lcStarter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Praxis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Praxis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zahlungserinnerung.lnk
ShortcutTarget: Zahlungserinnerung.lnk -> C:\Profi cash\wzed.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-51947407-3838788826-2378728623-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-51947407-3838788826-2378728623-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-51947407-3838788826-2378728623-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://fujitsu13.msn.com/?pc=FSJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{2326B32C-7A61-4E51-B966-E7FE66D95D9D}: [NameServer] 10.74.210.210 10.74.210.211
Tcpip\..\Interfaces\{A52A4A78-065F-4E85-9DB6-7C87A72A66DA}: [NameServer] 145.253.2.11
FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-09-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\Praxis\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Praxis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-18]
CHR Extension: (Google Docs) - C:\Users\Praxis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-18]
CHR Extension: (Google Drive) - C:\Users\Praxis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-18]
CHR Extension: (YouTube) - C:\Users\Praxis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-18]
CHR Extension: (Google Search) - C:\Users\Praxis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-18]
CHR Extension: (Google Sheets) - C:\Users\Praxis\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-18]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Praxis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-18]
CHR Extension: (Google Wallet) - C:\Users\Praxis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-18]
CHR Extension: (Gmail) - C:\Users\Praxis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-18]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [518192 2014-01-27] (REINER SCT)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [240584 2012-10-02] (DTS, Inc)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2014-01-15] ()
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
S2 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [682064 2014-04-26] ()
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [781280 2013-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-02] ()
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\WAC\PSANHost.exe [140768 2013-12-20] (Panda Security, S.L.)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [2219520 2012-07-11] (FUJITSU LIMITED) [File not signed]
R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [51608 2013-07-13] (FUJITSU LIMITED)
R2 PSUAService; C:\Program Files (x86)\Panda Security\WAC\PSUAService.exe [37344 2013-10-17] (Panda Security, S.L.)
R2 SWGVCSvc; C:\Program Files\Dell SonicWALL\Global VPN Client\SWGVCSvc.exe [336616 2013-12-03] (Dell SonicWALL, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [35328 2013-09-04] (Validity Sensors, Inc.) [File not signed]
R2 WAHost; C:\Program Files (x86)\Panda Security\WaAgent\WAHost\WAHost.exe [558840 2014-06-25] (Panda Security International)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-08-05] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-02] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1385272 2013-08-08] (Motorola Solutions, Inc.)
S3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [35192 2012-09-04] (REINER SCT)
R1 DNE; C:\Windows\System32\DRIVERS\dnelwf64.sys [133456 2013-10-03] (Citrix Systems, Inc.)
R2 dvctprov; C:\Windows\System32\DRIVERS\dvctprov.sys [105704 2013-08-30] (Panda Security, S.L.)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [495376 2013-05-30] (Intel Corporation)
R0 FBIOSDRV; C:\Windows\System32\Drivers\FBIOSDRV.sys [21104 2009-06-24] (FUJITSU LIMITED)
R3 FUJ02B1; C:\Windows\system32\drivers\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\system32\drivers\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
R3 guardian2; C:\Windows\System32\Drivers\oz776x64.sys [87696 2013-01-10] (O2Micro)
S3 hwusb_cdcacm; C:\Windows\System32\DRIVERS\ew_cdcacm.sys [125952 2014-07-25] (Huawei Technologies Co., Ltd.)
S3 hwusb_wwanecm; C:\Windows\System32\DRIVERS\ew_wwanecm.sys [380672 2014-07-23] (Huawei Technologies Co., Ltd.)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-08-31] (Intel Corporation)
R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [113096 2013-08-07] (Intel Corporation)
R3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [43800 2013-06-27] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw02.sys [3584992 2013-07-31] (Intel Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [93440 2014-01-22] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [124160 2014-01-16] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110624 2014-02-26] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [116480 2014-01-16] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [97024 2014-01-16] (Panda Security, S.L.)
S4 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [71424 2014-01-16] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [127744 2014-01-22] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [307456 2014-02-24] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [123648 2014-01-16] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [116992 2014-01-16] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [259328 2014-02-24] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109824 2014-01-22] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [170752 2014-01-17] (Panda Security, S.L.)
R0 PSINDvct; C:\Windows\System32\DRIVERS\PSINDvct.sys [53480 2013-08-30] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [124160 2014-01-17] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [207616 2014-01-26] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [126208 2014-01-17] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [139520 2014-01-17] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [58360 2012-11-07] (Panda Security, S.L.)
