| |
| |||||||
Log-Analyse und Auswertung: conhost.exe-Prozess unterbricht ausgewähltes FensterWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
12.04.2015, 16:11
| #1 |
 |  conhost.exe-Prozess unterbricht ausgewähltes Fenster Seid Zwei Tagen schon habe ich das Problem, dass sich das momentan aktive Fenster immer alle ca. 5 Sekunden in den Hintergrund versetzt. Wenn das geschehen ist, kann ich entweder wieder auf das Fenster klicken oder weitere 5 Sekunden, bis es wieder aktiv ist und ich weiter schreiben etc. kann. Das geschieht sowohl Spielen, welche dann minimieren oder den Vollbildmodus beenden, als auch bei Textdateien, Videos etc. Als ich dann mal im Task-Manager die Prozesse beobachtet habe, viel mir auf, dass bei einer der 4 bis 6 conhost.exe Prozesse immer die Beschreibung kurz verschwindet, sobald das Fenster de- bzw. aktiviert wird. Ich würde über Hilfe freuen, da dieses Problem extrem lästig ist. Danke schon mal im Voraus. Tobi44718 |
|
12.04.2015, 16:45
| #2 |
| /// the machine /// TB-Ausbilder    | conhost.exe-Prozess unterbricht ausgewähltes Fenster hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
12.04.2015, 16:52
| #3 |
| | conhost.exe-Prozess unterbricht ausgewähltes FensterFRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-04-2015
Ran by Tobias (administrator) on TOBIAS-PC on 12-04-2015 17:49:06
Running from C:\Users\Tobias\Desktop
Loaded Profiles: Tobias (Available profiles: Tobias)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\System32\PnkBstrA.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(ITE Tech. Inc.) C:\Windows\System32\IRMonitor.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaUI.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe
(Dropbox, Inc.) C:\Users\Tobias\AppData\Roaming\Dropbox\bin\Dropbox.exe
(FNet Co., Ltd.) C:\Program Files (x86)\XFastUsb\XFastUsb.exe
(Creative Technology Ltd) C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe
(Macrovision Europe Ltd.) C:\Users\Tobias\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001
(Creative Technology Ltd) C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(BitLeader) C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
(Creative Labs) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Apple Inc.) C:\Program Files\iTunes\iTunes.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Tobias\Desktop\FRST64 (2).exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\wermgr.exe
(Microsoft Corporation) C:\Windows\System32\wermgr.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-28] (Realtek Semiconductor)
HKLM\...\Run: [RunDLLEntry] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [5889816 2011-12-07] (Logitech Inc.)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-15] (Logitech Inc.)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2011-09-16] (LogMeIn, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [XFastUsb] => C:\Program Files (x86)\XFastUsb\XFastUsb.exe [4942336 2011-03-22] (FNet Co., Ltd.)
HKLM-x32\...\Run: [CTSyncService] => C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe [1233195 2009-07-08] (Creative Technology Ltd)
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe [241789 2009-05-04] (Creative Technology Ltd)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [619008 2010-05-25] (Nikon Corporation)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-12-15] (CyberLink)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [LGODDFU] => C:\Program Files (x86)\lg_fwupdate\lgfw.exe [27760 2013-02-04] (Bitleader)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [78352 2012-08-27] (cyberlink)
HKU\S-1-5-21-2387981973-1238528810-796836218-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-03-04] (Hewlett-Packard Company)
HKU\S-1-5-21-2387981973-1238528810-796836218-1000\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-08-27] (TomTom)
HKU\S-1-5-21-2387981973-1238528810-796836218-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
ShortcutTarget: Ralink Wireless Utility.lnk -> C:\Program Files (x86)\Ralink\Common\RaUI.exe (Ralink Technology, Corp.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TMMonitor.lnk
ShortcutTarget: TMMonitor.lnk -> C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.)
Startup: C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Tobias\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2387981973-1238528810-796836218-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2387981973-1238528810-796836218-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM -> {22633736-B2C9-4843-8EFD-319E1867AE65} URL = hxxp://www.bing.com/?cc=de
SearchScopes: HKLM-x32 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> {5ED137D3-8CB5-4F0B-95C8-747231816CD2} URL = hxxp://www.bing.com/?cc=de
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2387981973-1238528810-796836218-1000 -> DefaultScope {9760B4B3-1E0E-4b7b-A342-C5FCA4FC60A3} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5480255188&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2387981973-1238528810-796836218-1000 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2387981973-1238528810-796836218-1000 -> {5ED137D3-8CB5-4F0B-95C8-747231816CD2} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
SearchScopes: HKU\S-1-5-21-2387981973-1238528810-796836218-1000 -> {9760B4B3-1E0E-4b7b-A342-C5FCA4FC60A3} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5480255188&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}
BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll [2009-08-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-25] (Oracle Corporation)
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-25] (Oracle Corporation)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-25] (Oracle Corporation)
BHO-x32: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-25] (Oracle Corporation)
BHO-x32: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-02] (Google Inc.)
Toolbar: HKU\.DEFAULT -> No Name - {04A8DD1A-4754-48FE-A703-99846646EF04} - No File
Toolbar: HKU\.DEFAULT -> No Name - {40C3CC16-7269-4B32-9531-17F2950FB06F} - No File
Toolbar: HKU\S-1-5-21-2387981973-1238528810-796836218-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-2387981973-1238528810-796836218-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: HKLM {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-02] (Google Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\5kqzl4du.default
FF NewTab: about:newtab
FF Homepage: about:home
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\system32\npDeployJava1.dll [2013-10-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-25] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2012-06-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Windows\SysWOW64\npdeployJava1.dll [2015-01-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-25] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2387981973-1238528810-796836218-1000: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF Plugin HKU\S-1-5-21-2387981973-1238528810-796836218-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Tobias\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-2387981973-1238528810-796836218-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Tobias\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File
FF Plugin HKU\S-1-5-21-2387981973-1238528810-796836218-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-11-09] ()
FF SearchPlugin: C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\5kqzl4du.default\searchplugins\search_the_web.xml [2013-07-17]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-06-23]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-03]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-10-22]
FF Extension: No Name - C:\Program Files (x86)\AmiExt\flashEnhancer\ff [Not Found]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR StartupUrls: Default -> "https://www.google.de/"
CHR Profile: C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-11]
CHR Extension: (Google Docs) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-11]
CHR Extension: (Google Drive) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-11]
CHR Extension: (YouTube) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-11]
CHR Extension: (GeoGebra) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnbaboaihhkjoaolfnfoablhllahjnee [2014-09-11]
CHR Extension: (Adblock Plus) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-07-20]
CHR Extension: (Google Search) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-11]
CHR Extension: (Google Sheets) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-11]
CHR Extension: (AdBlock) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-07-20]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
CHR Extension: (Gmail) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-11]
CHR HKU\S-1-5-21-2387981973-1238528810-796836218-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [oolkekjjhnaeaahibbnfebmogackofpf] - C:\Users\Tobias\AppData\Local\CRE\oolkekjjhnaeaahibbnfebmogackofpf.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [oolkekjjhnaeaahibbnfebmogackofpf] - C:\Users\Tobias\AppData\Local\CRE\oolkekjjhnaeaahibbnfebmogackofpf.crx [Not Found]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [243728 2012-08-27] (CyberLink)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2011-03-22] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2011-03-22] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [File not signed]
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-28] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed]
S4 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2014-07-21] (LogMeIn, Inc.)
S4 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2011-09-16] (LogMeIn, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-28] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-03-01] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-11-24] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-06-05] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-07-02] () [File not signed]
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP2a\RpcAgentSrv.exe [72344 2008-05-19] (SiSoftware) [File not signed]
R3 Sound Blaster X-Fi MB Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [79360 2011-03-22] (Creative Labs) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2011-09-05] ()
S3 Cardex; C:\Windows\SysWOW64\drivers\TBPANELX64.SYS [15648 2007-03-16] (Windows (R) Server 2003 DDK provider)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [31808 2011-03-22] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2011-03-22] (FNet Co., Ltd.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-01-25] ()
S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [113280 2012-02-19] (ITE )
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2011-09-05] ()
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-31] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-28] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 SaiK1705; C:\Windows\System32\DRIVERS\SaiK1705.sys [180584 2012-09-20] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
R3 SaiU1705; C:\Windows\System32\DRIVERS\SaiU1705.sys [47208 2012-09-20] (Saitek)
S3 TBPanel; No ImagePath
R0 tclondrv; C:\Windows\System32\DRIVERS\tclondrv.sys [26856 2011-10-19] (TuneClone Software)
R1 vmm; C:\Windows\system32\Treiber\vmm.sys [296816 2007-02-18] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz132; \??\C:\Users\Tobias\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [X]
S3 cpuz136; \??\C:\Users\Tobias\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
U3 uxliipod; \??\C:\Users\Tobias\AppData\Local\Temp\uxliipod.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-12 17:49 - 2015-04-12 17:49 - 00032437 _____ () C:\Users\Tobias\Desktop\FRST.txt
2015-04-12 17:48 - 2015-04-12 17:48 - 02096640 _____ (Farbar) C:\Users\Tobias\Downloads\FRST64 (2).exe
2015-04-12 17:48 - 2015-04-12 17:48 - 02096640 _____ (Farbar) C:\Users\Tobias\Desktop\FRST64 (2).exe
2015-04-12 16:44 - 2015-04-12 16:44 - 00000000 ____D () C:\Users\Tobias\Desktop\Neuer Ordner
2015-04-12 16:43 - 2015-04-12 16:43 - 00380416 _____ () C:\Users\Tobias\Downloads\Gmer-19357.exe
2015-04-12 16:40 - 2015-04-12 16:40 - 02095616 _____ (Farbar) C:\Users\Tobias\Downloads\FRST64 (1).exe
2015-04-12 16:38 - 2015-04-12 16:39 - 00000246 _____ () C:\Users\Tobias\Downloads\defogger_enable.log
2015-04-12 16:37 - 2015-04-12 16:39 - 00000474 _____ () C:\Users\Tobias\Downloads\defogger_disable.log
2015-04-12 16:37 - 2015-04-12 16:37 - 00050477 _____ () C:\Users\Tobias\Downloads\Defogger.exe
2015-04-12 16:25 - 2015-04-12 16:25 - 00003106 _____ () C:\Windows\System32\Tasks\WinThruster
2015-04-12 16:25 - 2015-04-12 16:25 - 00003030 _____ () C:\Windows\System32\Tasks\WinThruster_UPDATES
2015-04-12 16:25 - 2015-04-12 16:25 - 00002874 _____ () C:\Windows\System32\Tasks\WinThruster_DEFAULT
2015-04-12 16:25 - 2015-04-12 16:25 - 00001049 _____ () C:\Users\Public\Desktop\WinThruster.lnk
2015-04-12 16:25 - 2015-04-12 16:25 - 00000284 _____ () C:\Windows\Tasks\WinThruster_UPDATES.job
2015-04-12 16:25 - 2015-04-12 16:25 - 00000276 _____ () C:\Windows\Tasks\WinThruster_DEFAULT.job
2015-04-12 16:25 - 2015-04-12 16:25 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\Solvusoft
2015-04-12 16:25 - 2015-04-12 16:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinThruster
2015-04-12 16:25 - 2015-04-12 16:25 - 00000000 ____D () C:\Program Files (x86)\WinThruster
2015-04-12 16:25 - 2012-10-15 17:02 - 00019888 _____ (solvusoft) C:\Windows\system32\roboot64.exe
2015-04-12 16:24 - 2015-04-12 16:25 - 03894696 _____ (solvusoft Corporation ) C:\Users\Tobias\Downloads\Setup_WinThruster_2015.exe
2015-04-11 22:49 - 2015-04-11 22:49 - 00000696 _____ () C:\Users\Tobias\Desktop\JRT.txt
2015-04-11 22:47 - 2015-04-11 22:47 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-TOBIAS-PC-Windows-7-Home-Premium-(64-bit).dat
2015-04-11 22:47 - 2015-04-11 22:47 - 00000000 ____D () C:\RegBackup
2015-04-11 22:46 - 2015-04-11 22:47 - 02686959 _____ (Thisisu) C:\Users\Tobias\Downloads\JRT (2).exe
2015-04-11 22:33 - 2015-04-11 22:33 - 02217984 _____ () C:\Users\Tobias\Downloads\AdwCleaner_4.201.exe
2015-04-11 22:01 - 2015-04-11 22:01 - 00001108 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-11 22:01 - 2015-04-11 22:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-04-11 22:01 - 2015-04-11 22:01 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-04-11 22:01 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-11 22:01 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-11 21:59 - 2015-04-11 22:00 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Tobias\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-11 21:57 - 2015-04-11 21:57 - 00046783 _____ () C:\ComboFix.txt
2015-04-11 21:35 - 2015-04-11 21:57 - 00000000 ____D () C:\Qoobox
2015-04-11 21:35 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-04-11 21:35 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-11 21:35 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-04-11 21:35 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-11 21:35 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-11 21:35 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-11 21:35 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-11 21:35 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-11 21:34 - 2015-04-11 21:56 - 00000000 ____D () C:\Windows\erdnt
2015-04-11 21:33 - 2015-04-11 21:34 - 05617275 ____R (Swearware) C:\Users\Tobias\Downloads\ComboFix.exe
2015-04-11 21:30 - 2015-04-11 21:30 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Tobias\Downloads\tdsskiller.exe
2015-04-11 20:46 - 2015-04-11 22:02 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-11 20:46 - 2015-04-11 21:48 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-04-11 20:45 - 2015-04-11 21:23 - 00000000 ____D () C:\Users\Tobias\Desktop\mbar
2015-04-11 20:45 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-11 20:44 - 2015-04-11 20:45 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Tobias\Downloads\mbar-1.09.1.1004.exe
2015-04-11 20:43 - 2015-04-11 20:43 - 00065554 _____ () C:\Users\Tobias\Downloads\Addition.txt
2015-04-11 20:42 - 2015-04-12 17:49 - 00000000 ____D () C:\FRST
2015-04-11 20:42 - 2015-04-12 16:42 - 00052405 _____ () C:\Users\Tobias\Downloads\FRST.txt
2015-04-11 20:41 - 2015-04-11 20:41 - 02095616 _____ (Farbar) C:\Users\Tobias\Downloads\FRST64.exe
2015-04-08 02:02 - 2015-04-08 02:02 - 00307200 _____ () C:\Users\Tobias\AppData\Local\5D515C96_stp.CIS
2015-04-08 02:02 - 2015-04-08 02:02 - 00000220 _____ () C:\Users\Tobias\AppData\Local\5D515C96_stp.CIS.part
2015-04-06 15:42 - 2015-04-06 15:42 - 00000000 ____D () C:\temp
2015-04-06 15:40 - 2015-03-13 21:41 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-04-06 15:40 - 2015-03-13 21:41 - 24775368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-04-06 15:40 - 2015-03-13 21:41 - 20466376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-04-06 15:40 - 2015-03-13 21:41 - 17258024 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-04-06 15:40 - 2015-03-13 21:41 - 13297144 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-04-06 15:40 - 2015-03-13 21:41 - 13210080 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-04-06 15:40 - 2015-03-13 21:41 - 10775080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-04-06 15:40 - 2015-03-13 21:41 - 10715864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-04-06 15:40 - 2015-03-13 21:41 - 10262160 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-04-06 15:40 - 2015-03-13 21:41 - 03611792 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-04-06 15:40 - 2015-03-13 21:41 - 03249352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-04-06 15:40 - 2015-03-13 21:41 - 01896136 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434788.dll
2015-04-06 15:40 - 2015-03-13 21:41 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434788.dll
2015-04-06 15:40 - 2015-03-13 21:41 - 00997856 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-04-06 15:40 - 2015-03-13 21:41 - 00970384 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-04-06 15:40 - 2015-03-13 21:41 - 00944784 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-04-06 15:40 - 2015-03-13 21:41 - 00930448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-04-06 15:40 - 2015-03-13 21:41 - 00909512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-04-06 15:40 - 2015-03-13 21:41 - 00878328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-04-06 15:40 - 2015-03-13 21:41 - 00496272 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-04-06 15:40 - 2015-03-13 21:41 - 00400584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-04-06 15:40 - 2015-03-13 21:41 - 00390288 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-04-06 15:40 - 2015-03-13 21:41 - 00354112 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-04-06 15:40 - 2015-03-13 21:41 - 00346824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-04-06 15:40 - 2015-03-13 21:41 - 00306208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-04-06 15:40 - 2015-03-13 21:41 - 00178512 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-04-06 15:40 - 2015-03-13 21:41 - 00164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-04-06 15:40 - 2015-03-13 21:41 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-04-06 02:56 - 2015-04-06 02:56 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-06 02:56 - 2015-04-06 02:56 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-05 19:10 - 2015-04-05 19:10 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\.mono
2015-04-05 19:10 - 2015-04-05 19:10 - 00000000 ____D () C:\Users\Tobias\AppData\Local\Colossal Order
2015-04-05 19:10 - 2015-04-05 19:10 - 00000000 ____D () C:\ProgramData\.mono
2015-04-05 18:33 - 2015-04-05 18:33 - 00000222 _____ () C:\Users\Tobias\Desktop\Cities Skylines.url
2015-03-25 23:03 - 2015-03-25 23:03 - 00000000 ____D () C:\Users\Tobias\Desktop\2015-03-25 Scan 2
2015-03-25 23:02 - 2015-03-25 23:02 - 00000000 ____D () C:\Users\Tobias\Desktop\2015-03-25 Scan 1
2015-03-25 16:57 - 2015-03-11 06:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-25 16:57 - 2015-03-11 06:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-25 16:57 - 2015-03-11 06:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-25 16:57 - 2015-03-11 06:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-25 16:57 - 2015-03-11 06:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-25 16:57 - 2015-03-11 06:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-25 16:57 - 2015-03-11 06:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-25 16:57 - 2015-03-11 06:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-23 19:24 - 2015-03-23 19:24 - 00000845 _____ () C:\Users\Tobias\AppData\Local\recently-used.xbel
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-12 17:23 - 2014-05-20 16:50 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-12 17:19 - 2012-02-14 22:56 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-12 16:46 - 2011-09-06 20:12 - 00000000 ____D () C:\Users\Tobias\AppData\Local\CrashDumps
2015-04-12 16:46 - 2011-09-05 02:36 - 01972021 _____ () C:\Windows\WindowsUpdate.log
2015-04-12 16:39 - 2011-09-04 19:48 - 00000000 ____D () C:\Users\Tobias
2015-04-12 16:22 - 2012-06-05 19:32 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-12 15:46 - 2012-08-14 21:41 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2387981973-1238528810-796836218-1000UA.job
2015-04-12 12:43 - 2009-07-14 06:45 - 00023520 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-12 12:43 - 2009-07-14 06:45 - 00023520 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-12 12:36 - 2014-08-28 20:35 - 00000000 ___RD () C:\Users\Tobias\Dropbox
2015-04-12 12:36 - 2014-08-28 20:01 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\Dropbox
2015-04-12 12:36 - 2013-02-04 17:14 - 00000000 ____D () C:\Program Files (x86)\lg_fwupdate
2015-04-12 12:35 - 2013-02-04 17:14 - 00000343 _____ () C:\Windows\lgfwup.ini
2015-04-12 12:33 - 2012-02-19 20:13 - 00000048 _____ () C:\monitor.log
2015-04-12 12:33 - 2012-02-14 22:56 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-12 12:33 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-12 12:33 - 2009-07-14 06:51 - 00270971 _____ () C:\Windows\setupact.log
2015-04-12 01:01 - 2011-10-12 21:08 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{19B58C30-1D25-4CDA-88D5-F3956277D39E}
2015-04-11 22:38 - 2011-03-22 01:45 - 00743074 _____ () C:\Windows\PFRO.log
2015-04-11 22:37 - 2014-06-23 14:05 - 00000000 ____D () C:\Windows\system32\log
2015-04-11 22:37 - 2014-01-25 12:26 - 00000000 ____D () C:\AdwCleaner
2015-04-11 22:27 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\L2Schemas
2015-04-11 21:57 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-04-11 21:49 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-04-11 21:47 - 2012-08-20 19:35 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\convert
2015-04-11 21:46 - 2012-08-14 21:41 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2387981973-1238528810-796836218-1000Core.job
2015-04-11 21:32 - 2009-07-14 19:58 - 00701134 _____ () C:\Windows\system32\perfh007.dat
2015-04-11 21:32 - 2009-07-14 19:58 - 00150314 _____ () C:\Windows\system32\perfc007.dat
2015-04-11 21:32 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-11 20:46 - 2014-01-25 12:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-10 12:43 - 2014-08-28 20:35 - 00001029 _____ () C:\Users\Tobias\Desktop\Dropbox.lnk
2015-04-10 12:43 - 2014-08-28 20:05 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-10 03:08 - 2012-08-14 19:35 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\Skype
2015-04-07 18:16 - 2014-03-31 21:44 - 00011950 _____ () C:\Users\Tobias\Documents\TombRaider.log
2015-04-06 20:55 - 2011-03-22 02:08 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-06 15:41 - 2011-03-22 02:07 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-04-06 15:40 - 2012-11-19 13:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-04-05 23:20 - 2013-11-07 15:00 - 00002181 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-05 22:34 - 2013-09-02 15:19 - 00001383 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
2015-03-28 05:44 - 2014-06-03 11:42 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-03-28 05:44 - 2013-12-09 22:14 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-03-28 05:43 - 2014-06-03 11:42 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-03-28 05:43 - 2013-12-09 22:14 - 01570672 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-03-26 11:30 - 2014-12-10 20:14 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-26 11:30 - 2014-04-30 11:17 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-23 22:22 - 2012-01-03 20:55 - 00000000 ____D () C:\Users\Tobias\Documents\Schule
2015-03-23 20:25 - 2012-06-23 22:24 - 00000000 ____D () C:\Users\Tobias\.gimp-2.8
2015-03-23 15:04 - 2015-02-06 15:16 - 00001247 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2015-03-23 15:04 - 2015-02-06 15:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-03-23 15:04 - 2015-02-06 15:14 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2015-03-23 15:02 - 2015-02-06 15:14 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack
2015-03-23 15:02 - 2011-11-14 17:02 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\DVDVideoSoft
2015-03-14 16:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-03-13 21:41 - 2014-12-23 21:39 - 02906928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-03-13 21:41 - 2014-11-19 22:18 - 16022016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-03-13 21:41 - 2014-08-19 22:15 - 32114888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-03-13 21:41 - 2014-08-19 22:15 - 18580512 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-03-13 21:41 - 2014-08-19 22:14 - 14121624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-03-13 21:41 - 2014-08-19 22:14 - 03303448 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
==================== Files in the root of some directories =======
2013-08-13 23:25 - 2013-08-13 23:35 - 4188160 _____ () C:\Program Files (x86)\GUT3D69.tmp
2013-08-13 23:31 - 2013-08-13 23:35 - 4188160 _____ () C:\Program Files (x86)\GUT7CF8.tmp
2011-12-25 01:00 - 2011-12-25 01:00 - 0000268 ___RH () C:\Users\Tobias\AppData\Roaming\BookService
2011-12-25 01:00 - 2011-12-25 01:00 - 0000268 ___RH () C:\Users\Tobias\AppData\Roaming\Booms
2011-12-25 01:00 - 2011-12-25 01:00 - 0000268 ___RH () C:\Users\Tobias\AppData\Roaming\Breath Pad
2014-05-27 21:59 - 2014-08-31 21:29 - 14155776 _____ () C:\Users\Tobias\AppData\Roaming\Sandra.mdb
2013-08-15 17:14 - 2014-01-25 02:14 - 0000179 _____ () C:\Users\Tobias\AppData\Roaming\WB.CFG
2013-08-17 01:14 - 2014-01-03 01:49 - 0000005 _____ () C:\Users\Tobias\AppData\Roaming\WBPU-Q5-TTL.DAT
2013-08-15 17:14 - 2014-01-25 02:14 - 0000005 _____ () C:\Users\Tobias\AppData\Roaming\WBPU-TTL.DAT
2015-04-08 02:02 - 2015-04-08 02:02 - 0307200 _____ () C:\Users\Tobias\AppData\Local\5D515C96_stp.CIS
2015-04-08 02:02 - 2015-04-08 02:02 - 0000220 _____ () C:\Users\Tobias\AppData\Local\5D515C96_stp.CIS.part
2015-03-23 19:24 - 2015-03-23 19:24 - 0000845 _____ () C:\Users\Tobias\AppData\Local\recently-used.xbel
2011-09-04 23:16 - 2014-12-17 17:01 - 0007622 _____ () C:\Users\Tobias\AppData\Local\Resmon.ResmonCfg
2011-12-25 01:00 - 2011-12-25 01:00 - 0000268 ___RH () C:\ProgramData\Bubble Noise
2011-12-25 01:00 - 2011-12-25 01:00 - 0000268 ___RH () C:\ProgramData\Bundle
2011-12-25 01:00 - 2011-12-25 01:00 - 0000268 ___RH () C:\ProgramData\CIOSupport
2011-12-25 01:00 - 2011-12-25 01:00 - 0000012 ___RH () C:\ProgramData\Clips
2011-12-25 01:00 - 2011-12-25 01:00 - 0000012 ___RH () C:\ProgramData\Colors
2011-12-25 01:00 - 2011-12-25 01:00 - 0000012 ___RH () C:\ProgramData\ColorSync
2014-12-07 12:14 - 2015-02-02 00:03 - 0003868 _____ () C:\ProgramData\flcd_proxy.log
2011-12-25 01:00 - 2012-01-10 18:05 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2011-12-25 01:00 - 2012-07-30 11:35 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2011-12-25 01:00 - 2011-12-25 01:00 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT
Some content of TEMP:
====================
C:\Users\Tobias\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjpausv.dll
C:\Users\Tobias\AppData\Local\Temp\Quarantine.exe
C:\Users\Tobias\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-05 21:10
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-04-2015
Ran by Tobias at 2015-04-12 17:49:22
Running from C:\Users\Tobias\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Activision(R) (x32 Version: 1.0 - Activision) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
ANNO 1404 - Venedig (HKLM-x32\...\{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}) (Version: 2.01.5010 - Ubisoft)
ANNO 1404 (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 1.03.0000 - Ubisoft)
Anno 1404 (x32 Version: 1.00.0000 - Ubisoft) Hidden
ANNO 1503 (HKLM-x32\...\{EBBB1DEF-8878-4CB8-BC0D-1196B30E7527}) (Version: 1.05 - )
Apple Application Support (32-Bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arcade Classics Collection (HKLM-x32\...\Arcade Classics Collection) (Version: - )
ArcSoft Panorama Maker 5 (HKLM-x32\...\{F18046C5-1C4E-4BE1-A3D6-A6F970E2E8E8}) (Version: 5.0.1.71 - ArcSoft)
ArcSoft TotalMedia 3.5 (HKLM-x32\...\{74292F90-895A-4FC6-A692-9641532B1B63}) (Version: 3.5.28.322 - ArcSoft)
ASRock App Charger v1.0.4 (HKLM\...\ASRock App Charger_is1) (Version: - ASRock Inc.)