R3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [418008 2013-06-24] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8243144 2013-03-06] (Realtek Semiconductor Corp.)
R2 SWIPsec; C:\Windows\system32\Drivers\SWIPsec.sys [110064 2013-12-03] (Dell SonicWALL, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-27 22:03 - 2015-03-27 22:03 - 00852604 _____ () C:\Users\Praxis\Downloads\SecurityCheck.exe
2015-03-27 19:40 - 2012-11-07 08:00 - 00058360 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2015-03-27 12:28 - 2015-03-27 12:29 - 00016943 _____ () C:\Users\Praxis\Downloads\Addition.txt
2015-03-27 12:27 - 2015-03-27 22:06 - 00022186 _____ () C:\Users\Praxis\Downloads\FRST.txt
2015-03-27 12:26 - 2015-03-27 12:26 - 00000873 _____ () C:\Users\Praxis\Desktop\JRT.txt
2015-03-27 12:16 - 2015-03-27 12:16 - 01388782 _____ (Thisisu) C:\Users\Praxis\Downloads\JRT.exe
2015-03-27 12:11 - 2015-03-27 12:11 - 02168320 _____ () C:\Users\Praxis\Downloads\AdwCleaner_4.113.exe
2015-03-27 12:10 - 2015-03-27 12:10 - 00001218 _____ () C:\Users\Praxis\Downloads\mbam 27.3..txt
2015-03-26 19:05 - 2015-03-26 19:05 - 00024051 _____ () C:\ComboFix.txt
2015-03-26 18:53 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-26 18:53 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-26 18:53 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-26 18:53 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-26 18:53 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-26 18:53 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-26 18:53 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-26 18:53 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-26 18:49 - 2015-03-26 19:05 - 00000000 ____D () C:\Qoobox
2015-03-26 18:48 - 2015-03-26 19:02 - 00000000 ____D () C:\Windows\erdnt
2015-03-26 18:47 - 2015-03-26 18:47 - 05615749 ____R (Swearware) C:\Users\Praxis\Downloads\ComboFix.exe
2015-03-25 21:44 - 2015-03-25 21:47 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Praxis\Downloads\tdsskiller.exe
2015-03-25 21:27 - 2015-03-25 21:40 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-25 21:26 - 2015-03-25 21:40 - 00000000 ____D () C:\Users\Praxis\Desktop\mbar
2015-03-25 21:25 - 2015-03-25 21:26 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Praxis\Downloads\mbar-1.09.1.1004.exe
2015-03-25 21:23 - 2015-03-25 21:24 - 00000000 ____D () C:\Users\Praxis\Downloads\Textordner
2015-03-25 21:20 - 2015-03-25 21:20 - 00001230 _____ () C:\Users\Praxis\Desktop\Revo Uninstaller.lnk
2015-03-25 21:20 - 2015-03-25 21:20 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-03-25 21:19 - 2015-03-25 21:19 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Praxis\Downloads\revosetup95.exe
2015-03-25 20:58 - 2015-03-25 20:58 - 608427405 _____ () C:\Windows\MEMORY.DMP
2015-03-25 20:58 - 2015-03-25 20:58 - 00722776 _____ () C:\Windows\Minidump\032515-14726-01.dmp
2015-03-25 20:58 - 2015-03-25 20:58 - 00000000 ____D () C:\Windows\Minidump
2015-03-25 19:38 - 2015-03-25 19:38 - 00380416 _____ () C:\Users\Praxis\Downloads\Gmer-19357.exe
2015-03-25 19:30 - 2015-03-27 22:06 - 00000000 ____D () C:\FRST
2015-03-25 19:30 - 2015-03-25 19:30 - 02095616 _____ (Farbar) C:\Users\Praxis\Downloads\FRST64.exe
2015-03-25 19:28 - 2015-03-25 19:28 - 00000000 _____ () C:\Users\Praxis\defogger_reenable
2015-03-25 19:27 - 2015-03-25 19:27 - 00050477 _____ () C:\Users\Praxis\Downloads\Defogger.exe
2015-03-24 00:28 - 2015-03-24 00:28 - 00380416 _____ () C:\Users\Praxis\Downloads\hsi9rdmq.exe
2015-03-24 00:27 - 2015-03-24 00:27 - 00380416 _____ () C:\Users\Praxis\Downloads\mlo9le1h.exe
2015-03-23 23:40 - 2015-03-23 23:40 - 02347384 _____ (ESET) C:\Users\Praxis\Downloads\esetsmartinstaller_deu.exe
2015-03-23 23:36 - 2015-03-23 23:36 - 00448512 _____ (OldTimer Tools) C:\Users\Praxis\Downloads\TFC.exe
2015-03-23 23:29 - 2015-03-27 12:14 - 00000000 ____D () C:\AdwCleaner
2015-03-23 23:11 - 2015-03-27 11:56 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-23 23:11 - 2015-03-23 23:11 - 00001068 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-23 23:11 - 2015-03-23 23:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-03-23 23:10 - 2015-03-25 21:26 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-23 23:10 - 2015-03-23 23:11 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-03-23 23:10 - 2015-03-23 23:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-23 23:10 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-23 23:10 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-11 20:17 - 2015-02-20 05:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 20:17 - 2015-02-20 05:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 20:17 - 2015-02-20 05:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 20:17 - 2015-02-20 05:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 20:17 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-11 20:17 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 20:17 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-11 20:17 - 2015-02-20 05:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-11 20:17 - 2015-02-20 04:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 20:17 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 20:16 - 2015-02-03 04:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 20:16 - 2015-02-03 04:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-11 20:16 - 2015-02-03 04:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 20:16 - 2015-02-03 04:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-11 20:16 - 2015-02-03 04:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 20:16 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 20:16 - 2015-02-03 04:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 20:16 - 2015-02-03 04:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 20:16 - 2015-02-03 04:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 20:16 - 2015-02-03 04:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 20:16 - 2015-02-03 04:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 20:16 - 2015-02-03 04:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 20:16 - 2015-02-03 04:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 20:16 - 2015-02-03 04:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 20:16 - 2015-02-03 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 20:16 - 2015-02-03 04:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 20:16 - 2015-02-03 04:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 20:16 - 2015-02-03 04:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 20:16 - 2015-02-03 04:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 20:16 - 2015-02-03 04:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 20:16 - 2015-02-03 04:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 20:16 - 2015-02-03 04:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 20:16 - 2015-02-03 04:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 20:16 - 2015-02-03 04:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 20:16 - 2015-02-03 04:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 20:16 - 2015-02-03 04:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 20:16 - 2015-02-03 04:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 20:16 - 2015-02-03 04:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 20:16 - 2015-02-03 04:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 20:16 - 2015-02-03 04:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 20:16 - 2015-02-03 04:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 20:16 - 2015-02-03 04:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 20:16 - 2015-02-03 04:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 20:16 - 2015-02-03 04:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 20:16 - 2015-02-03 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 20:16 - 2015-02-03 04:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 20:16 - 2015-02-03 04:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-11 20:16 - 2015-02-03 04:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-11 20:16 - 2015-02-03 04:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-11 20:16 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-11 20:16 - 2015-02-03 04:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-11 20:16 - 2015-02-03 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-11 20:16 - 2015-02-03 04:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-11 20:16 - 2015-02-03 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-11 20:16 - 2015-02-03 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-11 20:16 - 2015-02-03 03:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 20:16 - 2015-01-31 04:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-11 20:16 - 2015-01-31 04:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-11 20:16 - 2015-01-31 00:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-11 20:16 - 2014-10-31 23:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 20:16 - 2014-06-28 01:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-11 20:16 - 2014-06-28 01:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-11 20:15 - 2015-03-06 06:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 20:15 - 2015-03-06 06:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 20:15 - 2015-03-06 06:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 20:15 - 2015-03-06 06:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 20:15 - 2015-03-06 06:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 20:15 - 2015-03-06 06:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 20:15 - 2015-03-06 06:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 20:15 - 2015-03-06 06:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 20:15 - 2015-03-06 06:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 20:15 - 2015-03-06 06:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 20:15 - 2015-03-06 06:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 20:15 - 2015-03-06 06:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 20:15 - 2015-03-06 06:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 20:15 - 2015-03-06 06:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 20:15 - 2015-03-06 06:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 20:15 - 2015-03-06 06:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 20:15 - 2015-03-06 06:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 20:15 - 2015-03-06 06:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 20:15 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-11 20:15 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-11 20:15 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 20:15 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-11 20:15 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-11 20:15 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-11 