ASRock eXtreme Tuner v0.1.54 (HKLM-x32\...\ASRock eXtreme Tuner_is1) (Version: - )
ASRock InstantBoot v1.26 (HKLM-x32\...\ASRock InstantBoot_is1) (Version: - )
Assassin's Creed (HKLM-x32\...\{8CFA9151-6404-409A-AF22-4632D04582FD}) (Version: 1.02 - Ubisoft)
Assassin's Creed IV Black Flag (HKLM-x32\...\Uplay Install 273) (Version: - Ubisoft)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield 2(TM) (HKLM-x32\...\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}) (Version: - )
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.25648 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software)
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version: - )
Call of Duty: Black Ops II - Zombies (HKLM-x32\...\Steam App 212910) (Version: - )
Call of Duty: Black Ops II (HKLM-x32\...\Steam App 202970) (Version: - Treyarch)
Call of Duty: Modern Warfare 2 - Multiplayer (HKLM-x32\...\Steam App 10190) (Version: - Infinity Ward)
Call of Duty: Modern Warfare 2 (HKLM-x32\...\Steam App 10180) (Version: - Infinity Ward)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MG5500 series Benutzerregistrierung (HKLM-x32\...\Canon MG5500 series Benutzerregistrierung) (Version: - *Canon Inc.)
Canon MG5500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5500_series) (Version: 1.01 - Canon Inc.)
Canon MG5500 series On-screen Manual (HKLM-x32\...\Canon MG5500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon MP550 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.03 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cities: Skylines (HKLM-x32\...\Steam App 255710) (Version: - Colossal Order Ltd.)
Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4508.52 - CyberLink Corp.)
Dead Space™ 3 (HKLM-x32\...\{D4329609-4102-4F8C-B83F-7FE024EEA314}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
DIE SIEDLER - Das Erbe der Könige - Gold Edition (HKLM-x32\...\{E08DE897-B6AF-4DFF-9E90-131E80C876B4}) (Version: 1.00.0000 - Blue Byte)
DiRT 2 - Demo (HKLM-x32\...\Steam App 44300) (Version: - Codemasters)
DiRT 3 (HKLM-x32\...\GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008400}) (Version: 1.0.0000.132 - Codemasters)
DiRT 3 (x32 Version: 1.0.0000.132 - Codemasters) Hidden
DiRT Showdown (HKLM-x32\...\Steam App 201700) (Version: - Codemasters Racing Studio)
DiRT Showdown Demo (HKLM-x32\...\Steam App 207270) (Version: - Codemasters)
Dropbox (HKU\S-1-5-21-2387981973-1238528810-796836218-1000\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.)
Emergency4 (HKLM-x32\...\{9A4C534E-431F-4A17-97D4-D1682B19A054}) (Version: 1.03.001 - )
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.96 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.96 - Etron Technology) Hidden
Euro Truck Simulator 1.00 (HKLM-x32\...\Euro Truck Simulator) (Version: 1.00 - )
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
Fragen-Lern-CD 4.5 (HKLM-x32\...\de.3m5.wendel.flcd.FLCDB) (Version: 4.5.0 - Wendel-Verlag GmbH)
Fragen-Lern-CD 4.5 (x32 Version: 4.5.0 - Wendel-Verlag GmbH) Hidden
Free Studio version 6.5.0.301 (HKLM-x32\...\Free Studio_is1) (Version: 6.5.0.301 - DVDVideoSoft Ltd.)
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version: - )
Geeks3D FurMark 1.12.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version: - Geeks3D)
GeoGebra 5 (HKLM-x32\...\GeoGebra 5) (Version: 5.0.19.0 - International GeoGebra Institute)
GIMP 2.8.0 (HKLM\...\GIMP-2_is1) (Version: 2.8.0 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Chrome Frame (HKLM-x32\...\{8E9A3680-3E84-3CAB-99CD-66D1FD4C99A7}) (Version: 65.156.32831 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Greenfoot (HKLM-x32\...\{8C838B70-3A71-41E8-91A6-4ADCF2E483D0}) (Version: 2.4.0 - Greenfoot Team)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Imperial Glory (HKLM-x32\...\{1FCC8C70-66B9-420D-942C-2C2A8441C744}) (Version: 1.00.0000 - Pyro Studios)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intergalactic Exterminator Demo (HKLM-x32\...\Intergalactic Exterminator Demo) (Version: - )
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java SE Development Kit 7 Update 40 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170400}) (Version: 1.7.0.400 - Oracle)
Java-Editor 12.2, 2013.10.2 (HKLM-x32\...\{65FBA21B-7F80-4E4E-B275-0958D2648F94}_is1) (Version: - Gerhard Röhner)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
LG Burning Tool (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.2.6009 - CyberLink Corp.)
LG Burning Tool (x32 Version: 6.2.6009 - CyberLink Corp.) Hidden
LG CyberLink BD Advisor (HKLM-x32\...\{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}) (Version: 2.0.4606 - CyberLink Corp.)
LG CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
LG CyberLink LabelPrint (x32 Version: 2.5.3624 - CyberLink Corp.) Hidden
LG CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2820 - CyberLink Corp.)
LG CyberLink Media Suite (x32 Version: 8.0.2820 - CyberLink Corp.) Hidden
LG CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1622_37397b - CyberLink Corp.)
LG CyberLink MediaEspresso (x32 Version: 6.5.1622_37397b - CyberLink Corp.) Hidden
LG CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 4.1.3402 - CyberLink Corp.)
LG CyberLink MediaShow (x32 Version: 4.1.3402 - CyberLink Corp.) Hidden
LG CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.2820a - CyberLink Corp.)
LG CyberLink PowerProducer (x32 Version: 5.0.2.2820a - CyberLink Corp.) Hidden
LG CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3718 - CyberLink Corp.)
LG CyberLink YouCam (x32 Version: 2.0.3718 - CyberLink Corp.) Hidden
LG Tool Kit (HKLM-x32\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - )
LightScribe System Software (HKLM-x32\...\{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}) (Version: 1.18.22.2 - LightScribe)
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Logitech Gaming Software 8.20 (HKLM\...\Logitech Gaming Software) (Version: 8.20.74 - Logitech Inc.)
LogMeIn (HKLM-x32\...\{2BFDA78F-39F7-4537-9995-71424CFA88BB}) (Version: 4.1.2138 - LogMeIn, Inc.)
LOLReplay (HKLM-x32\...\LOLReplay) (Version: 0.8.9.28 - www.leaguereplays.com)
Macromedia Extension Manager (HKLM-x32\...\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}) (Version: 1.7.240 - Macromedia, Inc.)
Macromedia Flash 8 (HKLM-x32\...\{2BD5C305-1B27-4D41-B690-7A61172D2FEB}) (Version: 8.00.0000 - Macromedia)
Macromedia Flash 8 Video Encoder (HKLM-x32\...\{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}) (Version: 1.00.0000 - Macromedia)
Macromedia Flash Player 8 Plugin (HKLM-x32\...\{91057632-CA70-413C-B628-2D3CDBBB906B}) (Version: 8.0.22.0 - Macromedia)
MAGIX Content und Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Goya burnR (MSI) (HKLM-x32\...\MAGIX_{4554434F-61A1-4346-BEF8-60810064B089}) (Version: 4.3.2.0 - MAGIX AG)
MAGIX Goya burnR (MSI) (Version: 4.3.2.0 - MAGIX AG) Hidden
MAGIX Music Maker Techno Edition 5 (HKLM-x32\...\MAGIX_{83533189-F4F8-44DE-866C-23037D09C6D5}) (Version: 19.0.5.57 - MAGIX AG)
MAGIX Music Maker Techno Edition 5 (Version: 19.0.5.57 - MAGIX AG) Hidden
MAGIX Music Maker Techno Edition 5 Trial Soundpools (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Screenshare (HKLM-x32\...\{B63DFA23-5C10-44B4-881D-45EFBF4A4761}) (Version: 4.3.6.1987 - MAGIX AG)
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Mass Effect™ 3 (HKLM-x32\...\{534A31BD-20F4-46b0-85CE-09778379663C}) (Version: 1.05.0.0 - Electronic Arts)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Virtual PC 2007 (HKLM\...\{8A7CAA24-7B23-410B-A7C3-F994B0944160}) (Version: 6.0.156.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Moon Buggy (HKLM-x32\...\Moon Buggy) (Version: - )
Mozilla Firefox 7.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 7.0.1 (x86 de)) (Version: 7.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Need for Speed(TM) Hot Pursuit (HKLM-x32\...\{83A606F5-BF6F-42ED-9F33-B9F74297CDED}) (Version: 1.0.0.0 - Electronic Arts)
Need for Speed™ Most Wanted (HKLM-x32\...\{FB0127F3-985B-44CE-AE29-378CAF60B361}) (Version: 1.2.0.0 - Electronic Arts)
Need for Speed™ Undercover (HKLM-x32\...\{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}) (Version: 1.0.1.0 - Electronic Arts)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.0.1 - Nikon)
NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.1.21 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.25 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 9.1.15.109 - Electronic Arts, Inc.)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)
PDF Creator (HKLM\...\PDF Creator) (Version: - )
Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.2.1 - Nikon)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
Ralink RT2870 Wireless LAN Card (HKLM-x32\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.5.0 - Ralink)
Raptor- Call of the Shadows Demo (HKLM-x32\...\Raptor- Call of the Shadows Demo) (Version: - )
Rapture3D 2.4.11 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version: - Blue Ripple Sound)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6167 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.94 (HKLM-x32\...\Revo Uninstaller) (Version: 1.94 - VS Revo Group)
Re-Volt patch 12.07 (HKLM-x32\...\Re-Volt) (Version: patch 12.07 - )
RollerCoaster Tycoon 3 (HKLM-x32\...\RollerCoaster Tycoon 3_is1) (Version: - Atari)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.1.21 - NVIDIA Corporation) Hidden
SHIFT 2 UNLEASHED™ (HKLM-x32\...\{E8C37E27-5205-4C8A-BECB-B00533045AAE}) (Version: 1.0.0.0 - Electronic Arts)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
SiSoftware Sandra Lite 2014.SP2a (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1) (Version: 20.35.2014.6 - SiSoftware)
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Smart Technology Programming Software 7.0.27.13 (HKLM\...\{C9193CBB-C31A-412A-A074-AD08F0F2CF3D}) (Version: 7.0.27.13 - Mad Catz)
Sound Blaster X-Fi MB (HKLM-x32\...\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}) (Version: 1.0 - Creative Technology Limited)
Speedy Eggbert (HKLM-x32\...\Speedy Eggbert) (Version: - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab for Intel (HKLM-x32\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKU\S-1-5-21-2387981973-1238528810-796836218-1000\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version: - Nicalis, Inc.)
TIPP10 Version 2.1.0 (HKLM-x32\...\TIPP10_is1) (Version: - (c) 2006-2011, Tom Thielicke IT Solutions)
Tom Clancy's H.A.W.X. 2 (HKLM-x32\...\{76A232AF-B7D6-41A4-B795-6B355E6D32B1}) (Version: 1.0.1 - Ubisoft)
Tom Clancy's Splinter Cell® Blacklist™ (HKLM-x32\...\{A6356F2F-D3E1-4D83-9AA2-72871DD0C298}) (Version: 1.00 - Ubisoft)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version: - Crystal Dynamics)
TomTom HOME (HKLM-x32\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
T-Online 6.0 (HKLM-x32\...\{B1275E23-717A-4D52-997A-1AD1E24BC7F3}) (Version: - )
TP-LINK TL-WN721N_TL-WN722N Driver (HKLM-x32\...\{86A7EED0-02D0-4D91-8183-8D2F23F5E6AE}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Client Utility (HKLM-x32\...\{7A2A107B-9695-423F-9462-8F17C178BD35}) (Version: 7.0 - TP-LINK)
Transformers - Die Rache-Spiel (HKLM-x32\...\InstallShield_{08F173A8-AB81-4760-AEB0-CE91F3B05AEF}) (Version: 1.0 - Activision)
Transformers(TM) - Le Jeu Demo (HKLM-x32\...\InstallShield_{52AC37AD-2435-4BD8-A28A-5AF1306EF69B}) (Version: 1.00.0000 - Activision)
Transformers(TM) - Le Jeu Demo (x32 Version: 1.00.0000 - Activision) Hidden
Tunnel Blaster Special Edition (HKLM-x32\...\Tunnel Blaster Special Edition) (Version: - )
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity Web Player (HKU\S-1-5-21-2387981973-1238528810-796836218-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
Uplay (HKLM-x32\...\Uplay) (Version: 4.0 - Ubisoft)
ViewNX 2 (HKLM-x32\...\{DDD62492-32A7-412B-8AF1-2CF032AD42E3}) (Version: 2.1.0 - Nikon)
Vtune 7.16 (HKLM-x32\...\MySSID_is1) (Version: - )
WhiteCap (HKLM-x32\...\WhiteCap) (Version: 5.1.5 - SoundSpectrum)
Wild Wheels (HKLM-x32\...\Wild Wheels_is1) (Version: - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Center Edition MPEG Codec Plug-in (HKLM-x32\...\{94F3D243-2006-4B2D-9160-C2A33F74BB84}) (Version: - ArcSoft)
WinRAR 4.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
WinThruster (HKLM-x32\...\WinThruster_is1) (Version: 1.79 - solvusoft Corporation)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version: - Wargaming.net)
World of Warplanes (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C813EU}_is1) (Version: - Wargaming.net)
XFastUsb (HKLM-x32\...\XFastUsb) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2387981973-1238528810-796836218-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Tobias\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2387981973-1238528810-796836218-1000_Classes\CLSID\{8932AEFE-9DB6-4f43-AFB2-5682F55E773A}\InprocServer32 -> C:\Program Files (x86)\Microsoft Virtual PC\VPCShExH.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2387981973-1238528810-796836218-1000_Classes\CLSID\{939A0D04-0E07-48FE-A463-6623B70C3A96}\localserver32 -> "C:\Users\Tobias\AppData\Local\Conduit\ValueApps\IE\64\ValueApps.exe" No File
CustomCLSID: HKU\S-1-5-21-2387981973-1238528810-796836218-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2387981973-1238528810-796836218-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2387981973-1238528810-796836218-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2387981973-1238528810-796836218-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2387981973-1238528810-796836218-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2387981973-1238528810-796836218-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2387981973-1238528810-796836218-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2387981973-1238528810-796836218-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2387981973-1238528810-796836218-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
==================== Restore Points =========================
09-04-2015 13:10:06 Windows Update
11-04-2015 21:22:32 Malwarebytes Anti-Rootkit Restore Point
12-04-2015 16:27:58 WinThruster So, Apr 12, 15 16:27
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2015-04-11 21:49 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {09247922-057B-4023-A4E0-7B717D8A6F4E} - System32\Tasks\WinThruster_DEFAULT => C:\Program Files (x86)\WinThruster\WinThruster.exe [2012-10-15] (Solvusoft Corporation)
Task: {1D4D5FE5-6050-4233-AB60-B99772FE4446} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {24AE5B1D-BCDE-45DC-98CA-9B869C9F1E68} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2387981973-1238528810-796836218-1000UA => C:\Users\Tobias\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-14] (Facebook Inc.)
Task: {444342D5-492A-45E1-901B-CB423FC9D318} - System32\Tasks\irMonitor => C:\Windows\system32\IRMonitor.exe [2012-02-19] (ITE Tech. Inc.)
Task: {49E48DCF-0848-4535-91C1-7A6DCCE057A2} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {4AF003F6-5BE8-493D-AC52-017889377D57} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-18] (Google Inc.)
Task: {4B9A79C0-C9AA-4DA7-BB3D-0CCAE2711C2C} - System32\Tasks\WinThruster => C:\Program Files (x86)\WinThruster\WinThruster.exe [2012-10-15] (Solvusoft Corporation)
Task: {5C55E514-C804-4E7E-A907-82F3F6A35CD5} - System32\Tasks\{27FBFAE2-913B-45C8-8A21-B01AD82E75C0} => pcalua.exe -a "C:\Users\Tobias\Downloads\msicuu2 (2).exe" -d C:\Users\Tobias\Downloads
Task: {693395E2-82F7-4F2C-B0B0-7826068AE524} - System32\Tasks\{C1F69DA8-76A5-41FD-834F-4ACBC418A24A} => pcalua.exe -a C:\Users\Tobias\Desktop\battlefield2demo.exe.exe -d C:\Users\Tobias\Desktop
Task: {708320AE-42AA-473A-81E4-82C74A85F91B} - System32\Tasks\{6153A0AA-2BAA-4883-899B-C66365FDAFDA} => pcalua.exe -a C:\Users\Tobias\Downloads\battlefield2demo.exe -d C:\Users\Tobias\Downloads
Task: {7CD652FE-396F-4FA0-B612-B3D168A1ED06} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-18] (Google Inc.)
Task: {81EE4F6A-B98F-4BF2-AA33-60384353AE74} - System32\Tasks\{D814E713-C4CB-45E3-A151-275BF3F79E67} => pcalua.exe -a "C:\Users\Tobias\Downloads\Range_RAT5_SD7_0_20_0_64Bit_Drivers_NonWHQL (1).exe" -d C:\Users\Tobias\Downloads
Task: {8CF6364D-1181-4DD6-8ADD-8829BA635910} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {9514FEC3-B372-4597-AF79-153A1A2AB8B1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {95FE45E6-826C-46E2-AABC-7F40E181E6F0} - System32\Tasks\WinThruster_UPDATES => C:\Program Files (x86)\WinThruster\WinThruster.exe [2012-10-15] (Solvusoft Corporation)
Task: {979C993F-5B62-4A16-88F7-AB57414C6FF2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9E635165-DAE4-4040-B984-54285882FA3E} - System32\Tasks\{FBFE8061-FBCC-402A-B945-8A5EFDBE421B} => pcalua.exe -a C:\Users\Tobias\Desktop\battlefield2demo.exe -d C:\Users\Tobias\Desktop
Task: {A1C49FB7-D792-431B-9884-D503C3786C3D} - System32\Tasks\{7320EE2D-83BF-401E-B21E-FA59E2550363} => pcalua.exe -a D:\autorun.exe -d D:\ -c /S
Task: {B78C3358-D4B0-4157-9988-C9089DBFD713} - System32\Tasks\{B5F441D8-5A5E-4FC7-838D-56FA50ECA2B4} => pcalua.exe -a "C:\Program Files (x86)\Common Files\DVDVideoSoft\Uninstall.exe"
Task: {B832D988-FA1F-41E7-BDB7-7BF515FCEB64} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {BAE38B4B-40FB-497B-B8F9-E2715F3BB175} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {BF4EC6B4-303A-4A25-A1E9-4BBCB961B1AC} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2387981973-1238528810-796836218-1000Core => C:\Users\Tobias\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-14] (Facebook Inc.)
Task: {C19B4BF1-3856-46A4-88E9-6C08D6E1579A} - System32\Tasks\{28A81621-9E16-4548-98F7-3FE974068EFD} => pcalua.exe -a D:\SETUP.EXE -d D:\
Task: {CF30251F-8536-443F-8AAE-5833D5C8FA33} - System32\Tasks\{C25256B3-9332-4665-BCF6-30F22D452220} => pcalua.exe -a C:\Users\Public\Downloads\SinglesMSetup.exe -d C:\Users\Public\Downloads
Task: {F25D973C-8C72-4BA5-97BF-46FEC0EFDB21} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {F932211F-1CB5-40F1-828F-9E4B7ED00BBF} - System32\Tasks\{046BE88A-E7B1-41C6-AB1F-447908D4E8D9} => pcalua.exe -a C:\Users\Tobias\AppData\Local\Temp\Temp1_imperial_glory_patch_v1_1.zip\imperialglory_vnnn_v11.exe
Task: {FD826A1B-1CF5-47AA-839C-7A261DBD9AD0} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {FF810F3E-8744-41FB-AA42-A43A04632F07} - System32\Tasks\{D6582070-7E04-449C-A41C-F259C6007C8F} => C:\Users\Tobias\Desktop\battlefield2demo.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2387981973-1238528810-796836218-1000Core.job => C:\Users\Tobias\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2387981973-1238528810-796836218-1000UA.job => C:\Users\Tobias\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\WinThruster_DEFAULT.job => C:\Program Files (x86)\WinThruster\WinThruster.exe
Task: C:\Windows\Tasks\WinThruster_UPDATES.job => C:\Program Files (x86)\WinThruster\WinThruster.exe
==================== Loaded Modules (whitelisted) ==============
2012-11-18 23:45 - 2015-01-10 01:29 - 00117392 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-08-16 11:23 - 2011-10-04 22:43 - 00087552 _____ () C:\Windows\System32\custmon64i.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-24 19:23 - 2014-11-24 19:32 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2013-02-04 17:07 - 2009-07-02 16:02 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2012-03-21 20:13 - 2012-02-17 21:55 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
2013-12-17 23:11 - 2015-03-28 05:45 - 00721552 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\gamecaster64.dll
2013-12-17 23:11 - 2015-03-28 05:45 - 00854160 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\twitchsdk64.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00306984 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll
2015-04-05 22:34 - 2015-03-28 05:45 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2011-03-04 13:02 - 2011-03-04 13:02 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2011-03-04 13:02 - 2011-03-04 13:02 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2011-03-04 13:02 - 2011-03-04 13:02 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2012-08-15 17:05 - 2009-09-17 17:46 - 00860160 _____ () C:\Program Files (x86)\Ralink\Common\RaWLAPI.dll
2012-02-19 20:16 - 2007-04-19 10:33 - 00035584 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\uPiApi.dll
2009-07-13 23:03 - 2009-07-14 03:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2012-02-19 20:16 - 2008-11-26 17:59 - 00131584 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\AbilisWinUsb.dll
2012-02-19 20:16 - 2008-10-22 17:01 - 00200704 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\VendorCmdRW.dll
2015-04-12 12:34 - 2015-04-12 12:34 - 00043008 _____ () c:\users\tobias\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjpausv.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\Tobias\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\Tobias\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\Tobias\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\Tobias\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-04-12 12:34 - 2015-04-12 12:34 - 00697884 _____ () C:\Users\Tobias\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0000\~df394b.tmp
2015-04-12 12:34 - 2015-04-12 12:34 - 00592896 _____ () C:\Users\Tobias\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0000\~de6248.tmp
2011-03-22 01:44 - 2009-02-06 19:52 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2011-03-22 01:44 - 2009-04-20 12:55 - 00148480 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2009-12-15 14:46 - 2009-12-15 14:46 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-12-15 14:49 - 2009-12-15 14:49 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-04-23 18:30 - 2015-03-10 08:37 - 00775680 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-22 18:35 - 2014-12-02 02:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-01-22 18:35 - 2014-12-02 02:29 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-22 18:35 - 2014-12-02 02:29 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-05-27 16:03 - 2015-04-09 20:38 - 02371776 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-30 20:32 - 2014-12-01 23:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-30 20:32 - 2014-12-01 23:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-30 20:32 - 2014-12-01 23:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-30 20:32 - 2014-12-01 23:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-30 20:32 - 2014-12-01 23:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2012-06-05 19:34 - 2015-04-09 20:38 - 00702656 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2012-06-05 19:34 - 2015-02-25 03:58 - 34641288 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-08-14 21:04 - 2015-02-25 03:58 - 01709960 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2015-04-05 23:20 - 2015-03-30 23:07 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libglesv2.dll
2015-04-05 23:20 - 2015-03-30 23:07 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libegl.dll
2015-04-05 23:20 - 2015-03-30 23:07 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\pdf.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:0B174FAE
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2387981973-1238528810-796836218-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: SkypeUpdate => 2
==================== Accounts: =============================
Administrator (S-1-5-21-2387981973-1238528810-796836218-500 - Administrator - Disabled)
Gast (S-1-5-21-2387981973-1238528810-796836218-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2387981973-1238528810-796836218-1002 - Limited - Enabled)
Tobias (S-1-5-21-2387981973-1238528810-796836218-1000 - Administrator - Enabled) => C:\Users\Tobias
==================== Faulty Device Manager Devices =============
Name: Programmable Root Enumerator
Description: Programming Support
Class Guid: {678dcf40-e2e6-11d5-8cd5-e960089ea00a}
Manufacturer: Mad Catz
Service: SaiNtBus
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Programmable Root Enumerator
Description: Programming Support
Class Guid: {678dcf40-e2e6-11d5-8cd5-e960089ea00a}
Manufacturer: Mad Catz
Service: SaiNtBus
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
==================== Event log errors: =========================
Application errors:
==================
Error: (04/12/2015 05:49:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: NvStreamNetworkService.exe, Version: 4.1.1943.6202, Zeitstempel: 0x551399be
Name des fehlerhaften Moduls: NvStreamNetworkService.exe, Version: 4.1.1943.6202, Zeitstempel: 0x551399be
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000004e920f
ID des fehlerhaften Prozesses: 0x1a64
Startzeit der fehlerhaften Anwendung: 0xNvStreamNetworkService.exe0
Pfad der fehlerhaften Anwendung: NvStreamNetworkService.exe1
Pfad des fehlerhaften Moduls: NvStreamNetworkService.exe2
Berichtskennung: NvStreamNetworkService.exe3
Error: (04/12/2015 05:49:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: NvStreamNetworkService.exe, Version: 4.1.1943.6202, Zeitstempel: 0x551399be
Name des fehlerhaften Moduls: NvStreamNetworkService.exe, Version: 4.1.1943.6202, Zeitstempel: 0x551399be
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000004e920f
ID des fehlerhaften Prozesses: 0x1290
Startzeit der fehlerhaften Anwendung: 0xNvStreamNetworkService.exe0
Pfad der fehlerhaften Anwendung: NvStreamNetworkService.exe1
Pfad des fehlerhaften Moduls: NvStreamNetworkService.exe2
Berichtskennung: NvStreamNetworkService.exe3
Error: (04/12/2015 05:49:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: NvStreamNetworkService.exe, Version: 4.1.1943.6202, Zeitstempel: 0x551399be
Name des fehlerhaften Moduls: NvStreamNetworkService.exe, Version: 4.1.1943.6202, Zeitstempel: 0x551399be
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000004e920f
ID des fehlerhaften Prozesses: 0xc94
Startzeit der fehlerhaften Anwendung: 0xNvStreamNetworkService.exe0
Pfad der fehlerhaften Anwendung: NvStreamNetworkService.exe1
Pfad des fehlerhaften Moduls: NvStreamNetworkService.exe2
Berichtskennung: NvStreamNetworkService.exe3
Error: (04/12/2015 05:49:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: NvStreamNetworkService.exe, Version: 4.1.1943.6202, Zeitstempel: 0x551399be
Name des fehlerhaften Moduls: NvStreamNetworkService.exe, Version: 4.1.1943.6202, Zeitstempel: 0x551399be
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000004e920f
ID des fehlerhaften Prozesses: 0xd38
Startzeit der fehlerhaften Anwendung: 0xNvStreamNetworkService.exe0
Pfad der fehlerhaften Anwendung: NvStreamNetworkService.exe1
Pfad des fehlerhaften Moduls: NvStreamNetworkService.exe2
Berichtskennung: NvStreamNetworkService.exe3
Error: (04/12/2015 05:49:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: NvStreamNetworkService.exe, Version: 4.1.1943.6202, Zeitstempel: 0x551399be
Name des fehlerhaften Moduls: NvStreamNetworkService.exe, Version: 4.1.1943.6202, Zeitstempel: 0x551399be
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000004e920f
ID des fehlerhaften Prozesses: 0x1214
Startzeit der fehlerhaften Anwendung: 0xNvStreamNetworkService.exe0
Pfad der fehlerhaften Anwendung: NvStreamNetworkService.exe1
Pfad des fehlerhaften Moduls: NvStreamNetworkService.exe2
Berichtskennung: NvStreamNetworkService.exe3
Error: (04/12/2015 05:49:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: NvStreamNetworkService.exe, Version: 4.1.1943.6202, Zeitstempel: 0x551399be
Name des fehlerhaften Moduls: NvStreamNetworkService.exe, Version: 4.1.1943.6202, Zeitstempel: 0x551399be
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000004e920f
ID des fehlerhaften Prozesses: 0x1b1c
Startzeit der fehlerhaften Anwendung: 0xNvStreamNetworkService.exe0
Pfad der fehlerhaften Anwendung: NvStreamNetworkService.exe1
Pfad des fehlerhaften Moduls: NvStreamNetworkService.exe2
Berichtskennung: NvStreamNetworkService.exe3
Error: (04/12/2015 05:49:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: NvStreamNetworkService.exe, Version: 4.1.1943.6202, Zeitstempel: 0x551399be
Name des fehlerhaften Moduls: NvStreamNetworkService.exe, Version: 4.1.1943.6202, Zeitstempel: 0x551399be
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000004e920f
ID des fehlerhaften Prozesses: 0x118c
Startzeit der fehlerhaften Anwendung: 0xNvStreamNetworkService.exe0
Pfad der fehlerhaften Anwendung: NvStreamNetworkService.exe1
Pfad des fehlerhaften Moduls: NvStreamNetworkService.exe2
Berichtskennung: NvStreamNetworkService.exe3
Error: (04/12/2015 05:49:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: NvStreamNetworkService.exe, Version: 4.1.1943.6202, Zeitstempel: 0x551399be
Name des fehlerhaften Moduls: NvStreamNetworkService.exe, Version: 4.1.1943.6202, Zeitstempel: 0x551399be
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000004e920f
ID des fehlerhaften Prozesses: 0x19e0
Startzeit der fehlerhaften Anwendung: 0xNvStreamNetworkService.exe0
Pfad der fehlerhaften Anwendung: NvStreamNetworkService.exe1
Pfad des fehlerhaften Moduls: NvStreamNetworkService.exe2
Berichtskennung: NvStreamNetworkService.exe3
Error: (04/12/2015 05:49:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: NvStreamNetworkService.exe, Version: 4.1.1943.6202, Zeitstempel: 0x551399be
Name des fehlerhaften Moduls: NvStreamNetworkService.exe, Version: 4.1.1943.6202, Zeitstempel: 0x551399be
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000004e920f
ID des fehlerhaften Prozesses: 0x710
Startzeit der fehlerhaften Anwendung: 0xNvStreamNetworkService.exe0
Pfad der fehlerhaften Anwendung: NvStreamNetworkService.exe1
Pfad des fehlerhaften Moduls: NvStreamNetworkService.exe2
Berichtskennung: NvStreamNetworkService.exe3
Error: (04/12/2015 05:49:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: NvStreamNetworkService.exe, Version: 4.1.1943.6202, Zeitstempel: 0x551399be
Name des fehlerhaften Moduls: NvStreamNetworkService.exe, Version: 4.1.1943.6202, Zeitstempel: 0x551399be
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000004e920f
ID des fehlerhaften Prozesses: 0x1704
Startzeit der fehlerhaften Anwendung: 0xNvStreamNetworkService.exe0
Pfad der fehlerhaften Anwendung: NvStreamNetworkService.exe1
Pfad des fehlerhaften Moduls: NvStreamNetworkService.exe2
Berichtskennung: NvStreamNetworkService.exe3
System errors:
=============
Error: (04/12/2015 04:46:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (04/12/2015 04:46:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (04/12/2015 04:44:12 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (04/12/2015 03:14:47 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (04/12/2015 03:14:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (04/12/2015 03:14:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (04/12/2015 03:14:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (04/12/2015 03:14:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (04/12/2015 03:14:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (04/12/2015 03:14:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Microsoft Office Sessions:
=========================
Error: (04/12/2015 05:49:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: NvStreamNetworkService.exe4.1.1943.6202551399beNvStreamNetworkService.exe4.1.1943.6202551399bec000000500000000004e920f1a6401d07538480b0dbaC:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exeC:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe85bebcbb-e12b-11e4-a4e2-002522a78835
Error: (04/12/2015 05:49:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: NvStreamNetworkService.exe4.1.1943.6202551399beNvStreamNetworkService.exe4.1.1943.6202551399bec000000500000000004e920f129001d0753847b7adbcC:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exeC:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe8568fb5d-e12b-11e4-a4e2-002522a78835
Error: (04/12/2015 05:49:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: NvStreamNetworkService.exe4.1.1943.6202551399beNvStreamNetworkService.exe4.1.1943.6202551399bec000000500000000004e920fc9401d07538450872dfC:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exeC:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe82b9c080-e12b-11e4-a4e2-002522a78835
Error: (04/12/2015 05:49:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: NvStreamNetworkService.exe4.1.1943.6202551399beNvStreamNetworkService.exe4.1.1943.6202551399bec000000500000000004e920fd3801d0753844bba2aaC:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exeC:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe826cf04b-e12b-11e4-a4e2-002522a78835
Error: (04/12/2015 05:49:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: NvStreamNetworkService.exe4.1.1943.6202551399beNvStreamNetworkService.exe4.1.1943.6202551399bec000000500000000004e920f121401d07538420c4c05C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exeC:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe7fbd99a6-e12b-11e4-a4e2-002522a78835
Error: (04/12/2015 05:49:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: NvStreamNetworkService.exe4.1.1943.6202551399beNvStreamNetworkService.exe4.1.1943.6202551399bec000000500000000004e920f1b1c01d0753841c01ffcC:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exeC:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe7f716d9d-e12b-11e4-a4e2-002522a78835
Error: (04/12/2015 05:49:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: NvStreamNetworkService.exe4.1.1943.6202551399beNvStreamNetworkService.exe4.1.1943.6202551399bec000000500000000004e920f118c01d075383f113bd7C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exeC:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe7cc74c38-e12b-11e4-a4e2-002522a78835
Error: (04/12/2015 05:49:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: NvStreamNetworkService.exe4.1.1943.6202551399beNvStreamNetworkService.exe4.1.1943.6202551399bec000000500000000004e920f19e001d075383ec50fceC:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exeC:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe7c765d6f-e12b-11e4-a4e2-002522a78835
Error: (04/12/2015 05:49:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: NvStreamNetworkService.exe4.1.1943.6202551399beNvStreamNetworkService.exe4.1.1943.6202551399bec000000500000000004e920f71001d075383c198ed4C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exeC:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe79cd3dd5-e12b-11e4-a4e2-002522a78835
Error: (04/12/2015 05:49:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: NvStreamNetworkService.exe4.1.1943.6202551399beNvStreamNetworkService.exe4.1.1943.6202551399bec000000500000000004e920f170401d075383bc8a00bC:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exeC:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe7979edac-e12b-11e4-a4e2-002522a78835
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 32%
Total physical RAM: 8174.7 MB
Available physical RAM: 5549.8 MB
Total Pagefile: 16347.59 MB
Available Pagefile: 13030.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (System) (Fixed) (Total:931.51 GB) (Free:390.74 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (CITIESSKY) (CDROM) (Total:1.44 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 9395F299)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
13.04.2015, 08:30
| #4 |
| /// the machine /// TB-Ausbilder | conhost.exe-Prozess unterbricht ausgewähltes Fenster hi, Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
13.04.2015, 13:35
| #5 |
| | conhost.exe-Prozess unterbricht ausgewähltes FensterCode:
ATTFilter ---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 11.0.9600.17691
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.292000 GHz
Memory total: 8571797504, free: 5430407168
Downloaded database version: v2015.04.11.05
Downloaded database version: v2015.03.31.01
Downloaded database version: v2015.04.06.02
=======================================
Initializing...