20:15 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 20:15 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 20:15 - 2015-03-06 06:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 20:15 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-11 20:15 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-11 20:15 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-11 20:15 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-11 20:15 - 2015-02-26 04:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 20:15 - 2015-02-24 04:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 20:15 - 2015-02-24 03:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-11 20:15 - 2015-02-21 02:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 20:15 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 20:15 - 2015-02-21 01:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-11 20:15 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 20:15 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 20:15 - 2015-02-21 00:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 20:15 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 20:15 - 2015-02-20 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 20:15 - 2015-02-20 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 20:15 - 2015-02-20 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 20:15 - 2015-02-20 03:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 20:15 - 2015-02-20 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 20:15 - 2015-02-20 03:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 20:15 - 2015-02-20 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 20:15 - 2015-02-20 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 20:15 - 2015-02-20 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 20:15 - 2015-02-20 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 20:15 - 2015-02-20 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 20:15 - 2015-02-20 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 20:15 - 2015-02-20 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 20:15 - 2015-02-20 03:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 20:15 - 2015-02-20 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 20:15 - 2015-02-20 03:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-11 20:15 - 2015-02-20 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 20:15 - 2015-02-20 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 20:15 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 20:15 - 2015-02-20 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 20:15 - 2015-02-20 03:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-11 20:15 - 2015-02-20 03:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-11 20:15 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 20:15 - 2015-02-20 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 20:15 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 20:15 - 2015-02-20 03:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-11 20:15 - 2015-02-20 03:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-11 20:15 - 2015-02-20 02:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-11 20:15 - 2015-02-20 02:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-11 20:15 - 2015-02-20 02:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-11 20:15 - 2015-02-20 02:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 20:15 - 2015-02-20 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 20:15 - 2015-02-20 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 20:15 - 2015-02-20 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 20:15 - 2015-02-20 02:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 20:15 - 2015-02-20 02:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-11 20:15 - 2015-02-20 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-11 20:15 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 20:15 - 2015-02-20 02:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 20:15 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 20:15 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 20:15 - 2015-02-20 02:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-11 20:15 - 2015-02-20 02:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 20:15 - 2015-02-20 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 20:15 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 20:15 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 20:15 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 20:15 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 20:15 - 2015-02-13 06:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 20:15 - 2015-02-03 04:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 20:15 - 2015-02-03 04:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 20:15 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 20:15 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 20:15 - 2015-01-31 00:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 20:15 - 2015-01-17 03:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 20:15 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-11 20:14 - 2015-02-04 04:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 20:14 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-27 21:15 - 2014-08-12 19:36 - 01998507 _____ () C:\Windows\WindowsUpdate.log
2015-03-27 21:14 - 2014-09-18 18:51 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-27 21:02 - 2009-07-14 05:45 - 00016768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-27 21:02 - 2009-07-14 05:45 - 00016768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-27 21:00 - 2013-12-25 12:23 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2015-03-27 21:00 - 2013-12-25 12:23 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2015-03-27 21:00 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-27 20:56 - 2014-08-15 13:40 - 00000000 ____D () C:\Users\Praxis\Documents\Youcam
2015-03-27 20:56 - 2014-08-15 13:36 - 00003314 _____ () C:\Windows\System32\Tasks\Intel(R) Rapid Start Technology Manager
2015-03-27 20:55 - 2014-09-18 18:51 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-27 20:55 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-27 20:55 - 2009-07-14 05:51 - 00064365 _____ () C:\Windows\setupact.log
2015-03-27 19:54 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-03-26 19:09 - 2010-11-21 04:47 - 00792542 _____ () C:\Windows\PFRO.log
2015-03-26 19:05 - 2013-12-26 07:54 - 00000000 ____D () C:\Windows\System32\Tasks\Fujitsu
2015-03-26 19:02 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-03-25 19:28 - 2014-08-15 13:34 - 00000000 ____D () C:\Users\Praxis
2015-03-23 23:27 - 2010-11-21 08:17 - 00000000 ____D () C:\Windows\ShellNew
2015-03-23 22:27 - 2014-09-18 18:52 - 00002141 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-23 21:28 - 2015-02-19 12:13 - 00000000 ____D () C:\Profi cash
2015-03-18 19:15 - 2014-09-18 12:28 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-03-14 20:44 - 2009-07-14 05:45 - 00373656 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-14 20:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-14 20:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-14 20:19 - 2014-08-15 16:07 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-14 20:16 - 2014-08-15 16:06 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
==================== Files in the root of some directories =======
2013-12-26 07:44 - 2013-12-26 07:44 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some content of TEMP:
====================
C:\Users\Praxis\AppData\Local\Temp\Quarantine.exe
C:\Users\Praxis\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-14 16:43
==================== End Of Log ============================
Nochmals vielen Dank |
|
28.03.2015, 12:29
| #10 | |
| /// the machine /// TB-Ausbilder | Windows 7: Volksbank Trojaner "Fiducia": Fraglicher Trojaner eingefangenZitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
28.03.2015, 13:10
| #11 |
| | Windows 7: Volksbank Trojaner "Fiducia": Fraglicher Trojaner eingefangen Hi, sagen mir jetzt nix. Gruß Michael Hallo, die IPs sagen mir jetzt nix. Gruß Michael |
|
28.03.2015, 19:52
| #12 |
| /// the machine /// TB-Ausbilder | Windows 7: Volksbank Trojaner "Fiducia": Fraglicher Trojaner eingefangen Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Tcpip\..\Interfaces\{2326B32C-7A61-4E51-B966-E7FE66D95D9D}: [NameServer] 10.74.210.210 10.74.210.211
Tcpip\..\Interfaces\{A52A4A78-065F-4E85-9DB6-7C87A72A66DA}: [NameServer] 145.253.2.11
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
 Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde:  Combofix deinstallieren
Alle Logs gepostet? Dann lade Dir bitte  DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...  und/oder das Forum mit einer kleinen Spende  unterstützen.   Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. Meine Empfehlung:  Emsisoft Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional:  NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.Lade Software von einem sauberen Portal wie  .Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
28.03.2015, 21:17
| #13 |
| | Windows 7: Volksbank Trojaner "Fiducia": Fraglicher Trojaner eingefangen Hallo schrauber, ganz dickes Lob für die Schufterei. Ich werde das auch später ins Forum stellen. Hier noch die Logfiles: Fixlog.txt von FRST.exe Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Praxis at 2015-03-28 21:12:57 Run:1
Running from C:\Users\Praxis\Downloads
Loaded Profiles: Praxis (Available profiles: Praxis)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Tcpip\..\Interfaces\{2326B32C-7A61-4E51-B966-E7FE66D95D9D}: [NameServer] 10.74.210.210 10.74.210.211
Tcpip\..\Interfaces\{A52A4A78-065F-4E85-9DB6-7C87A72A66DA}: [NameServer] 145.253.2.11
Emptytemp:
*****************
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2326B32C-7A61-4E51-B966-E7FE66D95D9D}\\NameServer => Value not found.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A52A4A78-065F-4E85-9DB6-7C87A72A66DA}\\NameServer => Value not found.
EmptyTemp: => Removed 21.4 MB temporary data.
The system needed a reboot.
==== End of Fixlog 21:12:59 ====
Combofix Logfile: Code:
ATTFilter ComboFix 15-03-25.01 - Praxis 28.03.2015 20:52:53.2.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8074.6367 [GMT 1:00]
ausgeführt von:: c:\users\Praxis\Downloads\ComboFix.exe
Benutzte Befehlsschalter :: / Uninstall
AV: Panda Endpoint Protection *Enabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
FW: Panda Endpoint Protection Firewall *Enabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
SP: Panda Endpoint Protection *Enabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
c:\windows\TEMP\irstrtsv\scrncap.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-02-28 bis 2015-03-28 ))))))))))))))))))))))))))))))
.
.