------------ Kernel report ------------
04/11/2015 20:46:26
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\DRIVERS\tclondrv.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\FNETURPX.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\??\C:\Windows\system32\Treiber\vmm.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\AsrAppCharger.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\System32\Drivers\EtronXHCI.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\SysWOW64\drivers\Afc.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\VMNetSrv.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\lmimirr.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\SaiBus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\LGBusEnum.sys
\SystemRoot\system32\drivers\WmBEnum.sys
\SystemRoot\system32\drivers\WmXlCore.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\EtronHub3.sys
\SystemRoot\System32\Drivers\USBD.SYS
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\SaiMini.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\system32\DRIVERS\xusb21.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\SaiU1705.sys
\SystemRoot\system32\DRIVERS\SaiK1705.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\netr28ux.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\atksgt.sys
\??\C:\Windows\system32\Drivers\rikvm_38F51D56.sys
\SystemRoot\system32\DRIVERS\lirsgt.sys
\??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
\??\C:\Windows\system32\drivers\LMIRfsDriver.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
\SystemRoot\system32\drivers\WmVirHid.sys
\SystemRoot\system32\drivers\LGVirHid.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
----------- End -----------
Done!
Scan started
Database versions:
main: v2015.04.11.05
rootkit: v2015.03.31.01
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007aba060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80079098e0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007aba060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800740a670, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800747f060, DeviceName: \Device\Ide\IdeDeviceP0T1L0-4\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
File C:\WINDOWS\SYSTEM32\drivers\iSafeKrnlBoot.sys will be destroyed
Infected: C:\WINDOWS\SYSTEM32\drivers\iSafeKrnlBoot.sys --> [FraudTool.YAC]
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 9395F299
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 1953523120
Partition file system is NTFS
Partition is bootable
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...
Done!
Infected: C:\Users\Tobias\Downloads\yet_another_cleaner_sk.exe --> [FraudTool.YAC]
Infected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC\YAC.lnk --> [FraudTool.YAC]
Infected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC --> [FraudTool.YAC]
Infected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC\Gründliche Reinigung von Junk-Files.lnk --> [FraudTool.YAC]
Infected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC\uninstall.lnk --> [FraudTool.YAC]
Infected: HKLM\SOFTWARE\WOW6432NODE\TimeSink, Inc. --> [AdWare.TimeSink]
Scan finished
Creating System Restore point...
Cleaning up...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 11.0.9600.17691
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.292000 GHz
Memory total: 8571797504, free: 4861554688
Downloaded database version: v2015.04.13.04
Downloaded database version: v2015.03.31.01
Downloaded database version: v2015.04.06.02
=======================================
------------ Kernel report ------------
04/13/2015 13:36:11
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\DRIVERS\tclondrv.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\FNETURPX.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\??\C:\Windows\system32\Treiber\vmm.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\AsrAppCharger.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\System32\Drivers\EtronXHCI.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\SysWOW64\drivers\Afc.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\VMNetSrv.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\lmimirr.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\SaiBus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\LGBusEnum.sys
\SystemRoot\system32\drivers\WmBEnum.sys
\SystemRoot\system32\drivers\WmXlCore.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\EtronHub3.sys
\SystemRoot\System32\Drivers\USBD.SYS
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\SaiMini.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\xusb21.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\SaiU1705.sys
\SystemRoot\system32\DRIVERS\SaiK1705.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\netr28ux.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\atksgt.sys
\??\C:\Windows\system32\Drivers\rikvm_38F51D56.sys
\SystemRoot\system32\DRIVERS\lirsgt.sys
\??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
\??\C:\Windows\system32\drivers\LMIRfsDriver.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\system32\drivers\WmVirHid.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\drivers\LGVirHid.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\advapi32.dll
\Windows\System32\shell32.dll
----------- End -----------
Done!
Scan started
Database versions:
main: v2015.04.13.04
rootkit: v2015.03.31.01
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007ad8060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007ad8b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007ad8060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007813e40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800782d060, DeviceName: \Device\Ide\IdeDeviceP0T1L0-4\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 9395F299
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 1953523120
Partition file system is NTFS
Partition is bootable
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
Done!
Scan finished
=======================================
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
|
|
13.04.2015, 13:38
| #6 |
| | conhost.exe-Prozess unterbricht ausgewähltes FensterCode:
ATTFilter 14:18:29.0282 0x112c TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
14:18:50.0535 0x112c ============================================================
14:18:50.0535 0x112c Current date / time: 2015/04/13 14:18:50.0535
14:18:50.0535 0x112c SystemInfo:
14:18:50.0535 0x112c
14:18:50.0535 0x112c OS Version: 6.1.7601 ServicePack: 1.0
14:18:50.0535 0x112c Product type: Workstation
14:18:50.0535 0x112c ComputerName: TOBIAS-PC
14:18:50.0535 0x112c UserName: Tobias
14:18:50.0535 0x112c Windows directory: C:\Windows
14:18:50.0535 0x112c System windows directory: C:\Windows
14:18:50.0535 0x112c Running under WOW64
14:18:50.0535 0x112c Processor architecture: Intel x64
14:18:50.0535 0x112c Number of processors: 4
14:18:50.0535 0x112c Page size: 0x1000
14:18:50.0535 0x112c Boot type: Normal boot
14:18:50.0535 0x112c ============================================================
14:18:53.0679 0x112c KLMD registered as C:\Windows\system32\drivers\59815318.sys
14:18:54.0009 0x112c System UUID: {138BB47D-6207-4936-9264-E210ADADF073}
14:18:54.0634 0x112c Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:18:54.0636 0x112c ============================================================
14:18:54.0636 0x112c \Device\Harddisk0\DR0:
14:18:54.0636 0x112c MBR partitions:
14:18:54.0636 0x112c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x747065B0
14:18:54.0636 0x112c ============================================================
14:18:54.0690 0x112c C: <-> \Device\Harddisk0\DR0\Partition1
14:18:54.0690 0x112c ============================================================
14:18:54.0690 0x112c Initialize success
14:18:54.0690 0x112c ============================================================
14:18:58.0061 0x14b4 ============================================================
14:18:58.0061 0x14b4 Scan started
14:18:58.0061 0x14b4 Mode: Manual;
14:18:58.0061 0x14b4 ============================================================
14:18:58.0061 0x14b4 KSN ping started
14:19:00.0814 0x14b4 KSN ping finished: true
14:19:04.0515 0x14b4 ================ Scan system memory ========================
14:19:04.0515 0x14b4 System memory - ok
14:19:04.0517 0x14b4 ================ Scan services =============================
14:19:04.0800 0x14b4 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
14:19:04.0831 0x14b4 1394ohci - ok
14:19:05.0007 0x14b4 [ ADC420616C501B45D26C0FD3EF1E54E4, 29FC41D40A35AC5476E2A673CE5B12684E0CFA12A1AEBEEBE5883FBA5CA68B67 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
14:19:05.0011 0x14b4 ACDaemon - ok
14:19:05.0083 0x14b4 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
14:19:05.0106 0x14b4 ACPI - ok
14:19:05.0149 0x14b4 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
14:19:05.0151 0x14b4 AcpiPmi - ok
14:19:05.0245 0x14b4 [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:19:05.0248 0x14b4 AdobeARMservice - ok
14:19:05.0450 0x14b4 [ 080255CDCB878813B481B8C348D47D8E, 75808821FBC732D0504795B8F85852E4C01D3B412989A1E597E1295CFF7B7A45 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:19:05.0468 0x14b4 AdobeFlashPlayerUpdateSvc - ok
14:19:05.0540 0x14b4 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
14:19:05.0556 0x14b4 adp94xx - ok
14:19:05.0606 0x14b4 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
14:19:05.0621 0x14b4 adpahci - ok
14:19:05.0645 0x14b4 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
14:19:05.0649 0x14b4 adpu320 - ok
14:19:05.0669 0x14b4 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:19:05.0691 0x14b4 AeLookupSvc - ok
14:19:05.0746 0x14b4 [ 6CCD1135320109D6B219F1A6E04AD9F6, B97D4DF46DF0EFC106BD3E248C70809F3F47DF3FD1CA039A0A3923E1FA05A969 ] Afc C:\Windows\syswow64\drivers\Afc.sys
14:19:05.0747 0x14b4 Afc - ok
14:19:05.0864 0x14b4 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
14:19:05.0879 0x14b4 AFD - ok
14:19:05.0921 0x14b4 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
14:19:05.0922 0x14b4 agp440 - ok
14:19:05.0943 0x14b4 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
14:19:05.0945 0x14b4 ALG - ok
14:19:06.0027 0x14b4 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
14:19:06.0028 0x14b4 aliide - ok
14:19:06.0080 0x14b4 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
14:19:06.0081 0x14b4 amdide - ok
14:19:06.0109 0x14b4 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
14:19:06.0111 0x14b4 AmdK8 - ok
14:19:06.0125 0x14b4 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
14:19:06.0134 0x14b4 AmdPPM - ok
14:19:06.0180 0x14b4 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
14:19:06.0205 0x14b4 amdsata - ok
14:19:06.0248 0x14b4 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
14:19:06.0254 0x14b4 amdsbs - ok
14:19:06.0282 0x14b4 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
14:19:06.0283 0x14b4 amdxata - ok
14:19:06.0319 0x14b4 [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID C:\Windows\system32\drivers\appid.sys
14:19:06.0321 0x14b4 AppID - ok
14:19:06.0367 0x14b4 [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:19:06.0369 0x14b4 AppIDSvc - ok
14:19:06.0415 0x14b4 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
14:19:06.0417 0x14b4 Appinfo - ok
14:19:06.0561 0x14b4 [ 612CB66D93ED0F2F21BB109840C7D813, 75484123DA27B8942B13148FCF061C75A08A50386A095143736B593E9C772173 ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:19:06.0562 0x14b4 Apple Mobile Device Service - ok
14:19:06.0611 0x14b4 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
14:19:06.0613 0x14b4 arc - ok
14:19:06.0643 0x14b4 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
14:19:06.0645 0x14b4 arcsas - ok
14:19:07.0173 0x14b4 [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:19:07.0175 0x14b4 aspnet_state - ok
14:19:07.0231 0x14b4 [ 912A215CE180A6E7C923C662D7EC777D, 2828D6403F693B1CF4AD4F47A4C096E6B31E680665F5BBCCAA69416FFA7FF2E0 ] AsrAppCharger C:\Windows\system32\DRIVERS\AsrAppCharger.sys
14:19:07.0260 0x14b4 AsrAppCharger - ok
14:19:07.0290 0x14b4 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:19:07.0292 0x14b4 AsyncMac - ok
14:19:07.0325 0x14b4 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
14:19:07.0326 0x14b4 atapi - ok
14:19:07.0531 0x14b4 [ EA0AF9B866DF07E8FE6C2342585788B0, BE8E799C1ED36B9DC6BEAB40E8B460464C01014DEC021760FB19626C77550792 ] athur C:\Windows\system32\DRIVERS\athurx.sys
14:19:07.0585 0x14b4 athur - ok
14:19:07.0645 0x14b4 [ FC0E8778C000291CAF60EB88C011E931, 09BCCA3DE01021AEF76DFB46F01D21BA6FF409E816FA7547E5C3DFBF3A615ED2 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
14:19:07.0678 0x14b4 atksgt - ok
14:19:07.0791 0x14b4 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:19:07.0837 0x14b4 AudioEndpointBuilder - ok
14:19:07.0881 0x14b4 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv C:\Windows\System32\Audiosrv.dll
14:19:07.0900 0x14b4 AudioSrv - ok
14:19:07.0970 0x14b4 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:19:07.0990 0x14b4 AxInstSV - ok
14:19:08.0024 0x14b4 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
14:19:08.0046 0x14b4 b06bdrv - ok
14:19:08.0091 0x14b4 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
14:19:08.0113 0x14b4 b57nd60a - ok
14:19:08.0272 0x14b4 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
14:19:08.0274 0x14b4 BDESVC - ok
14:19:08.0284 0x14b4 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
14:19:08.0284 0x14b4 Beep - ok
14:19:08.0368 0x14b4 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
14:19:08.0401 0x14b4 BFE - ok
14:19:08.0490 0x14b4 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\system32\qmgr.dll
14:19:08.0516 0x14b4 BITS - ok
14:19:08.0580 0x14b4 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
14:19:08.0595 0x14b4 blbdrive - ok
14:19:08.0670 0x14b4 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:19:08.0676 0x14b4 Bonjour Service - ok
14:19:08.0750 0x14b4 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:19:08.0894 0x14b4 bowser - ok
14:19:08.0950 0x14b4 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:19:08.0951 0x14b4 BrFiltLo - ok
14:19:08.0962 0x14b4 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:19:08.0963 0x14b4 BrFiltUp - ok
14:19:08.0980 0x14b4 [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
14:19:08.0982 0x14b4 BridgeMP - ok
14:19:09.0061 0x14b4 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
14:19:09.0076 0x14b4 Browser - ok
14:19:09.0117 0x14b4 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
14:19:09.0122 0x14b4 Brserid - ok
14:19:09.0138 0x14b4 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
14:19:09.0139 0x14b4 BrSerWdm - ok
14:19:09.0205 0x14b4 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
14:19:09.0206 0x14b4 BrUsbMdm - ok
14:19:09.0239 0x14b4 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
14:19:09.0240 0x14b4 BrUsbSer - ok
14:19:09.0289 0x14b4 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
14:19:09.0303 0x14b4 BTHMODEM - ok
14:19:09.0340 0x14b4 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
14:19:09.0342 0x14b4 bthserv - ok
14:19:09.0378 0x14b4 [ 2BD001601496AE87F7CB86F1FCD6F1EC, 7DDB69B025BE80CB50C1B8D4B20CD5D40FF09492B00E44157E74CBF7ED987478 ] Cardex C:\Windows\SysWOW64\drivers\TBPANELX64.SYS
14:19:09.0386 0x14b4 Cardex - ok
14:19:09.0416 0x14b4 catchme - ok
14:19:09.0431 0x14b4 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:19:09.0452 0x14b4 cdfs - ok
14:19:09.0511 0x14b4 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:19:09.0515 0x14b4 cdrom - ok
14:19:09.0593 0x14b4 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
14:19:09.0612 0x14b4 CertPropSvc - ok
14:19:09.0646 0x14b4 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
14:19:09.0648 0x14b4 circlass - ok
14:19:09.0743 0x14b4 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
14:19:09.0754 0x14b4 CLFS - ok
14:19:10.0236 0x14b4 [ D7F297C77695BAF282FAB653ADF80828, 2A2C488F08DFA6819EB11C224543B761256DE27009A1E298F08F3A0F24B64CBF ] CLKMSVC10_38F51D56 C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
14:19:10.0245 0x14b4 CLKMSVC10_38F51D56 - ok
14:19:10.0412 0x14b4 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:19:10.0414 0x14b4 clr_optimization_v2.0.50727_32 - ok
14:19:10.0469 0x14b4 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:19:10.0493 0x14b4 clr_optimization_v2.0.50727_64 - ok
14:19:10.0561 0x14b4 [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:19:10.0563 0x14b4 clr_optimization_v4.0.30319_32 - ok
14:19:10.0639 0x14b4 [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:19:10.0645 0x14b4 clr_optimization_v4.0.30319_64 - ok
14:19:10.0671 0x14b4 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
14:19:10.0676 0x14b4 CmBatt - ok
14:19:10.0713 0x14b4 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:19:10.0714 0x14b4 cmdide - ok
14:19:10.0770 0x14b4 [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG C:\Windows\system32\Drivers\cng.sys
14:19:10.0834 0x14b4 CNG - ok
14:19:10.0850 0x14b4 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
14:19:10.0868 0x14b4 Compbatt - ok
14:19:10.0922 0x14b4 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
14:19:10.0924 0x14b4 CompositeBus - ok
14:19:10.0937 0x14b4 COMSysApp - ok
14:19:11.0036 0x14b4 [ 3CA734CE373E5675FBC15CA2C45228E5, A6C6E9FABDE5EA18D266DB71C0CC6B51D682116D1898CCB4E9BA730F15C44B32 ] cpudrv64 C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys
14:19:11.0048 0x14b4 cpudrv64 - ok
14:19:11.0241 0x14b4 cpuz132 - ok
14:19:11.0267 0x14b4 cpuz136 - ok
14:19:11.0409 0x14b4 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
14:19:11.0410 0x14b4 crcdisk - ok
14:19:11.0748 0x14b4 [ C8BD651E13895B93ED9EC5B4F1DF42BC, D86D6BF0BA3C09B49B3A52C86A7F3B3856A27F79EDD86A8FFA469D9A5F196E8D ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
14:19:11.0765 0x14b4 Creative ALchemy AL6 Licensing Service - ok
14:19:11.0772 0x14b4 [ C0EAD9F8AB83D41FF07303C75589C2B8, C89CAC39BCD2FA2DCC56D7EE84FF66127BCECCAE400E119FE41BF4C4D769504B ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
14:19:11.0774 0x14b4 Creative Audio Engine Licensing Service - ok
14:19:11.0856 0x14b4 [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:19:11.0871 0x14b4 CryptSvc - ok
14:19:11.0926 0x14b4 [ 07BA6D17E66879018B30B6C3F976EBED, 1759CE25519358A47E1B1FA02A415DB5D3F6B511AD3820D0AE8A1533B5DC83CD ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
14:19:12.0023 0x14b4 CTAudSvcService - ok
14:19:12.0095 0x14b4 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
14:19:12.0119 0x14b4 DcomLaunch - ok
14:19:12.0177 0x14b4 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
14:19:12.0387 0x14b4 defragsvc - ok
14:19:12.0503 0x14b4 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:19:12.0665 0x14b4 DfsC - ok
14:19:12.0767 0x14b4 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
14:19:12.0787 0x14b4 Dhcp - ok
14:19:12.0805 0x14b4 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
14:19:12.0812 0x14b4 discache - ok
14:19:12.0869 0x14b4 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys
14:19:12.0871 0x14b4 Disk - ok
14:19:12.0931 0x14b4 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:19:12.0936 0x14b4 Dnscache - ok
14:19:12.0980 0x14b4 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
14:19:12.0985 0x14b4 dot3svc - ok
14:19:13.0027 0x14b4 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
14:19:13.0034 0x14b4 DPS - ok
14:19:13.0076 0x14b4 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:19:13.0076 0x14b4 drmkaud - ok
14:19:13.0136 0x14b4 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:19:13.0178 0x14b4 DXGKrnl - ok
14:19:13.0201 0x14b4 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
14:19:13.0206 0x14b4 EapHost - ok
14:19:13.0312 0x14b4 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
14:19:13.0425 0x14b4 ebdrv - ok
14:19:13.0459 0x14b4 [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] EFS C:\Windows\System32\lsass.exe
14:19:13.0460 0x14b4 EFS - ok
14:19:13.0532 0x14b4 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:19:13.0559 0x14b4 ehRecvr - ok
14:19:13.0586 0x14b4 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
14:19:13.0589 0x14b4 ehSched - ok
14:19:13.0628 0x14b4 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
14:19:13.0650 0x14b4 elxstor - ok
14:19:13.0687 0x14b4 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:19:13.0687 0x14b4 ErrDev - ok
14:19:13.0726 0x14b4 [ DF2F6C1E55F6E81CFC7F688380D85816, D9085466AA9D98AA01CD8ADEBD798CB326D4FD53A07BD199C3E6E500B4619355 ] EtronHub3 C:\Windows\System32\Drivers\EtronHub3.sys
14:19:13.0728 0x14b4 EtronHub3 - ok
14:19:13.0732 0x14b4 [ E093ABFB67A4B9D94F80611A7D0A8BB9, A23D58767F58CBDFAA4AD25779BBBC4FAD51CBD8FEB9C89284635631E4F084A6 ] EtronXHCI C:\Windows\System32\Drivers\EtronXHCI.sys
14:19:13.0734 0x14b4 EtronXHCI - ok
14:19:13.0753 0x14b4 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
14:19:13.0763 0x14b4 EventSystem - ok
14:19:13.0788 0x14b4 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
14:19:13.0792 0x14b4 exfat - ok
14:19:13.0896 0x14b4 Fabs - ok
14:19:13.0910 0x14b4 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:19:13.0920 0x14b4 fastfat - ok
14:19:13.0985 0x14b4 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
14:19:14.0008 0x14b4 Fax - ok
14:19:14.0044 0x14b4 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
14:19:14.0045 0x14b4 fdc - ok
14:19:14.0071 0x14b4 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
14:19:14.0072 0x14b4 fdPHost - ok
14:19:14.0075 0x14b4 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
14:19:14.0078 0x14b4 FDResPub - ok
14:19:14.0093 0x14b4 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:19:14.0095 0x14b4 FileInfo - ok
14:19:14.0104 0x14b4 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:19:14.0105 0x14b4 Filetrace - ok
14:19:14.0211 0x14b4 [ 5BD96D8C5411ACE71A7EAACAF0EF2903, 2AF58E6060C7DEC44B4CA30E14E164473CD4089AE475DAFFC61DFE56990C1147 ] FirebirdServerMAGIXInstance C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
14:19:14.0359 0x14b4 FirebirdServerMAGIXInstance - ok
14:19:14.0393 0x14b4 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
14:19:14.0394 0x14b4 flpydisk - ok
14:19:14.0460 0x14b4 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:19:14.0468 0x14b4 FltMgr - ok
14:19:14.0514 0x14b4 [ FE95AE537B41A7E2F4CFE353064DC4AF, 1C354CAF4A8FB599BD252133C4C3845624C6F9B692E3F4C68573486FE8236EB3 ] FNETTBOH_305 C:\Windows\system32\drivers\FNETTBOH_305.SYS
14:19:14.0523 0x14b4 FNETTBOH_305 - ok
14:19:14.0543 0x14b4 [ 7C3C4B4C951EC1BDFD4F769D05E2CC68, 7B9DA195D3CF0E7BE6BB532CC5D058BC6658B7538B5C5CF09B1A4ABEF1ECACB4 ] FNETURPX C:\Windows\system32\drivers\FNETURPX.SYS
14:19:14.0550 0x14b4 FNETURPX - ok
14:19:14.0610 0x14b4 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
14:19:14.0666 0x14b4 FontCache - ok
14:19:14.0759 0x14b4 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:19:14.0769 0x14b4 FontCache3.0.0.0 - ok
14:19:14.0795 0x14b4 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:19:14.0814 0x14b4 FsDepends - ok
14:19:14.0881 0x14b4 [ 53DAB1791917A72738539AD25C4EED7F, 3DE667E8B894EE1A1A814AF2153901AFE2A320BDB3B2A51330D987636B1BC6BE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
14:19:14.0883 0x14b4 fssfltr - ok
14:19:15.0046 0x14b4 [ 206AD9A89BF05DFA1621F1FC7B82592D, EAEE557535D865232237898858F5AE35F868065A1F79BBB48A2173124E2B6F63 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
14:19:15.0063 0x14b4 fsssvc - ok
14:19:15.0106 0x14b4 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:19:15.0116 0x14b4 Fs_Rec - ok
14:19:15.0188 0x14b4 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:19:15.0199 0x14b4 fvevol - ok
14:19:15.0248 0x14b4 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
14:19:15.0250 0x14b4 gagp30kx - ok
14:19:15.0293 0x14b4 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:19:15.0295 0x14b4 GEARAspiWDM - ok
14:19:15.0424 0x14b4 [ EBF714703106C1D5BC3E7B4C389A5828, D09472BCF71B58CF8F463131AD778F4D2E189047EE6B9AF088BCDE7B25398682 ] GfExperienceService C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
14:19:15.0529 0x14b4 GfExperienceService - ok
14:19:15.0628 0x14b4 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
14:19:15.0650 0x14b4 gpsvc - ok
14:19:15.0774 0x14b4 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:19:15.0776 0x14b4 gupdate - ok
14:19:15.0795 0x14b4 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:19:15.0799 0x14b4 gupdatem - ok