2015-03-28 19:55 . 2015-03-28 19:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-03-28 08:48 . 2012-11-07 07:00 58360 ----a-w- c:\windows\system32\drivers\PSKMAD.sys
2015-03-27 12:10 . 2015-03-14 10:02 12002392 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DC1DAEC5-A9E4-4291-9540-FDE6081DD7AB}\mpengine.dll
2015-03-25 20:27 . 2015-03-25 20:40 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-03-25 20:20 . 2015-03-25 20:20 -------- d-----w- c:\program files (x86)\VS Revo Group
2015-03-25 18:30 . 2015-03-28 19:40 -------- d-----w- C:\FRST
2015-03-23 22:29 . 2015-03-27 11:14 -------- d-----w- C:\AdwCleaner
2015-03-23 22:11 . 2015-03-27 10:56 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-23 22:10 . 2015-03-25 20:26 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-03-23 22:10 . 2015-03-23 22:11 -------- d-----w- c:\program files (x86)\ Malwarebytes Anti-Malware
2015-03-23 22:10 . 2015-03-23 22:10 -------- d-----w- c:\programdata\Malwarebytes
2015-03-23 22:10 . 2015-03-17 05:15 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-03-23 22:10 . 2015-03-17 05:15 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-03-23 22:10 . 2015-03-23 22:10 -------- d-----w- c:\users\Praxis\AppData\Local\Programs
2015-03-11 19:17 . 2015-02-20 04:41 41984 ----a-w- c:\windows\system32\lpk.dll
2015-03-11 19:17 . 2015-02-20 04:40 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-03-11 19:17 . 2015-02-20 03:29 372224 ----a-w- c:\windows\system32\atmfd.dll
2015-03-11 19:17 . 2015-02-20 03:09 299008 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-03-11 19:17 . 2015-02-20 04:40 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-03-11 19:17 . 2015-02-20 04:40 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-03-11 19:17 . 2015-02-20 04:13 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-03-11 19:17 . 2015-02-20 04:13 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-03-11 19:17 . 2015-02-20 04:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-03-11 19:17 . 2015-02-20 04:12 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-03-11 19:15 . 2015-02-03 03:31 215552 ----a-w- c:\windows\system32\ubpm.dll
2015-03-11 19:14 . 2015-02-04 03:16 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2015-03-11 19:14 . 2015-02-04 02:54 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-14 19:16 . 2014-08-15 15:06 122905848 ----a-w- c:\windows\system32\MRT.exe
2015-02-24 03:17 . 2010-11-21 03:27 295552 ------w- c:\windows\system32\MpSigStub.exe
2015-02-10 10:36 . 2014-09-18 11:29 627912 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-09-18 11:33 220632 ----a-w- c:\users\Praxis\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-09-18 11:33 220632 ----a-w- c:\users\Praxis\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-09-18 11:33 220632 ----a-w- c:\users\Praxis\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-04-26 292848]
"IndicatorUtility"="c:\program files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2010-09-30 48752]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"DeskUpdateNotifier"="c:\program files (x86)\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe" [2013-09-02 101728]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2013-09-16 134616]
"YouCam Service"="c:\program files (x86)\CyberLink\YouCam\YouCamService.exe" [2013-05-31 267224]
"PSUAMain"="c:\program files (x86)\Panda Security\WAC\PSUAMain.exe" [2013-10-17 32736]
"IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2010-03-08 46368]
"PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2010-03-08 29984]
"PPort12reminder"="c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]
"PDFHook"="c:\program files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-05 636192]
"PDF5 Registry Controller"="c:\program files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 62752]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
.
c:\users\Praxis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
An OneNote senden.lnk - c:\program files\Microsoft Office 15\root\office15\ONENOTEM.EXE /tsr [2014-9-22 195240]
Zahlungserinnerung.lnk - c:\profi cash\wzed.exe [2015-2-19 47616]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LaunchCenter.lnk - c:\program files\Fujitsu\LaunchCenter\lcStarter.exe [2012-1-19 21504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Internet Manager. RunOuc;Internet Manager. OUC;c:\program files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe;c:\program files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x]
R2 NanoServiceMain;Panda Endpoint Protection Service;c:\program files (x86)\Panda Security\WAC\PSANHost.exe;c:\program files (x86)\Panda Security\WAC\PSANHost.exe [x]
R2 PSUAService;Panda Product Service;c:\program files (x86)\Panda Security\WAC\PSUAService.exe;c:\program files (x86)\Panda Security\WAC\PSUAService.exe [x]
R2 WAHost;Panda Endpoint Administration Agent;c:\program files (x86)\Panda Security\WaAgent\WAHost\WAHost.exe;c:\program files (x86)\Panda Security\WaAgent\WAHost\WAHost.exe [x]
R3 cjusb;REINER SCT cyberJack USB Driver;c:\windows\system32\DRIVERS\cjusb.sys;c:\windows\SYSNATIVE\DRIVERS\cjusb.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 hwusb_cdcacm;hwusb_cdcacm;c:\windows\system32\DRIVERS\ew_cdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_cdcacm.sys [x]
R3 hwusb_wwanecm;hwusb_wwanecm;c:\windows\system32\DRIVERS\ew_wwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_wwanecm.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SWVNIC;SonicWALL Virtual Miniport;c:\windows\system32\DRIVERS\swvnic.sys;c:\windows\SYSNATIVE\DRIVERS\swvnic.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 NNSPIHSW;NNSPIHSW;c:\windows\system32\DRIVERS\NNSPihsw.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPihsw.sys [x]
S0 FBIOSDRV;Fujitsu BIOS Driver;c:\windows\System32\Drivers\FBIOSDRV.sys;c:\windows\SYSNATIVE\Drivers\FBIOSDRV.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\drivers\iaStorF.sys;c:\windows\SYSNATIVE\drivers\iaStorF.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys;c:\windows\SYSNATIVE\drivers\iusb3hcs.sys [x]
S0 PSINDvct;Device control Driver;c:\windows\system32\DRIVERS\PSINDvct.sys;c:\windows\SYSNATIVE\DRIVERS\PSINDvct.sys [x]
S1 NNSALPC;NNSALPC;c:\windows\system32\DRIVERS\NNSAlpc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSAlpc.sys [x]
S1 NNSHTTP;NNSHTTP;c:\windows\system32\DRIVERS\NNSHttp.sys;c:\windows\SYSNATIVE\DRIVERS\NNSHttp.sys [x]
S1 NNSHTTPS;NNSHTTPS;c:\windows\system32\DRIVERS\NNSHttps.sys;c:\windows\SYSNATIVE\DRIVERS\NNSHttps.sys [x]
S1 NNSIDS;NNSIDS;c:\windows\system32\DRIVERS\NNSIds.sys;c:\windows\SYSNATIVE\DRIVERS\NNSIds.sys [x]
S1 NNSPICC;NNSPICC;c:\windows\system32\DRIVERS\NNSPicc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPicc.sys [x]
S1 NNSPOP3;NNSPOP3;c:\windows\system32\DRIVERS\NNSPop3.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPop3.sys [x]
S1 NNSPROT;NNSPROT;c:\windows\system32\DRIVERS\NNSProt.sys;c:\windows\SYSNATIVE\DRIVERS\NNSProt.sys [x]
S1 NNSPRV;NNSPRV;c:\windows\system32\DRIVERS\NNSPrv.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPrv.sys [x]
S1 NNSSMTP;NNSSMTP;c:\windows\system32\DRIVERS\NNSSmtp.sys;c:\windows\SYSNATIVE\DRIVERS\NNSSmtp.sys [x]
S1 NNSSTRM;NNSSTRM;c:\windows\system32\DRIVERS\NNSStrm.sys;c:\windows\SYSNATIVE\DRIVERS\NNSStrm.sys [x]
S1 NNSTLSC;NNSTLSC;c:\windows\system32\DRIVERS\NNSTlsc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSTlsc.sys [x]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys;c:\windows\SYSNATIVE\DRIVERS\psinknc.sys [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 cjpcsc;cyberJack PC/SC COM Service ;c:\windows\SysWOW64\cjpcsc.exe;c:\windows\SysWOW64\cjpcsc.exe [x]
S2 ClickToRunSvc;Microsoft Office-Klick-und-Los-Dienst;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [x]
S2 dvctprov;dvctprov;c:\windows\system32\DRIVERS\dvctprov.sys;c:\windows\SYSNATIVE\DRIVERS\dvctprov.sys [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 irstrtsv;Intel(R) Rapid Start Technology Service;c:\windows\SysWOW64\irstrtsv.exe;c:\windows\SysWOW64\irstrtsv.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [x]
S2 PFNService;PFNService;c:\program files\Fujitsu\Plugfree NETWORK\PFNService.exe;c:\program files\Fujitsu\Plugfree NETWORK\PFNService.exe [x]
S2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\Fujitsu\PSUtility\PSUService.exe;c:\program files\Fujitsu\PSUtility\PSUService.exe [x]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys;c:\windows\SYSNATIVE\DRIVERS\PSINAflt.sys [x]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys;c:\windows\SYSNATIVE\DRIVERS\PSINFile.sys [x]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys;c:\windows\SYSNATIVE\DRIVERS\PSINProc.sys [x]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys;c:\windows\SYSNATIVE\DRIVERS\PSINProt.sys [x]