14:19:15.0902 0x14b4 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B, F9995CFEC7BBFE10B06EEE04CA6B49658275C43096E57747BFF9C2C31A0F9011 ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
14:19:15.0903 0x14b4 hamachi - ok
14:19:15.0915 0x14b4 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
14:19:15.0917 0x14b4 hcw85cir - ok
14:19:16.0001 0x14b4 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:19:16.0036 0x14b4 HdAudAddService - ok
14:19:16.0110 0x14b4 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
14:19:16.0114 0x14b4 HDAudBus - ok
14:19:16.0126 0x14b4 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
14:19:16.0128 0x14b4 HidBatt - ok
14:19:16.0141 0x14b4 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
14:19:16.0144 0x14b4 HidBth - ok
14:19:16.0159 0x14b4 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
14:19:16.0161 0x14b4 HidIr - ok
14:19:16.0189 0x14b4 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\System32\hidserv.dll
14:19:16.0191 0x14b4 hidserv - ok
14:19:16.0233 0x14b4 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:19:16.0235 0x14b4 HidUsb - ok
14:19:16.0270 0x14b4 [ FCE2251FE4464DCAA2F4684F19A8EE9B, 8062CD636DEFA8E160427BC2C61BC5C0DAA5396E16ABE9353B27C217FDE70B04 ] hitmanpro37 C:\Windows\system32\drivers\hitmanpro37.sys
14:19:16.0272 0x14b4 hitmanpro37 - ok
14:19:16.0315 0x14b4 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:19:16.0318 0x14b4 hkmsvc - ok
14:19:16.0365 0x14b4 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:19:16.0370 0x14b4 HomeGroupListener - ok
14:19:16.0415 0x14b4 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:19:16.0419 0x14b4 HomeGroupProvider - ok
14:19:16.0470 0x14b4 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
14:19:16.0472 0x14b4 HpSAMD - ok
14:19:16.0517 0x14b4 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:19:16.0540 0x14b4 HTTP - ok
14:19:16.0595 0x14b4 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:19:16.0596 0x14b4 hwpolicy - ok
14:19:16.0633 0x14b4 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
14:19:16.0635 0x14b4 i8042prt - ok
14:19:16.0680 0x14b4 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:19:16.0690 0x14b4 iaStorV - ok
14:19:16.0790 0x14b4 [ DAF66902F08796F9C694901660E5A64A, F4A4764DED05980426BAB54AAF040BC27A39C80315F5161E8D0B4C7F694BD8E6 ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
14:19:16.0792 0x14b4 IDriverT - ok
14:19:16.0892 0x14b4 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:19:16.0913 0x14b4 idsvc - ok
14:19:16.0944 0x14b4 IEEtwCollectorService - ok
14:19:16.0961 0x14b4 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
14:19:16.0963 0x14b4 iirsp - ok
14:19:17.0010 0x14b4 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
14:19:17.0033 0x14b4 IKEEXT - ok
14:19:17.0124 0x14b4 [ E8017F1662D9142F45CEAB694D013C00, 75EE9DF292C4D980B9461ABEB8810D22DD57EBBAD5A37FE7B046CBAD419EE9E0 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:19:17.0203 0x14b4 IntcAzAudAddService - ok
14:19:17.0241 0x14b4 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
14:19:17.0242 0x14b4 intelide - ok
14:19:17.0269 0x14b4 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:19:17.0273 0x14b4 intelppm - ok
14:19:17.0300 0x14b4 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:19:17.0303 0x14b4 IPBusEnum - ok
14:19:17.0338 0x14b4 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:19:17.0342 0x14b4 IpFilterDriver - ok
14:19:17.0393 0x14b4 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:19:17.0410 0x14b4 iphlpsvc - ok
14:19:17.0450 0x14b4 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
14:19:17.0453 0x14b4 IPMIDRV - ok
14:19:17.0482 0x14b4 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:19:17.0486 0x14b4 IPNAT - ok
14:19:17.0550 0x14b4 [ A4857E8B1DEB9740FB5ADEDF05ED69E0, 24FC7A188D32B08CE4F10EEEF17F37C45DB5433158A7A97A07D43F6BEE58DFFC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
14:19:17.0558 0x14b4 iPod Service - ok
14:19:17.0571 0x14b4 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:19:17.0571 0x14b4 IRENUM - ok
14:19:17.0605 0x14b4 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:19:17.0606 0x14b4 isapnp - ok
14:19:17.0645 0x14b4 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
14:19:17.0668 0x14b4 iScsiPrt - ok
14:19:17.0720 0x14b4 [ 0C6635413077E415CA31AD2F4E648FC1, 13F3EF104023E1FD92C603413C29F28DF921D763AE91AAB1AC45149E2B07CF2E ] IT9135BDA C:\Windows\system32\Drivers\IT9135BDA.sys
14:19:17.0722 0x14b4 IT9135BDA - ok
14:19:17.0889 0x14b4 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:19:17.0937 0x14b4 kbdclass - ok
14:19:18.0107 0x14b4 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
14:19:18.0108 0x14b4 kbdhid - ok
14:19:18.0181 0x14b4 [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] KeyIso C:\Windows\system32\lsass.exe
14:19:18.0183 0x14b4 KeyIso - ok
14:19:18.0225 0x14b4 [ 07071C1E3CD8F0F9114AAC8B072CA1E5, F72E49D9A77BBE28B135D5DDBD9037083D90400A6D61DA45B5D53C4ACFFAF932 ] KMWDFILTER C:\Windows\system32\DRIVERS\KMWDFILTER.sys
14:19:18.0233 0x14b4 KMWDFILTER - ok
14:19:18.0339 0x14b4 [ 56ED3EE5FED6BF2FC1305CF872042868, 44F77AE3CD83284800FF106156ABCB63047327855E2535EE278289AF6F05579C ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:19:18.0358 0x14b4 KSecDD - ok
14:19:18.0375 0x14b4 [ 8BA90F480705D7153AD0060CCA62222A, B3E610DFAB382368114D026947084A72AFC4F5BF9C28317F411D4ED91E0B3192 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:19:18.0379 0x14b4 KSecPkg - ok
14:19:18.0399 0x14b4 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
14:19:18.0400 0x14b4 ksthunk - ok
14:19:18.0426 0x14b4 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
14:19:18.0433 0x14b4 KtmRm - ok
14:19:18.0494 0x14b4 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\System32\srvsvc.dll
14:19:18.0499 0x14b4 LanmanServer - ok
14:19:18.0545 0x14b4 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:19:18.0549 0x14b4 LanmanWorkstation - ok
14:19:18.0605 0x14b4 [ FA529FB35694C24BF98A9EF67C1CD9D0, 7B3C587C38CF13D514140F0A55E58997D6071D1DEFD97E274E3F490660AC6075 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys
14:19:18.0606 0x14b4 LGBusEnum - ok
14:19:18.0632 0x14b4 [ 94B29CE153765E768F004FB3440BE2B0, E74C01CEBDA589CDDE35CBCBAA18700E3742DD3B48A90DB3630992467FFC5024 ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys
14:19:18.0633 0x14b4 LGVirHid - ok
14:19:18.0733 0x14b4 [ C34411A244029F1C08687F7C752C4563, 4FC1D6156D760AE8138547262B33677118BD9369F4930F5C5F9BAA2FE6E78EA3 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
14:19:18.0773 0x14b4 LightScribeService - ok
14:19:18.0848 0x14b4 [ 156AB2E56DC3CA0B582E3362E07CDED7, 7B03929273861690DC42E4C686E655BE5A1C60136AE5E739D7E62306AFD4AB9A ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
14:19:18.0849 0x14b4 lirsgt - ok
14:19:18.0882 0x14b4 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:19:18.0884 0x14b4 lltdio - ok
14:19:19.0065 0x14b4 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:19:19.0072 0x14b4 lltdsvc - ok
14:19:19.0102 0x14b4 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:19:19.0103 0x14b4 lmhosts - ok
14:19:19.0233 0x14b4 [ 0F28935ECF1FBDEC22BAF720A5A94564, A4E8E13FD7FE1882243AD7139D5E0925F09069616920382F952D79586A4936E7 ] LMIInfo C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
14:19:19.0234 0x14b4 LMIInfo - ok
14:19:19.0294 0x14b4 [ E91CB655C50065D1B97A602392DBA3C2, FE0E6D882BB514FEEC38230F82E645AD67F855B11F2742963776622E1F600514 ] LMIMaint C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
14:19:19.0299 0x14b4 LMIMaint - ok
14:19:19.0365 0x14b4 [ 413ECDCFAD9A82804D3674C8D7EEC24E, C8A65ED0B079D16D1A4449E840B4A9475388FBE61B5A84DFEFC35F4FB3B9A9B1 ] lmimirr C:\Windows\system32\DRIVERS\lmimirr.sys
14:19:19.0366 0x14b4 lmimirr - ok
14:19:19.0386 0x14b4 LMIRfsClientNP - ok
14:19:19.0437 0x14b4 [ C57D3FAA50E6F395759FFB7C709BD944, 7B0B86F0E710934D57801E1F7BB048AD878F871147B2A16BBF81219A4022B499 ] LMIRfsDriver C:\Windows\system32\drivers\LMIRfsDriver.sys
14:19:19.0440 0x14b4 LMIRfsDriver - ok
14:19:19.0499 0x14b4 [ D3760BC17E1755091B7120CF32DBF56B, 2B31CA0CD838BEE0103054520E2FBEA2436A07D99E711B14543B85F3A511478F ] LogMeIn C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
14:19:19.0519 0x14b4 LogMeIn - ok
14:19:19.0575 0x14b4 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
14:19:19.0577 0x14b4 LSI_FC - ok
14:19:19.0598 0x14b4 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
14:19:19.0601 0x14b4 LSI_SAS - ok
14:19:19.0620 0x14b4 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:19:19.0622 0x14b4 LSI_SAS2 - ok
14:19:19.0634 0x14b4 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:19:19.0637 0x14b4 LSI_SCSI - ok
14:19:19.0651 0x14b4 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
14:19:19.0654 0x14b4 luafv - ok
14:19:19.0691 0x14b4 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:19:19.0693 0x14b4 Mcx2Svc - ok
14:19:19.0716 0x14b4 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
14:19:19.0717 0x14b4 megasas - ok
14:19:19.0737 0x14b4 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
14:19:19.0743 0x14b4 MegaSR - ok
14:19:19.0754 0x14b4 [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
14:19:19.0755 0x14b4 MEIx64 - ok
14:19:19.0776 0x14b4 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
14:19:19.0779 0x14b4 MMCSS - ok
14:19:19.0800 0x14b4 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
14:19:19.0823 0x14b4 Modem - ok
14:19:19.0905 0x14b4 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:19:19.0906 0x14b4 monitor - ok
14:19:19.0918 0x14b4 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:19:19.0920 0x14b4 mouclass - ok
14:19:19.0935 0x14b4 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:19:19.0936 0x14b4 mouhid - ok
14:19:19.0966 0x14b4 [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:19:19.0968 0x14b4 mountmgr - ok
14:19:19.0996 0x14b4 [ FBA4CDA6B3B00D7A116DCC2B5C7E9790, FE909159323290555971F031E7911DCCD035B873E630A230A660C13D57719206 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
14:19:20.0001 0x14b4 MpFilter - ok
14:19:20.0031 0x14b4 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
14:19:20.0034 0x14b4 mpio - ok
14:19:20.0054 0x14b4 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:19:20.0056 0x14b4 mpsdrv - ok
14:19:20.0098 0x14b4 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
14:19:20.0242 0x14b4 MpsSvc - ok
14:19:20.0292 0x14b4 [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:19:20.0298 0x14b4 MRxDAV - ok
14:19:20.0363 0x14b4 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:19:20.0367 0x14b4 mrxsmb - ok
14:19:20.0385 0x14b4 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:19:20.0391 0x14b4 mrxsmb10 - ok
14:19:20.0425 0x14b4 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:19:20.0428 0x14b4 mrxsmb20 - ok
14:19:20.0468 0x14b4 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
14:19:20.0469 0x14b4 msahci - ok
14:19:20.0500 0x14b4 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:19:20.0503 0x14b4 msdsm - ok
14:19:20.0525 0x14b4 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
14:19:20.0528 0x14b4 MSDTC - ok
14:19:20.0551 0x14b4 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:19:20.0552 0x14b4 Msfs - ok
14:19:20.0567 0x14b4 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:19:20.0568 0x14b4 mshidkmdf - ok
14:19:20.0597 0x14b4 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:19:20.0598 0x14b4 msisadrv - ok
14:19:20.0628 0x14b4 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:19:20.0631 0x14b4 MSiSCSI - ok
14:19:20.0633 0x14b4 msiserver - ok
14:19:20.0648 0x14b4 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:19:20.0650 0x14b4 MSKSSRV - ok
14:19:20.0737 0x14b4 [ F46BA4E7F4A34295B20917CD77F6CEC9, 1A91AC1AC1FBFC6922D0430D752240A91C9001373B1F84F960FDE0AC062A411A ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
14:19:20.0738 0x14b4 MsMpSvc - ok
14:19:20.0766 0x14b4 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:19:20.0767 0x14b4 MSPCLOCK - ok
14:19:20.0770 0x14b4 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:19:20.0770 0x14b4 MSPQM - ok
14:19:20.0826 0x14b4 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:19:20.0841 0x14b4 MsRPC - ok
14:19:20.0876 0x14b4 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
14:19:20.0877 0x14b4 mssmbios - ok
14:19:20.0893 0x14b4 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:19:20.0894 0x14b4 MSTEE - ok
14:19:20.0906 0x14b4 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
14:19:20.0907 0x14b4 MTConfig - ok
14:19:20.0918 0x14b4 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
14:19:20.0920 0x14b4 Mup - ok
14:19:20.0958 0x14b4 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
14:19:20.0980 0x14b4 napagent - ok
14:19:21.0066 0x14b4 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:19:21.0077 0x14b4 NativeWifiP - ok
14:19:21.0174 0x14b4 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
14:19:21.0276 0x14b4 NDIS - ok
14:19:21.0391 0x14b4 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:19:21.0393 0x14b4 NdisCap - ok
14:19:21.0629 0x14b4 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:19:21.0642 0x14b4 NdisTapi - ok
14:19:21.0714 0x14b4 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:19:21.0716 0x14b4 Ndisuio - ok
14:19:21.0754 0x14b4 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:19:21.0758 0x14b4 NdisWan - ok
14:19:21.0783 0x14b4 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:19:21.0785 0x14b4 NDProxy - ok
14:19:21.0798 0x14b4 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:19:21.0830 0x14b4 NetBIOS - ok
14:19:21.0876 0x14b4 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:19:21.0881 0x14b4 NetBT - ok
14:19:21.0892 0x14b4 [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] Netlogon C:\Windows\system32\lsass.exe
14:19:21.0893 0x14b4 Netlogon - ok
14:19:21.0920 0x14b4 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
14:19:21.0931 0x14b4 Netman - ok
14:19:22.0053 0x14b4 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:19:22.0057 0x14b4 NetMsmqActivator - ok
14:19:22.0097 0x14b4 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:19:22.0099 0x14b4 NetPipeActivator - ok
14:19:22.0158 0x14b4 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
14:19:22.0209 0x14b4 netprofm - ok
14:19:22.0330 0x14b4 [ EED1FBDE98CF5F6D5C0C5B27AB1F68EC, E006494890D8BDB131C10176EB554DF325481F6BC9DF543FD9F82C8DCF389487 ] netr28ux C:\Windows\system32\DRIVERS\netr28ux.sys
14:19:22.0389 0x14b4 netr28ux - ok
14:19:22.0588 0x14b4 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:19:22.0591 0x14b4 NetTcpActivator - ok
14:19:22.0610 0x14b4 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:19:22.0613 0x14b4 NetTcpPortSharing - ok
14:19:22.0648 0x14b4 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
14:19:22.0649 0x14b4 nfrd960 - ok
14:19:22.0683 0x14b4 [ E10B84385C3FEEF4BDE8E6A980535522, 56D9E47B76CDABE45E64C9E74DCBCC2F7C07A44519ED938BD730018C48445614 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
14:19:22.0688 0x14b4 NisDrv - ok
14:19:22.0746 0x14b4 [ 9BF50324444C46997C2492D505B47F2D, 42C74456C64F7D688E0911255746BD2A52A3590AED22B24F7E385760D720B8E9 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
14:19:22.0758 0x14b4 NisSrv - ok
14:19:22.0799 0x14b4 [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll
14:19:22.0835 0x14b4 NlaSvc - ok
14:19:22.0847 0x14b4 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:19:22.0849 0x14b4 Npfs - ok
14:19:22.0875 0x14b4 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
14:19:22.0876 0x14b4 nsi - ok
14:19:22.0882 0x14b4 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:19:22.0882 0x14b4 nsiproxy - ok
14:19:22.0991 0x14b4 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:19:23.0054 0x14b4 Ntfs - ok
14:19:23.0069 0x14b4 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
14:19:23.0070 0x14b4 Null - ok
14:19:23.0127 0x14b4 [ 7E4355930B28C2798D9F09AB9F81151F, 941C730F3B75BDF99639E76350031EDD15F18D8D860F3B1282C28B62096E7717 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
14:19:23.0160 0x14b4 NVHDA - ok
14:19:23.0472 0x14b4 [ ECC732D5185408FCC323E56D30170848, 7A7A6C410B65DBB1D59653598D7E5414054588BB88505BE68BFFF0378FD555F3 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:19:24.0020 0x14b4 nvlddmkm - ok
14:19:24.0179 0x14b4 [ F758A5752CA282925CE3324FDBBADBED, E9DE21AE4509BC401FE7BD717E1585BDEAF2E016A4DC8BB829DD43F54101923F ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
14:19:24.0709 0x14b4 NvNetworkService - ok
14:19:24.0924 0x14b4 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:19:24.0955 0x14b4 nvraid - ok
14:19:24.0996 0x14b4 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:19:24.0999 0x14b4 nvstor - ok
14:19:25.0083 0x14b4 [ 0772513BF441995A61A6C6F87BE12174, 308203FACAAFC87AA18765F0F358ADF5F99D0CAA9ADE51C14C43416FAB68FA18 ] NvStreamKms C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
14:19:25.0094 0x14b4 NvStreamKms - ok
14:19:25.0131 0x14b4 NvStreamSvc - ok
14:19:25.0192 0x14b4 [ 806069C408AE736E2182D2FF6C2FA8EE, 9C2D2309C4F4135772C53C10C7442BCA362657B062177B20C2F00DC2137E8362 ] NVSvc C:\Windows\system32\nvvsvc.exe
14:19:25.0261 0x14b4 NVSvc - ok
14:19:25.0313 0x14b4 [ DBFE7B2DF103F74AE51840B3C5F25FE9, 436CAA417FD24BA870F117FA4BABA2AB694825795508BCFCC8C927CC2D5BBC5E ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
14:19:25.0322 0x14b4 nvvad_WaveExtensible - ok
14:19:25.0357 0x14b4 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:19:25.0359 0x14b4 nv_agp - ok
14:19:25.0383 0x14b4 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
14:19:25.0384 0x14b4 ohci1394 - ok
14:19:25.0552 0x14b4 [ 4E2D0656946F2A19FED1C60E0E4FC1AF, 5551D5BD89EB650C5485BBB58DAA5473044B7C967B72687A27430FA9A1E812FE ] Origin Client Service C:\Program Files (x86)\Origin\OriginClientService.exe
14:19:25.0634 0x14b4 Origin Client Service - ok
14:19:25.0699 0x14b4 [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:19:25.0702 0x14b4 ose - ok
14:19:25.0932 0x14b4 [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:19:26.0283 0x14b4 osppsvc - ok
14:19:26.0351 0x14b4 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:19:26.0358 0x14b4 p2pimsvc - ok
14:19:26.0376 0x14b4 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
14:19:26.0398 0x14b4 p2psvc - ok
14:19:26.0440 0x14b4 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
14:19:26.0455 0x14b4 Parport - ok
14:19:26.0501 0x14b4 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:19:26.0525 0x14b4 partmgr - ok
14:19:26.0558 0x14b4 [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc C:\Windows\System32\pcasvc.dll
14:19:26.0563 0x14b4 PcaSvc - ok
14:19:26.0576 0x14b4 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
14:19:26.0580 0x14b4 pci - ok
14:19:26.0604 0x14b4 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
14:19:26.0605 0x14b4 pciide - ok
14:19:26.0623 0x14b4 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
14:19:26.0628 0x14b4 pcmcia - ok
14:19:26.0634 0x14b4 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
14:19:26.0635 0x14b4 pcw - ok
14:19:26.0679 0x14b4 [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:19:26.0702 0x14b4 PEAUTH - ok
14:19:26.0764 0x14b4 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
14:19:26.0778 0x14b4 PerfHost - ok
14:19:26.0869 0x14b4 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
14:19:26.0902 0x14b4 pla - ok
14:19:26.0966 0x14b4 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:19:26.0983 0x14b4 PlugPlay - ok
14:19:27.0038 0x14b4 [ CD421DDB5C6E5458CE52EDC36DE7DC5B, 7B9C0A8B2B86BBF5D7E02F2620B0015A2530CBBC99724BE20313DE53EB31D62E ] PnkBstrA C:\Windows\system32\PnkBstrA.exe
14:19:27.0056 0x14b4 PnkBstrA - ok
14:19:27.0089 0x14b4 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:19:27.0092 0x14b4 PNRPAutoReg - ok
14:19:27.0112 0x14b4 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:19:27.0119 0x14b4 PNRPsvc - ok
14:19:27.0160 0x14b4 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:19:27.0189 0x14b4 PolicyAgent - ok
14:19:27.0213 0x14b4 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
14:19:27.0219 0x14b4 Power - ok
14:19:27.0266 0x14b4 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:19:27.0269 0x14b4 PptpMiniport - ok
14:19:27.0286 0x14b4 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys
14:19:27.0288 0x14b4 Processor - ok
14:19:27.0329 0x14b4 [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll
14:19:27.0334 0x14b4 ProfSvc - ok
14:19:27.0347 0x14b4 [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:19:27.0348 0x14b4 ProtectedStorage - ok
14:19:27.0517 0x14b4 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:19:27.0523 0x14b4 Psched - ok
14:19:27.0603 0x14b4 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
14:19:27.0663 0x14b4 ql2300 - ok
14:19:27.0682 0x14b4 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
14:19:27.0687 0x14b4 ql40xx - ok
14:19:27.0721 0x14b4 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
14:19:27.0727 0x14b4 QWAVE - ok
14:19:27.0751 0x14b4 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:19:27.0753 0x14b4 QWAVEdrv - ok
14:19:27.0860 0x14b4 [ 2EE6D9CAB03900646D1D3D9077167BD6, 61F1C78A56537483FCD4B49AB6D0189EE05ECB7BF4AF88573E0F7EEBFE088865 ] RalinkRegistryWriter C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
14:19:27.0915 0x14b4 RalinkRegistryWriter - ok
14:19:27.0978 0x14b4 [ 46358C32AF09A57A171BC422649BE53B, 882993760EA1D6F5B8FD9E71C0AC550B296DBB32EC4A288C1B65B34DE41C3FE1 ] RalinkRegistryWriter64 C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
14:19:28.0019 0x14b4 RalinkRegistryWriter64 - ok
14:19:28.0046 0x14b4 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:19:28.0048 0x14b4 RasAcd - ok
14:19:28.0073 0x14b4 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:19:28.0075 0x14b4 RasAgileVpn - ok
14:19:28.0102 0x14b4 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
14:19:28.0105 0x14b4 RasAuto - ok
14:19:28.0144 0x14b4 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:19:28.0148 0x14b4 Rasl2tp - ok
14:19:28.0197 0x14b4 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
14:19:28.0218 0x14b4 RasMan - ok
14:19:28.0232 0x14b4 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:19:28.0235 0x14b4 RasPppoe - ok
14:19:28.0244 0x14b4 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:19:28.0246 0x14b4 RasSstp - ok
14:19:28.0282 0x14b4 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:19:28.0288 0x14b4 rdbss - ok
14:19:28.0294 0x14b4 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
14:19:28.0295 0x14b4 rdpbus - ok
14:19:28.0305 0x14b4 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:19:28.0306 0x14b4 RDPCDD - ok
14:19:28.0331 0x14b4 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:19:28.0332 0x14b4 RDPENCDD - ok
14:19:28.0344 0x14b4 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:19:28.0345 0x14b4 RDPREFMP - ok
14:19:28.0372 0x14b4 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:19:28.0391 0x14b4 RDPWD - ok
14:19:28.0444 0x14b4 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:19:28.0475 0x14b4 rdyboost - ok
14:19:28.0685 0x14b4 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:19:28.0768 0x14b4 RemoteAccess - ok
14:19:28.0844 0x14b4 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:19:28.0848 0x14b4 RemoteRegistry - ok
14:19:29.0001 0x14b4 [ F12A68ED55053940CADD59CA5E3468DD, 75331E6DA4E30717085E7D8131989241EBC492DC3EE455546F91DA9DFFFD2BFC ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
14:19:29.0035 0x14b4 RichVideo - ok
14:19:29.0067 0x14b4 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:19:29.0079 0x14b4 RpcEptMapper - ok
14:19:29.0111 0x14b4 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
14:19:29.0119 0x14b4 RpcLocator - ok
14:19:29.0179 0x14b4 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
14:19:29.0186 0x14b4 RpcSs - ok
14:19:29.0252 0x14b4 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:19:29.0268 0x14b4 rspndr - ok
14:19:29.0357 0x14b4 [ 4B42BC58294E83A6A92EC8B88C14C4A3, 80885CFF021F7BC85647224863A83D444EA7848CBB4F06DFDFADE58F47307D21 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
14:19:29.0388 0x14b4 RTL8167 - ok
14:19:29.0481 0x14b4 [ B3A62D2AEED3DE93239252A2DFFA9728, 7CDE07B59B5BEFD4A9FB295D14AABC95A8EDA807A4F357817824723C26A5C6AD ] SaiK1705 C:\Windows\system32\DRIVERS\SaiK1705.sys
14:19:29.0677 0x14b4 SaiK1705 - ok
14:19:29.0918 0x14b4 [ B08581EDF3290210D3366CD2D992F6C2, FF1BE97B8F37FF39B784CAB254F2460B7F7A84C45BAD5CDB06FE5C29CF293BE5 ] SaiMini C:\Windows\system32\DRIVERS\SaiMini.sys