S2 SWGVCSvc;Dell SonicWALL Global VPN Client Service;c:\program files\Dell SonicWALL\Global VPN Client\SWGVCSvc.exe;c:\program files\Dell SonicWALL\Global VPN Client\SWGVCSvc.exe [x]
S2 SWIPsec;SonicWALL IPsec Driver;c:\windows\system32\Drivers\SWIPsec.sys;c:\windows\SYSNATIVE\Drivers\SWIPsec.sys [x]
S2 valWBFPolicyService;Validity WBF Policy Service;c:\windows\system32\valWBFPolicyService.exe;c:\windows\SYSNATIVE\valWBFPolicyService.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 e1dexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver D;c:\windows\system32\DRIVERS\e1d62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1d62x64.sys [x]
S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\FUJ02E3.sys;c:\windows\SYSNATIVE\drivers\FUJ02E3.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 ibtusb;Intel(R) Wireless Bluetooth(R) 4.0 + HS Adapter;c:\windows\system32\DRIVERS\ibtusb.sys;c:\windows\SYSNATIVE\DRIVERS\ibtusb.sys [x]
S3 irstrtdv;Intel(R) Rapid Start Technology Driver;c:\windows\system32\DRIVERS\irstrtdv.sys;c:\windows\SYSNATIVE\DRIVERS\irstrtdv.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys;c:\windows\SYSNATIVE\drivers\iusb3xhc.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 PSKMAD;PSKMAD;c:\windows\system32\DRIVERS\PSKMAD.sys;c:\windows\SYSNATIVE\DRIVERS\PSKMAD.sys [x]
S3 RTSPER;Realtek PCIE Card Reader - PER;c:\windows\system32\DRIVERS\RtsPer.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPer.sys [x]
S3 rtsuvc;FJ Camera;c:\windows\system32\DRIVERS\rtsuvc.sys;c:\windows\SYSNATIVE\DRIVERS\rtsuvc.sys [x]
S3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-03-23 21:15 1061704 ----a-w- c:\program files (x86)\Google\Chrome\Application\41.0.2272.101\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-09-18 17:51]
.
2015-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-09-18 17:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-09-18 11:33 244696 ----a-w- c:\users\Praxis\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-09-18 11:33 244696 ----a-w- c:\users\Praxis\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-09-18 11:33 244696 ----a-w- c:\users\Praxis\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-02-10 11:52 2334928 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-02-10 11:52 2334928 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-02-10 11:52 2334928 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-08-27 165872]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-08-27 407536]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-08-27 444400]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-07-23 13632216]
"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2013-07-04 1321688]
"RtHDVBg_DTS_SWVOL"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2013-07-04 1321688]
"PSUTility"="c:\program files\Fujitsu\PSUtility\TrayManager.exe" [2013-07-28 171344]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2013-07-09 158416]
"LoadBtnHnd"="c:\program files\Fujitsu\Application Panel\BtnHnd.exe" [2013-07-09 23248]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RtsCM"="RTSCM64.EXE" [2013-03-06 144456]
"BLEServicesCtrl"="c:\program files (x86)\Intel\Bluetooth\BleServicesCtrl.exe" [2012-09-17 184112]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshellex.dll" [2013-05-21 7830328]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-03-28 20:56:38
ComboFix-quarantined-files.txt 2015-03-28 19:56
ComboFix2.txt 2015-03-26 18:05
.
Vor Suchlauf: 14 Verzeichnis(se), 176.384.266.240 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 176.668.315.648 Bytes frei
.
- - End Of File - - 7CD8A09922933726C83CEE893EFF3A7B
A36C5E4F47E84449FF07ED3517B43A31 [/CODE] Ich weiß jetzt immer noch nicht recht, ob mein Rechner infiziert war oder nicht? Was meinst Du? |
|
29.03.2015, 09:44
| #14 |
| /// the machine /// TB-Ausbilder | Windows 7: Volksbank Trojaner "Fiducia": Fraglicher Trojaner eingefangen Ja war er, war aber nicht so wild
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows 7: Volksbank Trojaner "Fiducia": Fraglicher Trojaner eingefangen |
| antivirus, avast anti-virus packages entfernen, defender, device driver, downloader, eset-online, fehlercode 0x5, fehlercode 22, fehlercode 28, fehlercode windows, pup.optional.installcore, pup.optional.installcore.a, pup.optional.smartbar, pup.optional.smartbar.a, registry, security, services.exe, svchost.exe, this device is disabled. (code 22), trojaner |
dann auf 
und dann auf 
. 
WARNUNG an die MITLESER: 
+ R Taste und schreibe Combofix /Uninstall in das 