14:19:29.0927 0x14b4 SaiMini - ok
14:19:29.0969 0x14b4 [ D086C2F45D328C2F63FC6B4CD79FCB66, BF3D27D95C83D2454AE62BAFE9297E08BB58EA4C7FBFBDEE075A4FFC6085735C ] SaiNtBus C:\Windows\system32\drivers\SaiBus.sys
14:19:29.0979 0x14b4 SaiNtBus - ok
14:19:30.0019 0x14b4 [ 338F85CC164C90F46B5580D94F1E740E, B677E79F41D5027769E75488B2B91C88E9D76CA51FA85BF0E6AA66013D047E04 ] SaiU1705 C:\Windows\system32\DRIVERS\SaiU1705.sys
14:19:30.0029 0x14b4 SaiU1705 - ok
14:19:30.0059 0x14b4 [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] SamSs C:\Windows\system32\lsass.exe
14:19:30.0060 0x14b4 SamSs - ok
14:19:30.0149 0x14b4 [ 5EFBBFCC6ADAC121C8E2FE76641ED329, 0EAB16C7F54B61620277977F8C332737081A46BC6BBDE50742B6904BDD54F502 ] SANDRA C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP2a\WNt500x64\Sandra.sys
14:19:30.0159 0x14b4 SANDRA - ok
14:19:30.0206 0x14b4 [ 65FCC1102E87462548AF8EC49620C9FC, 99FA15DA12D7550364F598EF78F04051FE1743A1D74BE6048DF840757FB08D0B ] SandraAgentSrv C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP2a\RpcAgentSrv.exe
14:19:30.0218 0x14b4 SandraAgentSrv - ok
14:19:30.0279 0x14b4 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:19:30.0283 0x14b4 sbp2port - ok
14:19:30.0361 0x14b4 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:19:30.0368 0x14b4 SCardSvr - ok
14:19:30.0422 0x14b4 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:19:30.0423 0x14b4 scfilter - ok
14:19:30.0481 0x14b4 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
14:19:30.0512 0x14b4 Schedule - ok
14:19:30.0537 0x14b4 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
14:19:30.0538 0x14b4 SCPolicySvc - ok
14:19:30.0575 0x14b4 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:19:30.0579 0x14b4 SDRSVC - ok
14:19:30.0603 0x14b4 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:19:30.0605 0x14b4 secdrv - ok
14:19:30.0638 0x14b4 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
14:19:30.0641 0x14b4 seclogon - ok
14:19:30.0662 0x14b4 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\system32\sens.dll
14:19:30.0665 0x14b4 SENS - ok
14:19:30.0670 0x14b4 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:19:30.0672 0x14b4 SensrSvc - ok
14:19:30.0705 0x14b4 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
14:19:30.0706 0x14b4 Serenum - ok
14:19:30.0715 0x14b4 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
14:19:30.0718 0x14b4 Serial - ok
14:19:30.0767 0x14b4 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
14:19:30.0768 0x14b4 sermouse - ok
14:19:30.0801 0x14b4 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
14:19:30.0808 0x14b4 SessionEnv - ok
14:19:30.0850 0x14b4 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:19:30.0858 0x14b4 sffdisk - ok
14:19:30.0950 0x14b4 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:19:30.0951 0x14b4 sffp_mmc - ok
14:19:30.0963 0x14b4 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:19:30.0964 0x14b4 sffp_sd - ok
14:19:30.0972 0x14b4 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
14:19:30.0973 0x14b4 sfloppy - ok
14:19:31.0004 0x14b4 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:19:31.0010 0x14b4 SharedAccess - ok
14:19:31.0054 0x14b4 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:19:31.0064 0x14b4 ShellHWDetection - ok
14:19:31.0079 0x14b4 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:19:31.0080 0x14b4 SiSRaid2 - ok
14:19:31.0100 0x14b4 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
14:19:31.0101 0x14b4 SiSRaid4 - ok
14:19:31.0180 0x14b4 [ A9C057A9463C25490CF99EA8DF8A4B35, 8F4D1C40D0F17EDBF84ED455B8946F782C7552383F0A07E410A9B6CFF7F51D63 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
14:19:31.0202 0x14b4 SkypeUpdate - ok
14:19:31.0218 0x14b4 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:19:31.0222 0x14b4 Smb - ok
14:19:31.0271 0x14b4 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:19:31.0272 0x14b4 SNMPTRAP - ok
14:19:31.0290 0x14b4 [ FFC5F7ED77AA59AA0A6B70F3D7A22A93, F0EF3A1A8C74CDD9EE0EF585F0489385573D764DE75E14FA8ADFEA05112935DA ] Sound Blaster X-Fi MB Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
14:19:31.0321 0x14b4 Sound Blaster X-Fi MB Licensing Service - ok
14:19:31.0351 0x14b4 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
14:19:31.0352 0x14b4 spldr - ok
14:19:31.0402 0x14b4 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
14:19:31.0454 0x14b4 Spooler - ok
14:19:31.0589 0x14b4 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
14:19:31.0679 0x14b4 sppsvc - ok
14:19:31.0692 0x14b4 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:19:31.0694 0x14b4 sppuinotify - ok
14:19:31.0735 0x14b4 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
14:19:31.0757 0x14b4 srv - ok
14:19:31.0838 0x14b4 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:19:31.0848 0x14b4 srv2 - ok
14:19:31.0876 0x14b4 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:19:31.0881 0x14b4 srvnet - ok
14:19:31.0894 0x14b4 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:19:31.0899 0x14b4 SSDPSRV - ok
14:19:31.0911 0x14b4 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:19:31.0914 0x14b4 SstpSvc - ok
14:19:32.0116 0x14b4 [ 25C16F7D749F1BA7D573756338658727, 4A4056F34C0D34D793E0A24D37842F8122A5C072F9A2ED9192763FB0CC8FDADC ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
14:19:32.0395 0x14b4 Steam Client Service - ok
14:19:32.0452 0x14b4 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
14:19:32.0454 0x14b4 stexstor - ok
14:19:32.0498 0x14b4 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
14:19:32.0521 0x14b4 stisvc - ok
14:19:32.0565 0x14b4 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
14:19:32.0566 0x14b4 swenum - ok
14:19:32.0598 0x14b4 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
14:19:32.0618 0x14b4 swprv - ok
14:19:32.0735 0x14b4 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
14:19:32.0807 0x14b4 SysMain - ok
14:19:32.0850 0x14b4 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:19:32.0855 0x14b4 TabletInputService - ok
14:19:32.0899 0x14b4 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
14:19:32.0909 0x14b4 TapiSrv - ok
14:19:32.0924 0x14b4 TBPanel - ok
14:19:32.0941 0x14b4 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
14:19:32.0943 0x14b4 TBS - ok
14:19:32.0979 0x14b4 [ BB7C91D0E97AA8126212838D32DCC83C, A32599E53AAAB21A5222B4BB261885FA3930AF968C1B17463920F6AD670668DE ] tclondrv C:\Windows\system32\DRIVERS\tclondrv.sys
14:19:32.0988 0x14b4 tclondrv - ok
14:19:33.0092 0x14b4 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:19:33.0140 0x14b4 Tcpip - ok
14:19:33.0258 0x14b4 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:19:33.0282 0x14b4 TCPIP6 - ok
14:19:33.0312 0x14b4 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:19:33.0313 0x14b4 tcpipreg - ok
14:19:33.0351 0x14b4 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:19:33.0352 0x14b4 TDPIPE - ok
14:19:33.0386 0x14b4 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:19:33.0387 0x14b4 TDTCP - ok
14:19:33.0423 0x14b4 [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:19:33.0425 0x14b4 tdx - ok
14:19:33.0451 0x14b4 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
14:19:33.0452 0x14b4 TermDD - ok
14:19:33.0499 0x14b4 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
14:19:33.0508 0x14b4 TermService - ok
14:19:33.0518 0x14b4 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
14:19:33.0520 0x14b4 Themes - ok
14:19:33.0527 0x14b4 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
14:19:33.0529 0x14b4 THREADORDER - ok
14:19:33.0604 0x14b4 [ E4FAD21646088D79F8889B6531396ACF, D0C8F0E3293D423245FD2233F283A1FE2463E15F8B9F4ED6AC96C2164EC51F75 ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
14:19:33.0606 0x14b4 TomTomHOMEService - ok
14:19:33.0624 0x14b4 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
14:19:33.0627 0x14b4 TrkWks - ok
14:19:33.0675 0x14b4 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:19:33.0679 0x14b4 TrustedInstaller - ok
14:19:33.0712 0x14b4 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:19:33.0713 0x14b4 tssecsrv - ok
14:19:33.0782 0x14b4 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
14:19:33.0783 0x14b4 TsUsbFlt - ok
14:19:33.0900 0x14b4 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:19:33.0903 0x14b4 tunnel - ok
14:19:33.0921 0x14b4 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
14:19:33.0923 0x14b4 uagp35 - ok
14:19:33.0963 0x14b4 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:19:33.0969 0x14b4 udfs - ok
14:19:33.0993 0x14b4 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:19:33.0995 0x14b4 UI0Detect - ok
14:19:34.0029 0x14b4 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:19:34.0031 0x14b4 uliagpkx - ok
14:19:34.0082 0x14b4 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\drivers\umbus.sys
14:19:34.0084 0x14b4 umbus - ok
14:19:34.0111 0x14b4 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
14:19:34.0111 0x14b4 UmPass - ok
14:19:34.0128 0x14b4 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
14:19:34.0136 0x14b4 upnphost - ok
14:19:34.0179 0x14b4 [ 5C3BE22E485B9BF11FCEFDC676C728D0, F55061066ECF6920D56518A677BB538C18B7F1BB150ED6DB3591408F44E8D53A ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
14:19:34.0180 0x14b4 USBAAPL64 - ok
14:19:34.0212 0x14b4 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:19:34.0214 0x14b4 usbccgp - ok
14:19:34.0309 0x14b4 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:19:34.0311 0x14b4 usbcir - ok
14:19:34.0351 0x14b4 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\drivers\usbehci.sys
14:19:34.0354 0x14b4 usbehci - ok
14:19:34.0405 0x14b4 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:19:34.0422 0x14b4 usbhub - ok
14:19:34.0471 0x14b4 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys
14:19:34.0476 0x14b4 usbohci - ok
14:19:34.0503 0x14b4 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:19:34.0504 0x14b4 usbprint - ok
14:19:34.0549 0x14b4 [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
14:19:34.0550 0x14b4 usbscan - ok
14:19:34.0587 0x14b4 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:19:34.0589 0x14b4 USBSTOR - ok
14:19:34.0622 0x14b4 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
14:19:34.0623 0x14b4 usbuhci - ok
14:19:34.0642 0x14b4 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
14:19:34.0644 0x14b4 UxSms - ok
14:19:34.0658 0x14b4 [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] VaultSvc C:\Windows\system32\lsass.exe
14:19:34.0659 0x14b4 VaultSvc - ok
14:19:34.0707 0x14b4 [ 8FD4BE594B4247E534E5D7CADA47FF20, A1D4DF89FAE48B2A6E3443C49533000A3E13A3CE1C18D8DB5DAEE4DDD9C51E88 ] VBoxNetAdp C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
14:19:34.0711 0x14b4 VBoxNetAdp - ok
14:19:34.0725 0x14b4 VBoxNetFlt - ok
14:19:34.0763 0x14b4 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
14:19:34.0937 0x14b4 vdrvroot - ok
14:19:35.0028 0x14b4 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
14:19:35.0060 0x14b4 vds - ok
14:19:35.0131 0x14b4 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:19:35.0162 0x14b4 vga - ok
14:19:35.0173 0x14b4 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
14:19:35.0174 0x14b4 VgaSave - ok
14:19:35.0213 0x14b4 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
14:19:35.0219 0x14b4 vhdmp - ok
14:19:35.0260 0x14b4 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
14:19:35.0261 0x14b4 viaide - ok
14:19:35.0310 0x14b4 [ C117CEDFB9BFEADB29106FDAC1358470, 0459ECE09C73B8EA250FA8DBA3718F612966383CA85357BA027CA272AFD961B9 ] vmm C:\Windows\system32\Treiber\vmm.sys
14:19:35.0398 0x14b4 vmm - ok
14:19:35.0434 0x14b4 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:19:35.0436 0x14b4 volmgr - ok
14:19:35.0471 0x14b4 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:19:35.0480 0x14b4 volmgrx - ok
14:19:35.0497 0x14b4 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:19:35.0519 0x14b4 volsnap - ok
14:19:35.0571 0x14b4 [ BC2EA40B98B5E866D9A4F98AFB66B682, 838EAF1ADDC2826FE4830F2410F6EE3517CDDEF0D5212BC6FD009BC3CA7D70E6 ] VPCNetS2 C:\Windows\system32\DRIVERS\VMNetSrv.sys
14:19:35.0573 0x14b4 VPCNetS2 - ok
14:19:35.0596 0x14b4 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
14:19:35.0600 0x14b4 vsmraid - ok
14:19:35.0676 0x14b4 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
14:19:35.0723 0x14b4 VSS - ok
14:19:35.0746 0x14b4 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
14:19:35.0747 0x14b4 vwifibus - ok
14:19:35.0773 0x14b4 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
14:19:35.0774 0x14b4 vwififlt - ok
14:19:35.0787 0x14b4 [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
14:19:35.0788 0x14b4 vwifimp - ok
14:19:35.0885 0x14b4 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
14:19:35.0902 0x14b4 W32Time - ok
14:19:35.0965 0x14b4 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
14:19:35.0967 0x14b4 WacomPen - ok
14:19:36.0012 0x14b4 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:19:36.0014 0x14b4 WANARP - ok
14:19:36.0025 0x14b4 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:19:36.0026 0x14b4 Wanarpv6 - ok
14:19:36.0095 0x14b4 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
14:19:36.0177 0x14b4 wbengine - ok
14:19:36.0230 0x14b4 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:19:36.0243 0x14b4 WbioSrvc - ok
14:19:36.0306 0x14b4 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:19:36.0329 0x14b4 wcncsvc - ok
14:19:36.0367 0x14b4 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:19:36.0369 0x14b4 WcsPlugInService - ok
14:19:36.0394 0x14b4 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
14:19:36.0395 0x14b4 Wd - ok
14:19:36.0693 0x14b4 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:19:36.0768 0x14b4 Wdf01000 - ok
14:19:36.0811 0x14b4 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:19:36.0818 0x14b4 WdiServiceHost - ok
14:19:36.0825 0x14b4 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:19:36.0829 0x14b4 WdiSystemHost - ok
14:19:36.0862 0x14b4 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
14:19:36.0871 0x14b4 WebClient - ok
14:19:36.0893 0x14b4 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:19:36.0912 0x14b4 Wecsvc - ok
14:19:36.0918 0x14b4 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:19:36.0921 0x14b4 wercplsupport - ok
14:19:36.0937 0x14b4 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
14:19:36.0939 0x14b4 WerSvc - ok
14:19:36.0959 0x14b4 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:19:36.0960 0x14b4 WfpLwf - ok
14:19:36.0974 0x14b4 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:19:36.0975 0x14b4 WIMMount - ok
14:19:37.0003 0x14b4 WinDefend - ok
14:19:37.0019 0x14b4 WinHttpAutoProxySvc - ok
14:19:37.0067 0x14b4 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:19:37.0072 0x14b4 Winmgmt - ok
14:19:37.0160 0x14b4 [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\Windows\system32\WsmSvc.dll
14:19:37.0217 0x14b4 WinRM - ok
14:19:37.0273 0x14b4 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
14:19:37.0274 0x14b4 WinUsb - ok
14:19:37.0315 0x14b4 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
14:19:37.0338 0x14b4 Wlansvc - ok
14:19:37.0447 0x14b4 [ 98F138897EF4246381D197CB81846D62, A9FA88475AFBB8883297708608EC7C1AC29F229C3299A84D557172604813A18C ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:19:37.0474 0x14b4 wlidsvc - ok
14:19:37.0508 0x14b4 [ 680A7846370000D20D7E74917D5B7936, 55B77B358039672845D361CA4205F3482D1F30A4654B610FD785A1337EFDC316 ] WmBEnum C:\Windows\system32\drivers\WmBEnum.sys
14:19:37.0509 0x14b4 WmBEnum - ok
14:19:37.0553 0x14b4 [ 14C35BA8189C6F65D839163AA285E954, 8981AA488320C75E26E1ABDF884B721A4065F5D28F54782598B03F21B8CDC020 ] WmFilter C:\Windows\system32\drivers\WmFilter.sys
14:19:37.0555 0x14b4 WmFilter - ok
14:19:37.0592 0x14b4 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
14:19:37.0593 0x14b4 WmiAcpi - ok
14:19:37.0616 0x14b4 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:19:37.0620 0x14b4 wmiApSrv - ok
14:19:37.0646 0x14b4 WMPNetworkSvc - ok
14:19:37.0774 0x14b4 [ 8488DD91A3EE54A8E29F02AD7BB8201E, D428ED991D9E4A8765C240B21884A262854278698D60862117AC5949713231F9 ] WmVirHid C:\Windows\system32\drivers\WmVirHid.sys
14:19:37.0775 0x14b4 WmVirHid - ok
14:19:37.0787 0x14b4 [ 14802B3A30AA849C97CB968CCC813BF3, 330AD828ABD040ECDBF58F7162978CD61BFC093CAD404FD2BCAC74E3F2EC542A ] WmXlCore C:\Windows\system32\drivers\WmXlCore.sys
14:19:37.0789 0x14b4 WmXlCore - ok
14:19:37.0806 0x14b4 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:19:37.0837 0x14b4 WPCSvc - ok
14:19:37.0883 0x14b4 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:19:37.0886 0x14b4 WPDBusEnum - ok
14:19:37.0904 0x14b4 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:19:37.0905 0x14b4 ws2ifsl - ok
14:19:37.0922 0x14b4 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\system32\wscsvc.dll
14:19:37.0925 0x14b4 wscsvc - ok
14:19:37.0926 0x14b4 WSearch - ok
14:19:38.0013 0x14b4 [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv C:\Windows\system32\wuaueng.dll
14:19:38.0092 0x14b4 wuauserv - ok
14:19:38.0146 0x14b4 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:19:38.0148 0x14b4 WudfPf - ok
14:19:38.0172 0x14b4 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:19:38.0176 0x14b4 WUDFRd - ok
14:19:38.0214 0x14b4 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:19:38.0217 0x14b4 wudfsvc - ok
14:19:38.0263 0x14b4 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
14:19:38.0335 0x14b4 WwanSvc - ok
14:19:38.0391 0x14b4 [ 38F55D07B1D3391065C40EC065F984E2, 056F5E3034C4C11403D74F44A364964A3A5945608DAE2A03EF025A22F5C31B26 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
14:19:38.0393 0x14b4 xusb21 - ok
14:19:38.0419 0x14b4 ================ Scan global ===============================
14:19:38.0433 0x14b4 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
14:19:38.0477 0x14b4 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
14:19:38.0499 0x14b4 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
14:19:38.0526 0x14b4 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
14:19:38.0552 0x14b4 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
14:19:38.0558 0x14b4 [ Global ] - ok
14:19:38.0559 0x14b4 ================ Scan MBR ==================================
14:19:38.0567 0x14b4 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:19:38.0722 0x14b4 \Device\Harddisk0\DR0 - ok
14:19:38.0723 0x14b4 ================ Scan VBR ==================================
14:19:38.0724 0x14b4 [ 59455C7B5CF7E4E2CDA7BBB701B51BED ] \Device\Harddisk0\DR0\Partition1
14:19:38.0761 0x14b4 \Device\Harddisk0\DR0\Partition1 - ok
14:19:38.0761 0x14b4 ================ Scan generic autorun ======================
14:19:39.0118 0x14b4 [ 798DF4955D7DE4552706B3ECB65B3C80, C0DD4999D8E5505EBC5ADB2B458339BA1444FE897C8568E872C9F8CCF7C5360B ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
14:19:39.0263 0x14b4 RtHDVCpl - ok
14:19:39.0299 0x14b4 [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] C:\Windows\system32\RunDLL32.exe
14:19:39.0301 0x14b4 RunDLLEntry - ok
14:19:39.0468 0x14b4 [ 6B15A74A2D7BAE2452C1AD84E717B166, 5C497E0E4AD9BB61D1AAF2FBBABE6351DA4AD792F8D46C81C6B5912DD9581EE9 ] C:\Program Files\Logitech Gaming Software\LCore.exe
14:19:39.0538 0x14b4 Launch LCore - ok
14:19:39.0624 0x14b4 [ 0104F4CA73154C23FFB449501F6D2D53, 0610AC01C06CC15D67F11C0EE00097A4D0A56B9EED16489FD3306EC2E1E6F301 ] C:\Program Files\Logitech\Gaming Software\LWEMon.exe
14:19:39.0627 0x14b4 Start WingMan Profiler - ok
14:19:39.0725 0x14b4 [ 223A96BAC91792E1A954BFEB49FBE02C, 56582B1E48EB9AAE8C3AA0BCFB3B8DCBBA6AE26138BBE801DA2404A527DF5636 ] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
14:19:39.0726 0x14b4 LogMeIn GUI - ok
14:19:39.0896 0x14b4 [ 87A4BA086E5B5DF0F36E3F6D7234D701, EE26338497E016A95CB5970777B7B7AC8FAEF4E491713D729EDEFBCDC9FBF4A4 ] c:\Program Files\Microsoft Security Client\msseces.exe
14:19:39.0944 0x14b4 MSC - ok
14:19:39.0966 0x14b4 [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] C:\Windows\system32\rundll32.exe
14:19:39.0967 0x14b4 ShadowPlay - ok
14:19:40.0119 0x14b4 [ 638644168D9B5B5093AD84C9C162B550, BDBAB13BA6D369B7F87F721518F7EBD4B14D85B80BCC1E37FA929BB77200401B ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
14:19:40.0644 0x14b4 NvBackend - ok
14:19:40.0724 0x14b4 [ D0B542256A968DFCB8896C140FCE6047, 3F92A9871B521BCCCDFE6D9BFF88930B26C5DB86F6F6578554A3F2ECC5C5EBA0 ] C:\Program Files\iTunes\iTunesHelper.exe
14:19:40.0729 0x14b4 iTunesHelper - ok
14:19:40.0890 0x14b4 [ 1248D3C920BFC59FE8B9D1C0808167D7, 8CA1AAA564F0EC5ED8DAEEDE8EF6A5A4B63CBCF030A390ADDDEECD5E03092934 ] C:\Program Files (x86)\XFastUsb\XFastUsb.exe
14:19:41.0022 0x14b4 XFastUsb - ok
14:19:41.0105 0x14b4 [ 629B12D94C228F8C59AD15EB76F02A6E, 2A447A955829CCBBA181205D908166BBAD9993B40EC0B9A5FA0D28334A49B0F6 ] C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe
14:19:41.0643 0x14b4 CTSyncService - ok
14:19:41.0696 0x14b4 [ 43A4F52F7A38ED9EE0AACA36FE6DAC5D, 1701C050E18E98BB9AD29568B8A50D1F907E6F6EF53520D53EF281B847C5B0C9 ] C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
14:19:41.0715 0x14b4 VolPanel - ok
14:19:41.0784 0x14b4 [ 9F60097061F79620C9C59FF37A61D852, 9B94C00CAA1F4DF95485F994576DA68B30635C628CFE3D6AE1811E6FEB1A56CA ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
14:19:41.0785 0x14b4 APSDaemon - ok
14:19:41.0935 0x14b4 [ 3B104EE76B142ECDFCD38ED80F0098A5, EFDB2B48255A2928B13BE922CD40FD18A12102A397036DDF2BE9C2160359695E ] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe
14:19:41.0975 0x14b4 Nikon Message Center 2 - ok
14:19:42.0101 0x14b4 [ A7810B302294793DE88542AAE177D1B1, F0EE3684DBEB0AAAD912DC04D060976D1EAE92489E192BAE900FA0F417AD20A7 ] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
14:19:42.0105 0x14b4 ArcSoft Connection Service - ok
14:19:42.0173 0x14b4 [ 572024F59132BC3A2AC5E60A6C48D31E, 8BC1BA9BAB555DDF246100A511E9B54FB790F0F871868DCB54B0F83AA9E7306B ] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
14:19:42.0175 0x14b4 CLMLServer - ok
14:19:42.0259 0x14b4 [ 4EFCDF3DB1BBA69C09622991280C4ACB, A86D4694BCFFF3C0FAF07C56A410A8317A953FB581CDCDBED5CAF735A0E2AC0D ] C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
14:19:42.0266 0x14b4 UCam_Menu - ok
14:19:42.0329 0x14b4 [ 9D56299FA5C9B3D9E67FF3ACB301139F, 202A0542BEA33C5F78A406EF9479EB7BD42FCBEAC9F49F38F6ECC48554117811 ] C:\Program Files (x86)\lg_fwupdate\lgfw.exe
14:19:42.0330 0x14b4 LGODDFU - ok
14:19:42.0406 0x14b4 [ A2221900B57AEC20577996744FA4A56A, AFEF9176DBA86CDB16A7E84AD0DF6433D4F5865948774FB6B619CBEBEC004592 ] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
14:19:42.0408 0x14b4 RemoteControl10 - ok
14:19:42.0436 0x14b4 [ DB2E166A95E6BB277F26C86720C6ABC2, 9580244ADDFBB38BC0CD45083AA5F8F3AF2272138DE91421B25838CB0B0F02CE ] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
14:19:42.0438 0x14b4 BDRegion - ok
14:19:42.0579 0x14b4 [ 4C8942B8721813E5C8874D47112DCF73, 85869B814417397D92A028CF841FC7B1B41E5D53EFF3470DED664484709C9FBA ] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
14:19:42.0610 0x14b4 LightScribe Control Panel - ok
14:19:42.0629 0x14b4 [ 7E6ACA6B6C89B7CD098944A9159DAED3, 31AAF03FEC04021D9A4BE249815DDD485BDEBE0BF3C9311B10E954BDE9A5EA13 ] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
14:19:42.0632 0x14b4 TomTomHOME.exe - ok
14:19:42.0633 0x14b4 Waiting for KSN requests completion. In queue: 109
14:19:43.0633 0x14b4 Waiting for KSN requests completion. In queue: 109
14:19:44.0633 0x14b4 Waiting for KSN requests completion. In queue: 109
14:19:45.0705 0x14b4 AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.7.205.0 ), 0x61000 ( enabled : updated )
14:19:45.0747 0x14b4 Win FW state via NFP2: enabled
14:19:48.0206 0x14b4 ============================================================
14:19:48.0206 0x14b4 Scan finished
14:19:48.0206 0x14b4 ============================================================
14:19:48.0214 0x10bc Detected object count: 0
14:19:48.0214 0x10bc Actual detected object count: 0
14:21:04.0703 0x10d4 Deinitialize success
|
|
13.04.2015, 18:51
| #7 |
| /// the machine /// TB-Ausbilder | conhost.exe-Prozess unterbricht ausgewähltes Fenster hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
13.04.2015, 20:00
| #8 |
| | conhost.exe-Prozess unterbricht ausgewähltes FensterCode:
ATTFilter ComboFix 15-04-09.01 - Tobias 13.04.2015 20:52:05.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8175.4806 [GMT 2:00]
ausgeführt von:: c:\users\Tobias\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-03-13 bis 2015-04-13 ))))))))))))))))))))))))))))))
.
.
2015-04-13 18:57 . 2015-04-13 18:57 -------- d-----w- c:\users\HomeGroupUser$\AppData\Local\temp
2015-04-13 18:57 . 2015-04-13 18:57 -------- d-----w- c:\users\Gast\AppData\Local\temp
2015-04-13 18:57 . 2015-04-13 18:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-04-13 18:57 . 2015-04-13 18:57 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2015-04-13 13:09 . 2015-04-13 13:09 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6A577872-CF05-4565-90BE-81356F5BCF10}\offreg.dll
2015-04-13 11:42 . 2015-03-14 10:02 12002392 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6A577872-CF05-4565-90BE-81356F5BCF10}\mpengine.dll
2015-04-12 14:25 . 2015-04-13 11:33 -------- d-----w- c:\users\Tobias\AppData\Roaming\Solvusoft
2015-04-12 14:25 . 2012-10-15 15:02 19888 ----a-w- c:\windows\system32\roboot64.exe
2015-04-11 20:51 . 2015-03-14 10:02 12002392 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-04-11 20:47 . 2015-04-11 20:47 -------- d-----w- C:\RegBackup
2015-04-11 20:01 . 2015-04-11 20:01 -------- d-----w- c:\program files (x86)\ Malwarebytes Anti-Malware
2015-04-11 20:01 . 2015-03-17 04:15 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-04-11 20:01 . 2015-03-17 04:15 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-04-11 18:46 . 2015-04-13 12:14 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-04-11 18:46 . 2015-04-13 11:36 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-04-11 18:45 . 2015-04-13 11:34 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-04-11 18:42 . 2015-04-12 15:49 -------- d-----w- C:\FRST
2015-04-06 13:42 . 2015-04-06 13:42 -------- d-----w- C:\temp
2015-04-06 00:56 . 2015-04-06 00:56 -------- d-s---w- c:\windows\SysWow64\GWX
2015-04-06 00:56 . 2015-04-06 00:56 -------- d-s---w- c:\windows\system32\GWX
2015-04-05 17:10 . 2015-04-05 17:10 -------- d-----w- c:\users\Tobias\AppData\Roaming\.mono
2015-04-05 17:10 . 2015-04-05 17:10 -------- d-----w- c:\programdata\.mono
2015-04-05 17:10 . 2015-04-05 17:10 -------- d-----w- c:\users\Tobias\AppData\Local\Colossal Order
2015-04-05 15:42 . 2015-03-25 20:58 1187344 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{294825DD-B235-4185-A36D-96B4D3AA9635}\gapaengine.dll
2015-03-25 14:57 . 2015-03-11 04:06 677888 ----a-w- c:\windows\system32\generaltel.dll
2015-03-25 14:57 . 2015-03-11 04:06 943616 ----a-w- c:\windows\system32\appraiser.dll
2015-03-25 14:57 . 2015-03-11 04:05 30720 ----a-w- c:\windows\system32\acmigration.dll
2015-03-25 14:57 . 2015-03-11 04:06 760832 ----a-w- c:\windows\system32\invagent.dll
2015-03-25 14:57 . 2015-03-11 04:06 414720 ----a-w- c:\windows\system32\devinv.dll
2015-03-25 14:57 . 2015-03-11 04:05 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-03-25 14:57 . 2015-03-11 04:05 192000 ----a-w- c:\windows\system32\aepic.dll
2015-03-25 14:57 . 2015-03-11 04:02 1107456 ----a-w- c:\windows\system32\aeinv.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-28 03:44 . 2014-06-03 09:42 1316000 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2015-03-28 03:44 . 2013-12-09 20:14 1316000 ----a-w- c:\windows\SysWow64\nvspcap.dll
2015-03-28 03:43 . 2014-06-03 09:42 1756424 ----a-w- c:\windows\system32\nvspbridge64.dll
2015-03-28 03:43 . 2013-12-09 20:14 1570672 ----a-w- c:\windows\system32\nvspcap64.dll
2015-03-25 20:58 . 2011-10-11 14:05 1187344 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2015-03-13 19:41 . 2014-12-23 19:39 2906928 ----a-w- c:\windows\SysWow64\nvapi.dll
2015-03-13 19:41 . 2014-11-19 20:18 16022016 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2015-03-13 19:41 . 2014-08-19 20:15 18580512 ----a-w- c:\windows\system32\nvwgf2umx.dll
2015-03-13 19:41 . 2014-08-19 20:15 32114888 ----a-w- c:\windows\system32\nvoglv64.dll
2015-03-13 19:41 . 2014-08-19 20:14 14121624 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2015-03-13 19:41 . 2014-08-19 20:14 3303448 ----a-w- c:\windows\system32\nvapi64.dll
2015-03-12 20:13 . 2013-03-11 12:11 348672 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2015-03-12 20:13 . 2011-10-31 12:38 348672 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2015-03-12 20:13 . 2011-10-31 12:38 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2015-03-11 22:09 . 2011-09-22 16:43 122905848 ----a-w- c:\windows\system32\MRT.exe
2015-03-06 05:56 . 2015-03-11 15:14 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-03-06 05:56 . 2015-03-11 15:14 155576 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-03-06 05:42 . 2015-03-11 15:14 210944 ----a-w- c:\windows\system32\wdigest.dll
2015-03-06 05:42 . 2015-03-11 15:14 86528 ----a-w- c:\windows\system32\TSpkg.dll
2015-03-06 05:42 . 2015-03-11 15:14 136192 ----a-w- c:\windows\system32\sspicli.dll
2015-03-06 05:42 . 2015-03-11 15:14 29184 ----a-w- c:\windows\system32\sspisrv.dll
2015-03-06 05:42 . 2015-03-11 15:14 341504 ----a-w- c:\windows\system32\schannel.dll
2015-03-06 05:42 . 2015-03-11 15:14 28160 ----a-w- c:\windows\system32\secur32.dll
2015-03-06 05:42 . 2015-03-11 15:14 314880 ----a-w- c:\windows\system32\msv1_0.dll
2015-03-06 05:42 . 2015-03-11 15:14 309760 ----a-w- c:\windows\system32\ncrypt.dll
2015-03-06 05:42 . 2015-03-11 15:14 1461760 ----a-w- c:\windows\system32\lsasrv.dll
2015-03-06 05:42 . 2015-03-11 15:14 728064 ----a-w- c:\windows\system32\kerberos.dll
2015-03-06 05:42 . 2015-03-11 15:14 22016 ----a-w- c:\windows\system32\credssp.dll
2015-03-06 05:41 . 2015-03-11 15:14 31232 ----a-w- c:\windows\system32\lsass.exe
2015-03-06 05:41 . 2015-03-11 15:14 64000 ----a-w- c:\windows\system32\auditpol.exe
2015-03-06 05:39 . 2015-03-11 15:14 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-03-06 05:38 . 2015-03-11 15:14 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-03-06 05:36 . 2015-03-11 15:14 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-03-06 05:10 . 2015-03-11 15:14 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2015-03-06 05:10 . 2015-03-11 15:14 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2015-03-06 05:10 . 2015-03-11 15:14 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-03-06 05:10 . 2015-03-11 15:14 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2015-03-06 05:10 . 2015-03-11 15:14 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2015-03-06 05:10 . 2015-03-11 15:14 221184 ----a-w- c:\windows\SysWow64\ncrypt.dll
2015-03-06 05:10 . 2015-03-11 15:14 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2015-03-06 05:10 . 2015-03-11 15:14 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2015-03-06 05:09 . 2015-03-11 15:14 50176 ----a-w- c:\windows\SysWow64\auditpol.exe
2015-03-06 05:09 . 2015-03-11 15:14 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2015-03-06 05:07 . 2015-03-11 15:14 60416 ----a-w- c:\windows\SysWow64\msobjs.dll
2015-03-06 05:07 . 2015-03-11 15:14 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2015-03-06 05:06 . 2015-03-11 15:14 686080 ----a-w- c:\windows\SysWow64\adtschema.dll
2015-03-03 13:17 . 2011-03-21 23:33 295552 ------w- c:\windows\system32\MpSigStub.exe
2015-02-26 03:25 . 2015-03-11 15:12 3204096 ----a-w- c:\windows\system32\win32k.sys
2015-02-24 03:15 . 2015-03-11 15:21 389800 ----a-w- c:\windows\system32\iedkcs32.dll
2015-02-21 01:16 . 2015-03-11 15:21 25021440 ----a-w- c:\windows\system32\mshtml.dll
2015-02-20 23:58 . 2015-03-11 15:21 92160 ----a-w- c:\windows\system32\mshtmled.dll
2015-02-20 04:41 . 2015-03-11 15:16 41984 ----a-w- c:\windows\system32\lpk.dll
2015-02-20 04:40 . 2015-03-11 15:16 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-02-20 04:40 . 2015-03-11 15:16 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-02-20 04:40 . 2015-03-11 15:16 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-02-20 04:13 . 2015-03-11 15:16 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-02-20 04:13 . 2015-03-11 15:16 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-02-20 04:13 . 2015-03-11 15:16 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-02-20 04:12 . 2015-03-11 15:16 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-02-20 03:29 . 2015-03-11 15:16 372224 ----a-w- c:\windows\system32\atmfd.dll
2015-02-20 03:09 . 2015-03-11 15:16 299008 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-02-20 03:06 . 2015-03-11 15:21 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2015-02-20 03:05 . 2015-03-11 15:21 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2015-02-20 02:50 . 2015-03-11 15:21 66560 ----a-w- c:\windows\system32\iesetup.dll
2015-02-20 02:49 . 2015-03-11 15:21 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2015-02-20 02:49 . 2015-03-11 15:21 584192 ----a-w- c:\windows\system32\vbscript.dll
2015-02-20 02:48 . 2015-03-11 15:21 2886144 ----a-w- c:\windows\system32\iertutil.dll
2015-02-20 02:47 . 2015-03-11 15:21 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2015-02-20 02:41 . 2015-03-11 15:21 54784 ----a-w- c:\windows\system32\jsproxy.dll
2015-02-20 02:40 . 2015-03-11 15:21 34304 ----a-w- c:\windows\system32\iernonce.dll
2015-02-20 02:36 . 2015-03-11 15:21 633856 ----a-w- c:\windows\system32\ieui.dll
2015-02-20 02:35 . 2015-03-11 15:21 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2015-02-20 02:35 . 2015-03-11 15:21 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2015-02-20 02:34 . 2015-03-11 15:21 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2015-02-20 02:32 . 2015-03-11 15:21 6035456 ----a-w- c:\windows\system32\jscript9.dll
2015-02-20 02:26 . 2015-03-11 15:21 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2015-02-20 02:22 . 2015-03-11 15:21 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2015-02-20 02:22 . 2015-03-11 15:21 490496 ----a-w- c:\windows\system32\dxtmsft.dll
2015-02-20 02:13 . 2015-03-11 15:21 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2015-02-20 02:09 . 2015-03-11 15:21 503296 ----a-w- c:\windows\SysWow64\vbscript.dll
2015-02-20 02:08 . 2015-03-11 15:21 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2015-02-20 02:08 . 2015-03-11 15:21 199680 ----a-w- c:\windows\system32\msrating.dll
2015-02-20 02:08 . 2015-03-11 15:21 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2015-02-20 02:06 . 2015-03-11 15:21 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2015-02-20 02:05 . 2015-03-11 15:21 316928 ----a-w- c:\windows\system32\dxtrans.dll
2015-02-20 01:56 . 2015-03-11 15:21 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2015-02-20 01:56 . 2015-03-11 15:21 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2015-02-20 01:49 . 2015-03-11 15:21 718848 ----a-w- c:\windows\system32\ie4uinit.exe
2015-02-20 01:49 . 2015-03-11 15:21 801280 ----a-w- c:\windows\system32\msfeeds.dll
2015-02-20 01:47 . 2015-03-11 15:21 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2015-02-20 01:46 . 2015-03-11 15:21 2125824 ----a-w- c:\windows\system32\inetcpl.cpl
2015-02-20 01:43 . 2015-03-11 15:21 14398976 ----a-w- c:\windows\system32\ieframe.dll
2015-02-20 01:41 . 2015-03-11 15:21 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2015-02-20 01:30 . 2015-03-11 15:21 4300288 ----a-w- c:\windows\SysWow64\jscript9.dll
2015-02-20 01:28 . 2015-03-11 15:21 2358784 ----a-w- c:\windows\system32\wininet.dll
2015-02-20 01:24 . 2015-03-11 15:21 2052608 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2015-02-20 01:23 . 2015-03-11 15:21 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2015-02-20 01:16 . 2015-03-11 15:21 1548288 ----a-w- c:\windows\system32\urlmon.dll
2015-02-20 01:03 . 2015-03-11 15:21 800768 ----a-w- c:\windows\system32\ieapfltr.dll
2015-02-20 01:01 . 2015-03-11 15:21 1888256 ----a-w- c:\windows\SysWow64\wininet.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-03-04 2741616]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2013-08-27 248208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"XFastUsb"="c:\program files (x86)\XFastUsb\XFastUsb.exe" [2011-03-21 4942336]
"CTSyncService"="c:\program files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe" [2009-07-08 1233195]
"VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2009-05-04 241789]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-02-13 60712]
"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-15 103720]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"LGODDFU"="c:\program files (x86)\lg_fwupdate\lgfw.exe" [2013-02-04 27760]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-07-13 93296]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2012-08-27 78352]
.
c:\users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Tobias\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-4-2 43382072]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Ralink Wireless Utility.lnk - c:\program files (x86)\Ralink\Common\RaUI.exe -s [2012-8-15 1609728]
TMMonitor.lnk - c:\program files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe [2012-2-19 258048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 CLKMSVC10_38F51D56;CyberLink Product - 2013/03/24 21:58;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
R3 cpuz136;cpuz136;c:\users\Tobias\AppData\Local\Temp\cpuz136\cpuz136_x64.sys;c:\users\Tobias\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS;c:\windows\SYSNATIVE\drivers\FNETTBOH_305.SYS [x]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IT9135BDA;IT9135 BDA Devices;c:\windows\system32\Drivers\IT9135BDA.sys;c:\windows\SYSNATIVE\Drivers\IT9135BDA.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2014.SP2a\RpcAgentSrv.exe;c:\program files\SiSoftware\SiSoftware Sandra Lite 2014.SP2a\RpcAgentSrv.exe [x]
R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
S0 tclondrv;tclondrv;c:\windows\system32\DRIVERS\tclondrv.sys;c:\windows\SYSNATIVE\DRIVERS\tclondrv.sys [x]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AsrAppCharger.sys [x]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS;c:\windows\SYSNATIVE\drivers\FNETURPX.SYS [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\Ralink\Common\RaRegistry64.exe;c:\program files (x86)\Ralink\Common\RaRegistry64.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\System32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\System32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SaiK1705;SaiK1705;c:\windows\system32\DRIVERS\SaiK1705.sys;c:\windows\SYSNATIVE\DRIVERS\SaiK1705.sys [x]
S3 SaiU1705;SaiU1705;c:\windows\system32\DRIVERS\SaiU1705.sys;c:\windows\SYSNATIVE\DRIVERS\SaiU1705.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 88200439
*Deregistered* - 88200439
*Deregistered* - CLKMDRV10_38F51D56
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 11:29 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-04-05 21:20 1061704 ----a-w- c:\program files (x86)\Google\Chrome\Application\41.0.2272.118\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-04-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-20 20:24]
.
2015-04-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2387981973-1238528810-796836218-1000Core.job
- c:\users\Tobias\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-14 19:40]
.
2015-04-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2387981973-1238528810-796836218-1000UA.job
- c:\users\Tobias\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-14 19:40]
.
2015-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-09-18 18:57]
.
2015-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-09-18 18:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-28 11101800]
"RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 17920]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-12-07 5889816]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-09-16 57928]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-01-30 1332296]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-03-28 1570672]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-03-28 2673296]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-02-13 169768]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com
uStart Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: {{92808042-fb78-4fa0-bb4f-c9a95e0e9c10} - {ba696155-d96e-4281-b467-0367a0456474} -
TCP: DhcpNameServer = 192.168.2.1
.
.
------- Dateityp-Verknüpfung -------
.
JSEFile=%SystemRoot%\SysWow64\CScript.exe "%1" %*
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{40C3CC16-7269-4B32-9531-17F2950FB06F}"=hex:51,66,7a,6c,4c,1d,38,12,78,cf,d0,
44,5b,3c,5c,0e,ea,27,54,b2,90,51,f4,7b
"{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}"=hex:51,66,7a,6c,4c,1d,38,12,43,d9,34,
04,c0,87,65,0e,d1,13,a1,8d,1e,85,28,eb
"{04A8DD1A-4754-48FE-A703-99846646EF04}"=hex:51,66,7a,6c,4c,1d,38,12,74,de,bb,
00,66,09,90,0d,d8,15,da,c4,63,18,ab,10
"{553318DA-D010-469E-84B1-496563CAE1C0}"=hex:51,66,7a,6c,4c,1d,38,12,b4,1b,20,
51,22,9e,f0,03,fb,a7,0a,25,66,94,a5,d4
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7}"=hex:51,66,7a,6c,4c,1d,38,12,19,c7,a0,
e8,38,54,d3,01,c4,41,3b,b9,ea,bd,0b,b3
"{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}"=hex:51,66,7a,6c,4c,1d,38,12,27,28,80,
ea,f2,9b,77,08,dc,cc,8d,48,4c,7b,c9,f2
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,
f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc
"{4F3ED5CD-0726-42A9-87F5-D13F3D2976AC}"=hex:51,66,7a,6c,4c,1d,38,12,a3,d6,2d,
4b,14,49,c7,07,f8,e3,92,7f,38,77,32,b8
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:39,e5,ad,74,ae,c6,ce,01
.
[HKEY_USERS\S-1-5-21-2387981973-1238528810-796836218-1000\Software\SecuROM\License information*]
"datasecu"=hex:cb,63,b2,88,8d,11,bf,6a,44,7c,9d,7f,d4,e1,28,57,48,5f,c6,2c,79,
84,9a,66,48,1d,0b,db,30,cc,9f,e8,25,87,61,9a,3c,c6,ec,84,e0,ba,f1,2f,1d,ec,\
"rkeysecu"=hex:03,5a,2e,dc,43,e7,e4,e2,f9,ae,16,f7,f2,57,9b,2c
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{722b3793-5367-4446-b6bb-db89b05c1f24}\LocalServer32]
@DACL=(02 0000)
@=expand:"%SystemRoot%\\System32\\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {722b3793-5367-4446-b6bb-db89b05c1f24}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-04-13 20:59:05
ComboFix-quarantined-files.txt 2015-04-13 18:59
ComboFix2.txt 2015-04-11 19:57
.
Vor Suchlauf: 27 Verzeichnis(se), 418.149.904.384 Bytes frei
Nach Suchlauf: 28 Verzeichnis(se), 418.152.644.608 Bytes frei
.
- - End Of File - - 4EAFAB46962FFDED91D1A0625789B8F9
A36C5E4F47E84449FF07ED3517B43A31
|
|
14.04.2015, 10:39
| #9 |
| /// the machine /// TB-Ausbilder | conhost.exe-Prozess unterbricht ausgewähltes Fenster Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
17.04.2015, 19:40
| #10 |
| | conhost.exe-Prozess unterbricht ausgewähltes FensterCode:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 17.04.2015 Suchlauf-Zeit: 19:27:22 Logdatei: mbam.txt Administrator: Ja Version: 2.01.4.1018 Malware Datenbank: v2015.03.09.05 Rootkit Datenbank: v2015.03.31.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Tobias Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 459756 Verstrichene Zeit: 27 Min, 8 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Warnen PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 0 (Keine schädliche Elemente gefunden) Registrierungswerte: 0 (Keine schädliche Elemente gefunden) Registrierungsdaten: 0 (Keine schädliche Elemente gefunden) Ordner: 0 (Keine schädliche Elemente gefunden) Dateien: 1 Backdoor.Bot, C:\Users\Tobias\Downloads\Windows 7 DreamScene Activator - CHIP-Installer.exe, In Quarantäne, [df9a3c07e8a239fda762adc0c040fe02], Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) Code:
ATTFilter # AdwCleaner v4.201 - Bericht erstellt 17/04/2015 um 20:17:59
# Aktualisiert 08/04/2015 von Xplode
# Datenbank : 2015-04-15.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Tobias - TOBIAS-PC
# Gestarted von : C:\Users\Tobias\Downloads\AdwCleaner_4.201 (1).exe
# Option : Suchlauf
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\Windows\System32\roboot64.exe
Ordner Gefunden : C:\Users\Tobias\AppData\Roaming\Solvusoft
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17728
-\\ Mozilla Firefox v7.0.1 (de)
-\\ Google Chrome v42.0.2311.90
-\\ Comodo Dragon v
-\\ Chrome Canary v
*************************
AdwCleaner[R0].txt - [51545 Bytes] - [25/01/2014 12:26:13]
AdwCleaner[R1].txt - [6475 Bytes] - [25/06/2014 13:53:25]
AdwCleaner[R2].txt - [4393 Bytes] - [11/04/2015 22:34:04]
AdwCleaner[R3].txt - [1037 Bytes] - [17/04/2015 20:17:59]
AdwCleaner[S0].txt - [40510 Bytes] - [25/01/2014 12:26:52]
AdwCleaner[S1].txt - [5985 Bytes] - [25/06/2014 13:56:16]
AdwCleaner[S2].txt - [4312 Bytes] - [11/04/2015 22:36:55]
########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1274 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.8 (04.17.2015:1)
OS: Windows 7 Home Premium x64
Ran by Tobias on 17.04.2015 at 20:30:15,43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17.04.2015 at 20:31:59,01
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-04-2015 04
Ran by Tobias (administrator) on TOBIAS-PC on 17-04-2015 20:37:19
Running from C:\Users\Tobias\Downloads
Loaded Profiles: Tobias (Available profiles: Tobias)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Farbar) C:\Users\Tobias\Downloads\FRST64 (3).exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-28] (Realtek Semiconductor)
HKLM\...\Run: [RunDLLEntry] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [5889816 2011-12-07] (Logitech Inc.)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-15] (Logitech Inc.)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2011-09-16] (LogMeIn, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [XFastUsb] => C:\Program Files (x86)\XFastUsb\XFastUsb.exe [4942336 2011-03-22] (FNet Co., Ltd.)
HKLM-x32\...\Run: [CTSyncService] => C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe [1233195 2009-07-08] (Creative Technology Ltd)
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe [241789 2009-05-04] (Creative Technology Ltd)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [619008 2010-05-25] (Nikon Corporation)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-12-15] (CyberLink)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [LGODDFU] => C:\Program Files (x86)\lg_fwupdate\lgfw.exe [27760 2013-02-04] (Bitleader)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [78352 2012-08-27] (cyberlink)
HKU\S-1-5-21-2387981973-1238528810-796836218-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-03-04] (Hewlett-Packard Company)
HKU\S-1-5-21-2387981973-1238528810-796836218-1000\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-08-27] (TomTom)
HKU\S-1-5-21-2387981973-1238528810-796836218-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
ShortcutTarget: Ralink Wireless Utility.lnk -> C:\Program Files (x86)\Ralink\Common\RaUI.exe (Ralink Technology, Corp.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TMMonitor.lnk
ShortcutTarget: TMMonitor.lnk -> C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.)
Startup: C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Tobias\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2387981973-1238528810-796836218-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2387981973-1238528810-796836218-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM -> {22633736-B2C9-4843-8EFD-319E1867AE65} URL = hxxp://www.bing.com/?cc=de
SearchScopes: HKLM-x32 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> {5ED137D3-8CB5-4F0B-95C8-747231816CD2} URL = hxxp://www.bing.com/?cc=de
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2387981973-1238528810-796836218-1000 -> DefaultScope {9760B4B3-1E0E-4b7b-A342-C5FCA4FC60A3} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5480255188&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2387981973-1238528810-796836218-1000 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2387981973-1238528810-796836218-1000 -> {5ED137D3-8CB5-4F0B-95C8-747231816CD2} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
SearchScopes: HKU\S-1-5-21-2387981973-1238528810-796836218-1000 -> {9760B4B3-1E0E-4b7b-A342-C5FCA4FC60A3} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5480255188&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}
BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll [2009-08-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-25] (Oracle Corporation)
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-25] (Oracle Corporation)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-25] (Oracle Corporation)
BHO-x32: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-25] (Oracle Corporation)
BHO-x32: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-02] (Google Inc.)
Toolbar: HKU\.DEFAULT -> No Name - {04A8DD1A-4754-48FE-A703-99846646EF04} - No File
Toolbar: HKU\.DEFAULT -> No Name - {40C3CC16-7269-4B32-9531-17F2950FB06F} - No File
Toolbar: HKU\S-1-5-21-2387981973-1238528810-796836218-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-2387981973-1238528810-796836218-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: HKLM {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-02] (Google Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\5kqzl4du.default
FF NewTab: about:newtab
FF Homepage: about:home
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\system32\npDeployJava1.dll [2013-10-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-25] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2012-06-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Windows\SysWOW64\npdeployJava1.dll [2015-01-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-25] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-04-08] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-04-08] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2387981973-1238528810-796836218-1000: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF Plugin HKU\S-1-5-21-2387981973-1238528810-796836218-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Tobias\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-2387981973-1238528810-796836218-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Tobias\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File
FF Plugin HKU\S-1-5-21-2387981973-1238528810-796836218-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-11-09] ()
FF SearchPlugin: C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\5kqzl4du.default\searchplugins\search_the_web.xml [2013-07-17]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-06-23]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-03]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-10-22]
FF Extension: No Name - C:\Program Files (x86)\AmiExt\flashEnhancer\ff [Not Found]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR StartupUrls: Default -> "https://www.google.de/"
CHR Profile: C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-11]
CHR Extension: (Google Docs) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-11]
CHR Extension: (Google Drive) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-11]
CHR Extension: (YouTube) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-11]
CHR Extension: (GeoGebra) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnbaboaihhkjoaolfnfoablhllahjnee [2014-09-11]
CHR Extension: (Adblock Plus) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-07-20]
CHR Extension: (Google Search) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-11]
CHR Extension: (Google Sheets) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-11]
CHR Extension: (AdBlock) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-07-20]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
CHR Extension: (Gmail) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-11]
CHR HKU\S-1-5-21-2387981973-1238528810-796836218-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [oolkekjjhnaeaahibbnfebmogackofpf] - C:\Users\Tobias\AppData\Local\CRE\oolkekjjhnaeaahibbnfebmogackofpf.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [oolkekjjhnaeaahibbnfebmogackofpf] - C:\Users\Tobias\AppData\Local\CRE\oolkekjjhnaeaahibbnfebmogackofpf.crx [Not Found]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [243728 2012-08-27] (CyberLink)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2011-03-22] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2011-03-22] (Creative Labs) [File not signed]
S2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [File not signed]
S2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-28] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed]
S4 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2014-07-21] (LogMeIn, Inc.)
S4 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2011-09-16] (LogMeIn, Inc.)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-28] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-03-01] (Electronic Arts)
S2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-11-24] ()
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-06-05] ()
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-07-02] () [File not signed]
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP2a\RpcAgentSrv.exe [72344 2008-05-19] (SiSoftware) [File not signed]
S3 Sound Blaster X-Fi MB Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [79360 2011-03-22] (Creative Labs) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2011-09-05] ()
S3 Cardex; C:\Windows\SysWOW64\drivers\TBPANELX64.SYS [15648 2007-03-16] (Windows (R) Server 2003 DDK provider)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [31808 2011-03-22] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2011-03-22] (FNet Co., Ltd.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-01-25] ()
S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [113280 2012-02-19] (ITE )
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2011-09-05] ()
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-31] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-28] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 SaiK1705; C:\Windows\System32\DRIVERS\SaiK1705.sys [180584 2012-09-20] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
R3 SaiU1705; C:\Windows\System32\DRIVERS\SaiU1705.sys [47208 2012-09-20] (Saitek)
S3 TBPanel; No ImagePath
R0 tclondrv; C:\Windows\System32\DRIVERS\tclondrv.sys [26856 2011-10-19] (TuneClone Software)
R1 vmm; C:\Windows\system32\Treiber\vmm.sys [296816 2007-02-18] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz132; \??\C:\Users\Tobias\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [X]
S3 cpuz136; \??\C:\Users\Tobias\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-17 20:33 - 2015-04-17 20:34 - 02097664 _____ (Farbar) C:\Users\Tobias\Downloads\FRST64 (3).exe
2015-04-17 20:31 - 2015-04-17 20:31 - 00000601 _____ () C:\Users\Tobias\Desktop\JRT.txt
2015-04-17 20:28 - 2015-04-17 20:28 - 02686254 _____ (Thisisu) C:\Users\Tobias\Downloads\JRT (3).exe
2015-04-17 20:24 - 2015-04-17 20:27 - 00001355 _____ () C:\Users\Tobias\Desktop\Adw.txt
2015-04-17 20:17 - 2015-04-17 20:17 - 02217984 _____ () C:\Users\Tobias\Downloads\AdwCleaner_4.201 (1).exe
2015-04-17 19:56 - 2015-04-17 19:56 - 00001316 _____ () C:\Users\Tobias\Desktop\mbam.txt
2015-04-17 19:24 - 2015-04-17 19:26 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Tobias\Downloads\mbam-setup-2.1.4.1018 (1).exe
2015-04-16 17:51 - 2015-04-16 17:51 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2015-04-15 11:04 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 11:04 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 11:04 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 11:04 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 11:04 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 11:04 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 11:04 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 11:04 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 11:04 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 11:04 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 11:04 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 11:04 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-15 11:04 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-15 11:04 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-15 11:04 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-15 11:04 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-15 11:04 - 2015-03-23 05:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 11:04 - 2015-03-23 05:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 11:04 - 2015-03-23 05:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 11:04 - 2015-03-23 05:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-15 11:04 - 2015-03-23 05:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 11:04 - 2015-03-23 05:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-15 11:04 - 2015-03-23 05:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 11:04 - 2015-03-23 05:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-15 11:04 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 11:04 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-15 11:04 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-15 11:04 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-15 11:04 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 11:04 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-15 11:04 - 2015-01-31 05:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-04-15 11:04 - 2015-01-31 05:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-04-15 11:04 - 2015-01-31 01:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-04-15 11:03 - 2015-04-02 02:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-15 11:03 - 2015-04-02 01:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-15 11:03 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 11:03 - 2015-03-17 07:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-15 11:03 - 2015-03-17 07:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-15 11:03 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 11:03 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-15 11:03 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-15 11:03 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-15 11:03 - 2015-03-17 07:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-15 11:03 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-15 11:03 - 2015-03-17 07:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-15 11:03 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-15 11:03 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-15 11:03 - 2015-03-17 07:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-15 11:03 - 2015-03-17 07:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-15 11:03 - 2015-03-17 07:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-15 11:03 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-15 11:03 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-15 11:03 - 2015-03-17 07:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-15 11:03 - 2015-03-17 07:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-15 11:03 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-15 11:03 - 2015-03-17 07:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-15 11:03 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-15 11:03 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-15 11:03 - 2015-03-17 07:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-15 11:03 - 2015-03-17 07:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-15 11:03 - 2015-03-17 07:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-15 11:03 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-15 11:03 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-15 11:03 - 2015-03-17 07:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-15 11:03 - 2015-03-17 07:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-15 11:03 - 2015-03-17 07:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-15 11:03 - 2015-03-17 07:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-15 11:03 - 2015-03-17 07:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-15 11:03 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-15 11:03 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-15 11:03 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-15 11:03 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-15 11:03 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-15 11:03 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-15 11:03 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-15 11:03 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-15 11:03 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-15 11:03 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-15 11:03 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-15 11:03 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-15 11:03 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-15 11:03 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-15 11:03 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-15 11:03 - 2015-03-17 06:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-15 11:03 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-15 11:03 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-15 11:03 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-15 11:03 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-15 11:03 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-15 11:03 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-15 11:03 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-15 11:03 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-15 11:03 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-15 11:03 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-15 11:03 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-15 11:03 - 2015-03-13 06:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 11:03 - 2015-03-13 06:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-15 11:03 - 2015-03-13 06:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-15 11:03 - 2015-03-13 06:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-15 11:03 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 11:03 - 2015-03-13 05:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-15 11:03 - 2015-03-13 05:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-15 11:03 - 2015-03-13 05:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-15 11:03 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-15 11:03 - 2015-03-13 05:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-15 11:03 - 2015-03-13 05:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 11:03 - 2015-03-13 05:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-15 11:03 - 2015-03-13 05:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-15 11:03 - 2015-03-13 05:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-15 11:03 - 2015-03-13 05:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 11:03 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-15 11:03 - 2015-03-13 05:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-15 11:03 - 2015-03-13 05:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-15 11:03 - 2015-03-13 05:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-15 11:03 - 2015-03-13 05:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-15 11:03 - 2015-03-13 05:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-15 11:03 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-15 11:03 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 11:03 - 2015-03-13 05:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-15 11:03 - 2015-03-13 05:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 11:03 - 2015-03-13 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-15 11:03 - 2015-03-13 04:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-15 11:03 - 2015-03-13 04:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-15 11:03 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-15 11:03 - 2015-03-13 04:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-15 11:03 - 2015-03-13 04:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-15 11:03 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-15 11:03 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 11:03 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-15 11:03 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-15 11:03 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-15 11:03 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-15 11:03 - 2014-12-11 19:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-04-15 11:02 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 11:02 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 11:02 - 2015-03-13 06:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 11:02 - 2015-03-13 06:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-15 11:02 - 2015-03-13 06:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 11:02 - 2015-03-13 05:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 11:02 - 2015-03-13 05:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 11:02 - 2015-03-13 05:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-15 11:02 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 11:02 - 2015-03-13 05:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 11:02 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-15 11:02 - 2015-03-13 05:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-15 11:02 - 2015-03-13 05:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-15 11:02 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 11:02 - 2015-03-13 05:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-15 11:02 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 11:02 - 2015-03-13 04:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-15 11:02 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-15 11:02 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 11:02 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-15 11:00 - 2014-09-05 04:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-04-15 11:00 - 2014-09-05 03:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-04-15 10:58 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 10:58 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 10:58 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-14 18:52 - 2015-04-08 22:32 - 00560968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-04-14 18:49 - 2015-04-09 02:58 - 30397072 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-04-14 18:49 - 2015-04-09 02:58 - 25375048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-04-14 18:49 - 2015-04-09 02:58 - 24053576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-04-14 18:49 - 2015-04-09 02:58 - 15818528 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-04-14 18:49 - 2015-04-09 02:58 - 15716232 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-04-14 18:49 - 2015-04-09 02:58 - 14006752 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-04-14 18:49 - 2015-04-09 02:58 - 12852784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-04-14 18:49 - 2015-04-09 02:58 - 11380728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-04-14 18:49 - 2015-04-09 02:58 - 10423952 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-04-14 18:49 - 2015-04-09 02:58 - 02935416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-04-14 18:49 - 2015-04-09 02:58 - 02896528 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-04-14 18:49 - 2015-04-09 02:58 - 02573456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-04-14 18:49 - 2015-04-09 02:58 - 01895568 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435012.dll
2015-04-14 18:49 - 2015-04-09 02:58 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435012.dll
2015-04-14 18:49 - 2015-04-09 02:58 - 01086424 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-04-14 18:49 - 2015-04-09 02:58 - 01047368 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-04-14 18:49 - 2015-04-09 02:58 - 01037640 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-04-14 18:49 - 2015-04-09 02:58 - 00970568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-04-14 18:49 - 2015-04-09 02:58 - 00962192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-04-14 18:49 - 2015-04-09 02:58 - 00927440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-04-14 18:49 - 2015-04-09 02:58 - 00499344 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-04-14 18:49 - 2015-04-09 02:58 - 00402576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-04-14 18:49 - 2015-04-09 02:58 - 00390472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-04-14 18:49 - 2015-04-09 02:58 - 00346256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-04-14 18:49 - 2015-04-09 02:58 - 00175880 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-04-14 18:49 - 2015-04-09 02:58 - 00154256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-04-14 18:49 - 2015-04-09 02:58 - 00150648 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-04-14 18:49 - 2015-04-09 02:58 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-04-14 18:33 - 2015-04-14 18:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-04-14 18:32 - 2015-04-14 18:33 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-04-14 18:32 - 2015-04-14 18:33 - 00000000 ____D () C:\Program Files\iTunes
2015-04-14 18:32 - 2015-04-14 18:32 - 00000000 ____D () C:\Program Files\iPod
2015-04-14 18:32 - 2015-04-14 18:32 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-04-14 18:25 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2015-04-14 18:25 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-04-14 18:25 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-04-14 18:25 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2015-04-14 18:25 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2015-04-14 18:25 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-04-14 18:25 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2015-04-14 18:25 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-04-14 18:25 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2015-04-14 18:25 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2015-04-14 18:25 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-04-14 18:25 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-04-14 18:25 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-04-14 18:25 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-04-14 18:25 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-04-14 18:22 - 2012-08-23 16:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-04-14 18:22 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2015-04-14 18:22 - 2012-08-23 12:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2015-04-13 20:59 - 2015-04-13 20:59 - 00038693 _____ () C:\ComboFix.txt
2015-04-13 20:50 - 2015-04-13 20:50 - 05617275 ____R (Swearware) C:\Users\Tobias\Desktop\ComboFix.exe
2015-04-13 20:50 - 2015-04-13 20:50 - 05617275 _____ (Swearware) C:\Users\Tobias\Downloads\ComboFix.exe
2015-04-13 20:45 - 2015-04-13 20:47 - 05617275 ____N (Swearware) C:\Users\Tobias\Downloads\ComboFix (1).exe
2015-04-13 14:15 - 2015-04-13 14:17 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Tobias\Downloads\tdsskiller (1).exe
2015-04-13 13:32 - 2015-04-13 13:34 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Tobias\Downloads\mbar-1.09.1.1004 (1).exe
2015-04-12 17:49 - 2015-04-12 17:49 - 00058161 _____ () C:\Users\Tobias\Desktop\Addition.txt
2015-04-12 17:49 - 2015-04-12 17:49 - 00052435 _____ () C:\Users\Tobias\Desktop\FRST.txt
2015-04-12 17:48 - 2015-04-12 17:48 - 02096640 _____ (Farbar) C:\Users\Tobias\Downloads\FRST64 (2).exe
2015-04-12 17:48 - 2015-04-12 17:48 - 02096640 _____ (Farbar) C:\Users\Tobias\Desktop\FRST64 (2).exe
2015-04-12 16:44 - 2015-04-12 16:44 - 00000000 ____D () C:\Users\Tobias\Desktop\Neuer Ordner
2015-04-12 16:43 - 2015-04-12 16:43 - 00380416 _____ () C:\Users\Tobias\Downloads\Gmer-19357.exe
2015-04-12 16:40 - 2015-04-12 16:40 - 02095616 _____ (Farbar) C:\Users\Tobias\Downloads\FRST64 (1).exe
2015-04-12 16:38 - 2015-04-12 16:39 - 00000246 _____ () C:\Users\Tobias\Downloads\defogger_enable.log
2015-04-12 16:37 - 2015-04-12 16:39 - 00000474 _____ () C:\Users\Tobias\Downloads\defogger_disable.log
2015-04-12 16:37 - 2015-04-12 16:37 - 00050477 _____ () C:\Users\Tobias\Downloads\Defogger.exe
2015-04-12 16:24 - 2015-04-12 16:25 - 03894696 _____ (solvusoft Corporation ) C:\Users\Tobias\Downloads\Setup_WinThruster_2015.exe
2015-04-11 22:47 - 2015-04-11 22:47 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-TOBIAS-PC-Windows-7-Home-Premium-(64-bit).dat
2015-04-11 22:47 - 2015-04-11 22:47 - 00000000 ____D () C:\RegBackup
2015-04-11 22:46 - 2015-04-11 22:47 - 02686959 _____ (Thisisu) C:\Users\Tobias\Downloads\JRT (2).exe
2015-04-11 22:33 - 2015-04-11 22:33 - 02217984 _____ () C:\Users\Tobias\Downloads\AdwCleaner_4.201.exe
2015-04-11 22:01 - 2015-04-17 19:26 - 00001108 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-11 22:01 - 2015-04-17 19:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-04-11 22:01 - 2015-04-17 19:26 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-04-11 22:01 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-11 22:01 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-11 21:59 - 2015-04-11 22:00 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Tobias\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-11 21:35 - 2015-04-13 20:59 - 00000000 ____D () C:\Qoobox
2015-04-11 21:35 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-04-11 21:35 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-11 21:35 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-04-11 21:35 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-11 21:35 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-11 21:35 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-11 21:35 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-11 21:35 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-11 21:34 - 2015-04-11 21:56 - 00000000 ____D () C:\Windows\erdnt
2015-04-11 21:30 - 2015-04-11 21:30 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Tobias\Downloads\tdsskiller.exe
2015-04-11 20:46 - 2015-04-17 19:26 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-11 20:46 - 2015-04-13 14:14 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-04-11 20:45 - 2015-04-13 14:14 - 00000000 ____D () C:\Users\Tobias\Desktop\mbar
2015-04-11 20:45 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-11 20:44 - 2015-04-11 20:45 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Tobias\Downloads\mbar-1.09.1.1004.exe
2015-04-11 20:43 - 2015-04-11 20:43 - 00065554 _____ () C:\Users\Tobias\Downloads\Addition.txt
2015-04-11 20:42 - 2015-04-17 20:37 - 00029233 _____ () C:\Users\Tobias\Downloads\FRST.txt
2015-04-11 20:42 - 2015-04-17 20:37 - 00000000 ____D () C:\FRST
2015-04-11 20:41 - 2015-04-11 20:41 - 02095616 _____ (Farbar) C:\Users\Tobias\Downloads\FRST64.exe
2015-04-08 02:02 - 2015-04-08 02:02 - 00307200 _____ () C:\Users\Tobias\AppData\Local\5D515C96_stp.CIS
2015-04-08 02:02 - 2015-04-08 02:02 - 00000220 _____ () C:\Users\Tobias\AppData\Local\5D515C96_stp.CIS.part
2015-04-06 15:42 - 2015-04-06 15:42 - 00000000 ____D () C:\temp
2015-04-06 15:40 - 2015-04-09 02:58 - 00029329 _____ () C:\Windows\system32\nvinfo.pb
2015-04-06 15:40 - 2015-03-13 21:41 - 01896136 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434788.dll
2015-04-06 15:40 - 2015-03-13 21:41 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434788.dll
2015-04-06 02:56 - 2015-04-06 02:56 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-06 02:56 - 2015-04-06 02:56 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-05 19:10 - 2015-04-05 19:10 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\.mono
2015-04-05 19:10 - 2015-04-05 19:10 - 00000000 ____D () C:\Users\Tobias\AppData\Local\Colossal Order
2015-04-05 19:10 - 2015-04-05 19:10 - 00000000 ____D () C:\ProgramData\.mono
2015-04-05 18:33 - 2015-04-05 18:33 - 00000222 _____ () C:\Users\Tobias\Desktop\Cities Skylines.url
2015-03-25 23:03 - 2015-03-25 23:03 - 00000000 ____D () C:\Users\Tobias\Desktop\2015-03-25 Scan 2
2015-03-25 23:02 - 2015-03-25 23:02 - 00000000 ____D () C:\Users\Tobias\Desktop\2015-03-25 Scan 1
2015-03-23 19:24 - 2015-03-23 19:24 - 00000845 _____ () C:\Users\Tobias\AppData\Local\recently-used.xbel
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-17 20:37 - 2009-07-14 06:45 - 00023520 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-17 20:37 - 2009-07-14 06:45 - 00023520 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-17 20:26 - 2011-10-12 21:08 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{19B58C30-1D25-4CDA-88D5-F3956277D39E}
2015-04-17 20:26 - 2011-09-05 02:36 - 01149854 _____ () C:\Windows\WindowsUpdate.log
2015-04-17 20:23 - 2014-08-28 20:35 - 00000000 ___RD () C:\Users\Tobias\Dropbox
2015-04-17 20:23 - 2014-08-28 20:01 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\Dropbox
2015-04-17 20:23 - 2014-05-20 16:50 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-17 20:22 - 2013-02-04 17:14 - 00000343 _____ () C:\Windows\lgfwup.ini
2015-04-17 20:21 - 2013-02-04 17:14 - 00000000 ____D () C:\Program Files (x86)\lg_fwupdate
2015-04-17 20:21 - 2012-02-19 20:13 - 00000098 _____ () C:\monitor.log
2015-04-17 20:21 - 2012-02-14 22:56 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-17 20:21 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-17 20:21 - 2009-07-14 06:51 - 00272642 _____ () C:\Windows\setupact.log
2015-04-17 20:20 - 2014-01-25 12:26 - 00000000 ____D () C:\AdwCleaner
2015-04-17 20:20 - 2011-03-22 02:08 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-17 20:20 - 2011-03-22 01:45 - 00744610 _____ () C:\Windows\PFRO.log
2015-04-17 20:19 - 2012-02-14 22:56 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-17 20:02 - 2009-07-14 19:58 - 00701134 _____ () C:\Windows\system32\perfh007.dat
2015-04-17 20:02 - 2009-07-14 19:58 - 00150314 _____ () C:\Windows\system32\perfc007.dat
2015-04-17 20:02 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-17 19:22 - 2012-06-05 19:32 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-17 18:46 - 2012-08-14 21:41 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2387981973-1238528810-796836218-1000UA.job
2015-04-16 21:46 - 2012-08-14 21:41 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2387981973-1238528810-796836218-1000Core.job
2015-04-16 17:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-16 17:45 - 2014-12-10 20:14 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-16 17:45 - 2014-04-30 11:17 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-16 17:45 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-16 00:11 - 2011-09-20 17:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-16 00:10 - 2011-09-20 19:17 - 01597976 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-16 00:07 - 2013-08-14 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 23:58 - 2011-09-22 18:43 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-15 19:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-04-15 16:24 - 2014-05-20 16:50 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-15 16:24 - 2014-05-20 16:50 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-15 16:24 - 2011-09-20 16:52 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-15 15:21 - 2013-11-07 15:00 - 00002181 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-15 09:43 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-14 18:53 - 2012-11-19 13:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-04-14 18:33 - 2014-05-20 17:04 - 00001759 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-04-14 18:32 - 2014-05-21 18:18 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-04-13 20:57 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-04-12 16:46 - 2011-09-06 20:12 - 00000000 ____D () C:\Users\Tobias\AppData\Local\CrashDumps
2015-04-12 16:39 - 2011-09-04 19:48 - 00000000 ____D () C:\Users\Tobias
2015-04-11 22:37 - 2014-06-23 14:05 - 00000000 ____D () C:\Windows\system32\log
2015-04-11 22:27 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\L2Schemas
2015-04-11 21:57 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-04-11 21:47 - 2012-08-20 19:35 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\convert
2015-04-11 20:46 - 2014-01-25 12:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-10 12:43 - 2014-08-28 20:35 - 00001029 _____ () C:\Users\Tobias\Desktop\Dropbox.lnk
2015-04-10 12:43 - 2014-08-28 20:05 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-10 03:08 - 2012-08-14 19:35 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\Skype
2015-04-09 02:58 - 2014-11-19 22:18 - 14617288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-04-09 02:58 - 2014-08-19 22:15 - 31570064 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-04-09 02:58 - 2014-08-19 22:15 - 17176128 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-04-09 02:58 - 2014-08-19 22:14 - 12689592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-04-09 02:58 - 2014-08-19 22:14 - 03317344 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-04-08 23:30 - 2011-01-13 23:02 - 06841488 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-04-08 23:30 - 2011-01-13 23:02 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-04-08 23:30 - 2011-01-13 23:02 - 00936264 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-04-08 23:30 - 2011-01-13 23:02 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-04-08 23:30 - 2011-01-13 23:02 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-04-08 23:30 - 2011-01-13 23:01 - 03478344 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-04-08 19:52 - 2012-11-18 23:45 - 04336074 _____ () C:\Windows\system32\nvcoproc.bin
2015-04-07 18:16 - 2014-03-31 21:44 - 00011950 _____ () C:\Users\Tobias\Documents\TombRaider.log
2015-04-06 15:41 - 2011-03-22 02:07 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-04-05 22:34 - 2013-09-02 15:19 - 00001383 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
2015-03-28 05:44 - 2014-06-03 11:42 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-03-28 05:44 - 2013-12-09 22:14 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-03-28 05:43 - 2014-06-03 11:42 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-03-28 05:43 - 2013-12-09 22:14 - 01570672 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-03-23 22:22 - 2012-01-03 20:55 - 00000000 ____D () C:\Users\Tobias\Documents\Schule
2015-03-23 20:25 - 2012-06-23 22:24 - 00000000 ____D () C:\Users\Tobias\.gimp-2.8
2015-03-23 15:04 - 2015-02-06 15:16 - 00001247 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2015-03-23 15:04 - 2015-02-06 15:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-03-23 15:04 - 2015-02-06 15:14 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2015-03-23 15:02 - 2015-02-06 15:14 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack
2015-03-23 15:02 - 2011-11-14 17:02 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\DVDVideoSoft
==================== Files in the root of some directories =======
2013-08-13 23:25 - 2013-08-13 23:35 - 4188160 _____ () C:\Program Files (x86)\GUT3D69.tmp
2013-08-13 23:31 - 2013-08-13 23:35 - 4188160 _____ () C:\Program Files (x86)\GUT7CF8.tmp
2011-12-25 01:00 - 2011-12-25 01:00 - 0000268 ___RH () C:\Users\Tobias\AppData\Roaming\BookService
2011-12-25 01:00 - 2011-12-25 01:00 - 0000268 ___RH () C:\Users\Tobias\AppData\Roaming\Booms
2011-12-25 01:00 - 2011-12-25 01:00 - 0000268 ___RH () C:\Users\Tobias\AppData\Roaming\Breath Pad
2014-05-27 21:59 - 2014-08-31 21:29 - 14155776 _____ () C:\Users\Tobias\AppData\Roaming\Sandra.mdb
2013-08-15 17:14 - 2014-01-25 02:14 - 0000179 _____ () C:\Users\Tobias\AppData\Roaming\WB.CFG
2013-08-17 01:14 - 2014-01-03 01:49 - 0000005 _____ () C:\Users\Tobias\AppData\Roaming\WBPU-Q5-TTL.DAT
2013-08-15 17:14 - 2014-01-25 02:14 - 0000005 _____ () C:\Users\Tobias\AppData\Roaming\WBPU-TTL.DAT
2015-04-08 02:02 - 2015-04-08 02:02 - 0307200 _____ () C:\Users\Tobias\AppData\Local\5D515C96_stp.CIS
2015-04-08 02:02 - 2015-04-08 02:02 - 0000220 _____ () C:\Users\Tobias\AppData\Local\5D515C96_stp.CIS.part
2015-03-23 19:24 - 2015-03-23 19:24 - 0000845 _____ () C:\Users\Tobias\AppData\Local\recently-used.xbel
2011-09-04 23:16 - 2014-12-17 17:01 - 0007622 _____ () C:\Users\Tobias\AppData\Local\Resmon.ResmonCfg
2011-12-25 01:00 - 2011-12-25 01:00 - 0000268 ___RH () C:\ProgramData\Bubble Noise
2011-12-25 01:00 - 2011-12-25 01:00 - 0000268 ___RH () C:\ProgramData\Bundle
2011-12-25 01:00 - 2011-12-25 01:00 - 0000268 ___RH () C:\ProgramData\CIOSupport
2011-12-25 01:00 - 2011-12-25 01:00 - 0000012 ___RH () C:\ProgramData\Clips
2011-12-25 01:00 - 2011-12-25 01:00 - 0000012 ___RH () C:\ProgramData\Colors
2011-12-25 01:00 - 2011-12-25 01:00 - 0000012 ___RH () C:\ProgramData\ColorSync
2014-12-07 12:14 - 2015-02-02 00:03 - 0003868 _____ () C:\ProgramData\flcd_proxy.log
2011-12-25 01:00 - 2012-01-10 18:05 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2011-12-25 01:00 - 2012-07-30 11:35 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2011-12-25 01:00 - 2011-12-25 01:00 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT
Some content of TEMP:
====================
C:\Users\Tobias\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgmfcbk.dll
C:\Users\Tobias\AppData\Local\Temp\Quarantine.exe
C:\Users\Tobias\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-15 18:46
==================== End Of Log ============================
--- --- --- --- --- --- Zudem habe ich festgestellt, dass dieses Problem oft beim starten vom Spiel Isaac Rebirth entsteht. |
|
18.04.2015, 19:45
| #11 |
| /// the machine /// TB-Ausbilder | conhost.exe-Prozess unterbricht ausgewähltes Fenster Spiel neu installieren. ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
21.04.2015, 13:06
| #12 |
| | conhost.exe-Prozess unterbricht ausgewähltes FensterCode:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=4f6e500feb048448b5fada6a75dfd87f
# engine=23474
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-04-20 05:09:19
# local_time=2015-04-20 07:09:19 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 5862188 123730969 0 0
# scanned=217694
# found=70
# cleaned=0
# scan_time=8714
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir"
sh=F4687F26FB5F90F12B444867597F3C32F765B35F ft=1 fh=512b5a55375d865d vn="Win32/Toolbar.Conduit.T evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\ValueApps\IE\ValueAppsLoader.dll.vir"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DVDVideoSoftTB_DE\DVDVideoSoftTB_DEToolbarHelper.exe.vir"
sh=A1280B1F085B8284DC157EC359BD1ADA091CFE7E ft=1 fh=d8aa3384d1249a40 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DVDVideoSoftTB_DE\ldrtbDVDV.dll.vir"
sh=A2D929A9864513C0E8ED84AAD622EF6ADCC9B950 ft=1 fh=22c06217fc444ec5 vn="Win32/Toolbar.Conduit.O evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll.vir"
sh=92E84D2216A7763D580E42FA2493CCF67D0D0560 ft=1 fh=e8efc42494afd9f6 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DVDVideoSoftTB_DE\tbDVDV.dll.vir"
sh=C58417722C0B741EA8D55D06914E692180900885 ft=1 fh=f4976c33c2ff8570 vn="Win32/Toolbar.Conduit.V evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DVDvideoSoft_2.0\DVDvideoSoft_2.0ToolbarHelper1.exe.vir"
sh=1B37BEC7610109F594112CFB3D31145270C9B448 ft=1 fh=40977a3eb07e85f1 vn="Variante von Win64/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DVDvideoSoft_2.0\hk64tbDVD0.dll.vir"
sh=34FF8E2D281CBFECE71100A04C0FF4436818382E ft=1 fh=7b66b1ed06cb1b80 vn="Variante von Win64/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DVDvideoSoft_2.0\hk64tbDVDv.dll.vir"
sh=D0ED81A632CE3D57C8B76105DA25F471D47B3E75 ft=1 fh=fc399cefd8e91d81 vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DVDvideoSoft_2.0\hktbDVD0.dll.vir"
sh=AE7B8F3BB6E040CE20B02DE558471FAA4C58386E ft=1 fh=6a41a8d0046fd7b4 vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DVDvideoSoft_2.0\hktbDVDv.dll.vir"
sh=2AA1E2644D392689B767F9208ABD40C8CF9A0830 ft=1 fh=6a69b43ed4700d25 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DVDvideoSoft_2.0\ldrtbDVD0.dll.vir"
sh=87BE5F13318AC3BA3F403A73E332E1784304C21D ft=1 fh=3e5cd6b65c184efc vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DVDvideoSoft_2.0\ldrtbDVDv.dll.vir"
sh=0B45EC8E2036288E625AE32992123A2D5671BF64 ft=1 fh=fead49227adafa68 vn="Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DVDvideoSoft_2.0\prxtbDVD0.dll.vir"
sh=2647A8D25068D715D97EE42DCB86CF9AA55946BC ft=1 fh=5fd80ae6b91e806a vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DVDvideoSoft_2.0\prxtbDVDv.dll.vir"
sh=9D2D4D6F4434A89BCEEE7132C24890550E01479C ft=1 fh=2a05e04e6030aaf6 vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DVDvideoSoft_2.0\tbDVD0.dll.vir"
sh=1E6279D9317A709616211812CCA5AB8B26EB4AB2 ft=1 fh=dd2582521ac42eea vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DVDvideoSoft_2.0\tbDVDv.dll.vir"
sh=22F68386A23A0857CB2E5051663F8F137C56A41E ft=1 fh=e72604c0c30fc4aa vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\DaemonProcess.exe.vir"
sh=7955D4D408EB3BBEE6A1E6D83411BA2E2307618B ft=1 fh=897e4b8880d16df5 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\Mobogenie.exe.vir"
sh=64F47A7189337A93E0CA4ABA2CA541BFC2EE0703 ft=0 fh=0000000000000000 vn="Variante von Android/Mobserv.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\MUServer.apk.vir"
sh=8E6A6992A3C7FEC4000FA1A4D764DD597109E0B5 ft=1 fh=c71c0011cd00713e vn="Win32/NextLive.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\nengine.dll.vir"
sh=D941B5F95177A5E3EDAC37ACB17EE8ADE5128DC1 ft=1 fh=090bc512018acff9 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\UpdateMoboGenie.exe.vir"
sh=C2D03B5ECA61D4162E72AEDB4DE06ADF32C29167 ft=1 fh=872ffd8282d31593 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Components\NCHToolbars\conduit\ConduitInstaller.exe.vir"
sh=3E528BF4BF06F3491D6D62CB756FACD726252E87 ft=1 fh=fdc38ff3be82d55a vn="Variante von Win32/Conduit.SearchProtect.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\bin\ChromeModule.dll.vir"
sh=FD93CCAEBA15517CE2171A1637BC837D393ADE8E ft=1 fh=fe17121cad1ff256 vn="Variante von Win32/Conduit.SearchProtect.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\bin\cltmng.exe.vir"
sh=77448BD92178191EF5A4D6A6A0A7FB1B8B45F3B8 ft=1 fh=270e4b58be3d8987 vn="Win32/Conduit.SearchProtect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\bin\CltMngSvc.exe.vir"
sh=6DC7867B24FA6111D0C6F71D4356B2EBC5C2C876 ft=1 fh=6a49d7d1db4b2cc3 vn="Variante von Win32/Conduit.SearchProtect.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\bin\FirefoxModule.dll.vir"
sh=CDB2DB2021C21556EB82F4316978B0382329809A ft=1 fh=0ce4d20c39ddf5b9 vn="Variante von Win32/Conduit.SearchProtect.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\bin\InternetExplorerModule.dll.vir"
sh=76A69E2AF9F1BAC40D8D9FE128364894CA2E9F08 ft=1 fh=004b198f29fb0ef4 vn="Variante von Win32/Conduit.SearchProtect.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\bin\SPHook32.dll.vir"
sh=FC96B1F32B9320881BA847B4B84AF0EF096CB99D ft=1 fh=e2b5ce1f1ae776f7 vn="Win32/Conduit.SearchProtect.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\bin\SPRunner.exe.vir"
sh=8202466E1DE3A815AB172AFF4383E4BD94278DCF ft=1 fh=89f70014390bbe76 vn="Win32/Conduit.SearchProtect.S evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\bin\uninstall.exe.vir"
sh=066797D487BA448FB1D401E34564FB93E2B2D910 ft=1 fh=e79164173f74db79 vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir"
sh=A1280B1F085B8284DC157EC359BD1ADA091CFE7E ft=1 fh=d8aa3384d1249a40 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Winload\ldrtbWinl.dll.vir"
sh=A2D929A9864513C0E8ED84AAD622EF6ADCC9B950 ft=1 fh=22c06217fc444ec5 vn="Win32/Toolbar.Conduit.O evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Winload\prxtbWinl.dll.vir"
sh=92E84D2216A7763D580E42FA2493CCF67D0D0560 ft=1 fh=e8efc42494afd9f6 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Winload\tbWinl.dll.vir"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Winload\WinloadToolbarHelper.exe.vir"
sh=813F99C162730B22A391A287FA9BA6A954C2977C ft=1 fh=545f8627a3352333 vn="Variante von Win32/Adware.Yontoo.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Yontoo\YontooIEClient.dll.vir"
sh=AEC860E4CDE64D747F215B83C8DE70EE0EBCB3A0 ft=1 fh=cde73a4bb58c0fe9 vn="Variante von Win32/Adware.Yontoo.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir"
sh=FDF652F803592E6840E076A89A19BF655686B8A8 ft=1 fh=de76e936397b25d2 vn="Variante von Win32/Adware.Yontoo.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\_Setupx.dll.vir"
sh=BACADE5603A6B6124DAC4F95C23701D820861DDC ft=1 fh=c71c0011b4f86534 vn="Variante von Win32/ELEX.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WPM\wprotectmanager.exe.vir"
sh=03211D12CD41802DF2EC6AA54AB53085378AF041 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eilnchcpoologanbfpgdpaalmcknbepj\2.1\OH_37oM9.js.vir"
sh=03211D12CD41802DF2EC6AA54AB53085378AF041 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eilnchcpoologanbfpgdpaalmcknbepj\2.1\OH_37oM9.js.vir"
sh=03211D12CD41802DF2EC6AA54AB53085378AF041 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\eilnchcpoologanbfpgdpaalmcknbepj\2.1\OH_37oM9.js.vir"
sh=03211D12CD41802DF2EC6AA54AB53085378AF041 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eilnchcpoologanbfpgdpaalmcknbepj\2.1\OH_37oM9.js.vir"
sh=03211D12CD41802DF2EC6AA54AB53085378AF041 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\eilnchcpoologanbfpgdpaalmcknbepj\2.1\OH_37oM9.js.vir"
sh=03211D12CD41802DF2EC6AA54AB53085378AF041 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\torch\User Data\Default\Extensions\eilnchcpoologanbfpgdpaalmcknbepj\2.1\OH_37oM9.js.vir"
sh=03211D12CD41802DF2EC6AA54AB53085378AF041 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eilnchcpoologanbfpgdpaalmcknbepj\2.1\OH_37oM9.js.vir"
sh=03211D12CD41802DF2EC6AA54AB53085378AF041 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\eilnchcpoologanbfpgdpaalmcknbepj\2.1\OH_37oM9.js.vir"
sh=03211D12CD41802DF2EC6AA54AB53085378AF041 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\eilnchcpoologanbfpgdpaalmcknbepj\2.1\OH_37oM9.js.vir"
sh=43A205985790C47A7E611FA2D3CAB9B4EB59121F ft=1 fh=5bd497922ffc5928 vn="Variante von Win32/Toolbar.Babylon.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tobias\AppData\Local\Babylon\Setup\BExternal.dll.vir"
sh=69FDC602A51E52C603F23A80E9B087C262DCE940 ft=1 fh=cab0049ca6613a48 vn="Variante von Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tobias\AppData\Local\Babylon\Setup\IECookieLow.dll.vir"
sh=3A9D7D4639B5EB8BEC42DF972C44493690EAADFC ft=1 fh=b8a59cf28e1dc165 vn="Variante von Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tobias\AppData\Local\Babylon\Setup\Setup.exe.vir"
sh=03211D12CD41802DF2EC6AA54AB53085378AF041 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tobias\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eilnchcpoologanbfpgdpaalmcknbepj\2.1\OH_37oM9.js.vir"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tobias\AppData\Local\Conduit\CT2319825\WinloadAutoUpdateHelper.exe.vir"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tobias\AppData\Local\Conduit\CT2625848\DVDVideoSoftTB_DEAutoUpdateHelper.exe.vir"
sh=E6BD8F5EFE24CF921209AE0C2A2E5BEFBE8ACEDE ft=1 fh=f5839ea66906a236 vn="Win32/Toolbar.Conduit.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tobias\AppData\Local\Conduit\CT3279453\DVDvideoSoft_2.0AutoUpdateHelper.exe.vir"
sh=CE89DB7BD06670FD77A7C1B37FF1A66BB99DF770 ft=1 fh=0247e0c60ea383d8 vn="Variante von Win32/Toolbar.Iminent.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tobias\AppData\Local\DownloadGuide\Offers\iminent.exe.vir"
sh=BC3FA2DCDDD091098D7558A2D635CEF5F1CDC155 ft=1 fh=913ecbdb09133521 vn="Win32/Packed.ScrambleWrapper.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tobias\AppData\Local\DownloadGuide\Offers\plushd.exe.vir"
sh=8E6A6992A3C7FEC4000FA1A4D764DD597109E0B5 ft=1 fh=c71c0011cd00713e vn="Win32/NextLive.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tobias\AppData\Local\genienext\nengine.dll.vir"
sh=2F39F8CC73B4EC9E16BCA258A7A71EA96FB129F3 ft=1 fh=233e7f8288e2ee97 vn="Variante von Win32/Amonetize.AM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tobias\AppData\Local\SwvUpdater\Updater.exe.vir"
sh=DABC08BDF0203F5946101A0EEA51D494E87F67B9 ft=1 fh=7788df8e5b966f5d vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tobias\AppData\Local\Temp\OCS\ocs_v71.exe.vir"
sh=9F82BB5DC8D4EC6B8B2BB47CB6C329B8AF1C14CE ft=1 fh=c92ed1f3ca58c043 vn="Win32/InstallCore.AZ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tobias\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Zip Opener Packages\uninstaller.exe.vir"
sh=B0C94A0205BBCBAA960B9086B15A4CC1BF476042 ft=1 fh=c4ae5d8c6ae6fa38 vn="Variante von Win32/RiskWare.Astori.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tobias\AppData\Roaming\InetStat\inetstat.exe.vir"
sh=D84249CE051B0513391DECC5419C0F27AEC7F645 ft=0 fh=0000000000000000 vn="Win32/Adware.Yontoo Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\5kqzl4du.default\Extensions\plugin@yontoo.com\content\overlay.js.vir"
sh=6142FBC4611F4F940427987193EEDDA221D332A7 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\5kqzl4du.default\Extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\chrome\nch_en.jar.vir"
sh=8E6A6992A3C7FEC4000FA1A4D764DD597109E0B5 ft=1 fh=c71c0011cd00713e vn="Win32/NextLive.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tobias\AppData\Roaming\newnext.me\nengine.dll.vir"
sh=122D3A31E6DE61FFF658BC1A6A30BB4084869D4F ft=1 fh=d875ea997b1c8376 vn="Win32/AdWare.Snoozer.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tobias\AppData\Roaming\Snz\Snz.exe.vir"
sh=C307169B03CEC17E4D612431FEC97D8966F4C636 ft=1 fh=a38c5df5482fc9b8 vn="Variante von Win32/Toolbar.Conduit.AM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tobias\AppData\Roaming\ValueApps\CH\TBVerifier.dll.vir"
sh=9CE5F659BDD89907624541CB98681224CA75D886 ft=1 fh=9b9a5086efdbb0a1 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=DAD6859391272695248C3D34F72FB3FBA00F05FD ft=0 fh=0000000000000000 vn="HTML/Iframe.B.Gen Virus" ac=I fn="C:\bberg\Susanne B\Lokale Einstellungen\Temporary Internet Files\Content.IE5\OLQF4H6N\bildungswerk-haeuser[1].htm"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=4f6e500feb048448b5fada6a75dfd87f
# engine=23474
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-04-21 12:01:26
# local_time=2015-04-21 02:01:26 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 5926515 123798896 0 0
# scanned=554199
# found=132
# cleaned=0
# scan_time=67818
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir"
sh=F4687F26FB5F90F12B444867597F3C32F765B35F ft=1 fh=512b5a55375d865d vn="Win32/Toolbar.Conduit.T evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\ValueApps\IE\ValueAppsLoader.dll.vir"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DVDVideoSoftTB_DE\DVDVideoSoftTB_DEToolbarHelper.exe.vir"
sh=A1280B1F085B8284DC157EC359BD1ADA091CFE7E ft=1 fh=d8aa3384d1249a40 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DVDVideoSoftTB_DE\ldrtbDVDV.dll.vir"
sh=A2D929A9864513C0E8ED84AAD622EF6ADCC9B950 ft=1 fh=22c06217fc444ec5 vn="Win32/Toolbar.Conduit.O evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll.vir"
sh=92E84D2216A7763D580E42FA2493CCF67D0D0560 ft=1 fh=e8efc42494afd9f6 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DVDVideoSoftTB_DE\tbDVDV.dll.vir"
sh=C58417722C0B741EA8D55D06914E692180900885 ft=1 fh=f4976c33c2ff8570 vn="Win32/Toolbar.Conduit.V evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DVDvideoSoft_2.0\DVDvideoSoft_2.0ToolbarHelper1.exe.vir"
sh=1B37BEC7610109F594112CFB3D31145270C9B448 ft=1 fh=40977a3eb07e85f1 vn="Variante von Win64/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DVDvideoSoft_2.0\hk64tbDVD0.dll.vir"
sh=34FF8E2D281CBFECE71100A04C0FF4436818382E ft=1 fh=7b66b1ed06cb1b80 vn="Variante von Win64/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DVDvideoSoft_2.0\hk64tbDVDv.dll.vir"
sh=D0ED81A632CE3D57C8B76105DA25F471D47B3E75 ft=1 fh=fc399cefd8e91d81 vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DVDvideoSoft_2.0\hktbDVD0.dll.vir"
sh=AE7B8F3BB6E040CE20B02DE558471FAA4C58386E ft=1 fh=6a41a8d0046fd7b4 vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DVDvideoSoft_2.0\hktbDVDv.dll.vir"
sh=2AA1E2644D392689B767F9208ABD40C8CF9A0830 ft=1 fh=6a69b43ed4700d25 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DVDvideoSoft_2.0\ldrtbDVD0.dll.vir"
sh=87BE5F13318AC3BA3F403A73E332E1784304C21D ft=1 fh=3e5cd6b65c184efc vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DVDvideoSoft_2.0\ldrtbDVDv.dll.vir"
sh=0B45EC8E2036288E625AE32992123A2D5671BF64 ft=1 fh=fead49227adafa68 vn="Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DVDvideoSoft_2.0\prxtbDVD0.dll.vir"
sh=2647A8D25068D715D97EE42DCB86CF9AA55946BC ft=1 fh=5fd80ae6b91e806a vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DVDvideoSoft_2.0\prxtbDVDv.dll.vir"
sh=9D2D4D6F4434A89BCEEE7132C24890550E01479C ft=1 fh=2a05e04e6030aaf6 vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DVDvideoSoft_2.0\tbDVD0.dll.vir"
sh=1E6279D9317A709616211812CCA5AB8B26EB4AB2 ft=1 fh=dd2582521ac42eea vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DVDvideoSoft_2.0\tbDVDv.dll.vir"
sh=22F68386A23A0857CB2E5051663F8F137C56A41E ft=1 fh=e72604c0c30fc4aa vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\DaemonProcess.exe.vir"
sh=7955D4D408EB3BBEE6A1E6D83411BA2E2307618B ft=1 fh=897e4b8880d16df5 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\Mobogenie.exe.vir"
sh=64F47A7189337A93E0CA4ABA2CA541BFC2EE0703 ft=0 fh=0000000000000000 vn="Variante von Android/Mobserv.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\MUServer.apk.vir"
sh=8E6A6992A3C7FEC4000FA1A4D764DD597109E0B5 ft=1 fh=c71c0011cd00713e vn="Win32/NextLive.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\nengine.dll.vir"
sh=D941B5F95177A5E3EDAC37ACB17EE8ADE5128DC1 ft=1 fh=090bc512018acff9 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\UpdateMoboGenie.exe.vir"
sh=C2D03B5ECA61D4162E72AEDB4DE06ADF32C29167 ft=1 fh=872ffd8282d31593 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Components\NCHToolbars\conduit\ConduitInstaller.exe.vir"
sh=3E528BF4BF06F3491D6D62CB756FACD726252E87 ft=1 fh=fdc38ff3be82d55a vn="Variante von Win32/Conduit.SearchProtect.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\bin\ChromeModule.dll.vir"
sh=FD93CCAEBA15517CE2171A1637BC837D393ADE8E ft=1 fh=fe17121cad1ff256 vn="Variante von Win32/Conduit.SearchProtect.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\bin\cltmng.exe.vir"
sh=77448BD92178191EF5A4D6A6A0A7FB1B8B45F3B8 ft=1 fh=270e4b58be3d8987 vn="Win32/Conduit.SearchProtect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\bin\CltMngSvc.exe.vir"
sh=6DC7867B24FA6111D0C6F71D4356B2EBC5C2C876 ft=1 fh=6a49d7d1db4b2cc3 vn="Variante von Win32/Conduit.SearchProtect.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\bin\FirefoxModule.dll.vir"
sh=CDB2DB2021C21556EB82F4316978B0382329809A ft=1 fh=0ce4d20c39ddf5b9 vn="Variante von Win32/Conduit.SearchProtect.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\bin\InternetExplorerModule.dll.vir"
sh=76A69E2AF9F1BAC40D8D9FE128364894CA2E9F08 ft=1 fh=004b198f29fb0ef4 vn="Variante von Win32/Conduit.SearchProtect.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\bin\SPHook32.dll.vir"
sh=FC96B1F32B9320881BA847B4B84AF0EF096CB99D ft=1 fh=e2b5ce1f1ae776f7 vn="Win32/Conduit.SearchProtect.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\bin\SPRunner.exe.vir"
sh=8202466E1DE3A815AB172AFF4383E4BD94278DCF ft=1 fh=89f70014390bbe76 vn="Win32/Conduit.SearchProtect.S evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\bin\uninstall.exe.vir"
sh=066797D487BA448FB1D401E34564FB93E2B2D910 ft=1 fh=e79164173f74db79 vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir"
sh=A1280B1F085B8284DC157EC359BD1ADA091CFE7E ft=1 fh=d8aa3384d1249a40 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Winload\ldrtbWinl.dll.vir"
sh=A2D929A9864513C0E8ED84AAD622EF6ADCC9B950 ft=1 fh=22c06217fc444ec5 vn="Win32/Toolbar.Conduit.O evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Winload\prxtbWinl.dll.vir"
sh=92E84D2216A7763D580E42FA2493CCF67D0D0560 ft=1 fh=e8efc42494afd9f6 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Winload\tbWinl.dll.vir"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Winload\WinloadToolbarHelper.exe.vir"
sh=813F99C162730B22A391A287FA9BA6A954C2977C ft=1 fh=545f8627a3352333 vn="Variante von Win32/Adware.Yontoo.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Yontoo\YontooIEClient.dll.vir"
sh=AEC860E4CDE64D747F215B83C8DE70EE0EBCB3A0 ft=1 fh=cde73a4bb58c0fe9 vn="Variante von Win32/Adware.Yontoo.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir"
sh=FDF652F803592E6840E076A89A19BF655686B8A8 ft=1 fh=de76e936397b25d2 vn="Variante von Win32/Adware.Yontoo.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\_Setupx.dll.vir"
sh=BACADE5603A6B6124DAC4F95C23701D820861DDC ft=1 fh=c71c0011b4f86534 vn="Variante von Win32/ELEX.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WPM\wprotectmanager.exe.vir"
sh=03211D12CD41802DF2EC6AA54AB53085378AF041 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eilnchcpoologanbfpgdpaalmcknbepj\2.1\OH_37oM9.js.vir"
sh=03211D12CD41802DF2EC6AA54AB53085378AF041 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eilnchcpoologanbfpgdpaalmcknbepj\2.1\OH_37oM9.js.vir"
sh=03211D12CD41802DF2EC6AA54AB53085378AF041 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\eilnchcpoologanbfpgdpaalmcknbepj\2.1\OH_37oM9.js.vir"
sh=03211D12CD41802DF2EC6AA54AB53085378AF041 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eilnchcpoologanbfpgdpaalmcknbepj\2.1\OH_37oM9.js.vir"
sh=03211D12CD41802DF2EC6AA54AB53085378AF041 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\eilnchcpoologanbfpgdpaalmcknbepj\2.1\OH_37oM9.js.vir"
sh=03211D12CD41802DF2EC6AA54AB53085378AF041 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\torch\User Data\Default\Extensions\eilnchcpoologanbfpgdpaalmcknbepj\2.1\OH_37oM9.js.vir"
sh=03211D12CD41802DF2EC6AA54AB53085378AF041 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eilnchcpoologanbfpgdpaalmcknbepj\2.1\OH_37oM9.js.vir"
sh=03211D12CD41802DF2EC6AA54AB53085378AF041 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\eilnchcpoologanbfpgdpaalmcknbepj\2.1\OH_37oM9.js.vir"
sh=03211D12CD41802DF2EC6AA54AB53085378AF041 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\eilnchcpoologanbfpgdpaalmcknbepj\2.1\OH_37oM9.js.vir"
sh=43A205985790C47A7E611FA2D3CAB9B4EB59121F ft=1 fh=5bd497922ffc5928 vn="Variante von Win32/Toolbar.Babylon.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tobias\AppData\Local\Babylon\Setup\BExternal.dll.vir"
sh=69FDC602A51E52C603F23A80E9B087C262DCE940 ft=1 fh=cab0049ca6613a48 vn="Variante von Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tobias\AppData\Local\Babylon\Setup\IECookieLow.dll.vir"
sh=3A9D7D4639B5EB8BEC42DF972C44493690EAADFC ft=1 fh=b8a59cf28e1dc165 vn="Variante von Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tobias\AppData\Local\Babylon\Setup\Setup.exe.vir"
sh=03211D12CD41802DF2EC6AA54AB53085378AF041 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tobias\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eilnchcpoologanbfpgdpaalmcknbepj\2.1\OH_37oM9.js.vir"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tobias\AppData\Local\Conduit\CT2319825\WinloadAutoUpdateHelper.exe.vir"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tobias\AppData\Local\Conduit\CT2625848\DVDVideoSoftTB_DEAutoUpdateHelper.exe.vir"
sh=E6BD8F5EFE24CF921209AE0C2A2E5BEFBE8ACEDE ft=1 fh=f5839ea66906a236 vn="Win32/Toolbar.Conduit.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tobias\AppData\Local\Conduit\CT3279453\DVDvideoSoft_2.0AutoUpdateHelper.exe.vir"
sh=CE89DB7BD06670FD77A7C1B37FF1A66BB99DF770 ft=1 fh=0247e0c60ea383d8 vn="Variante von Win32/Toolbar.Iminent.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tobias\AppData\Local\DownloadGuide\Offers\iminent.exe.vir"
sh=BC3FA2DCDDD091098D7558A2D635CEF5F1CDC155 ft=1 fh=913ecbdb09133521 vn="Win32/Packed.ScrambleWrapper.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tobias\AppData\Local\DownloadGuide\Offers\plushd.exe.vir"
sh=8E6A6992A3C7FEC4000FA1A4D764DD597109E0B5 ft=1 fh=c71c0011cd00713e vn="Win32/NextLive.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tobias\AppData\Local\genienext\nengine.dll.vir"
sh=2F39F8CC73B4EC9E16BCA258A7A71EA96FB129F3 ft=1 fh=233e7f8288e2ee97 vn="Variante von Win32/Amonetize.AM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tobias\AppData\Local\SwvUpdater\Updater.exe.vir"
sh=DABC08BDF0203F5946101A0EEA51D494E87F67B9 ft=1 fh=7788df8e5b966f5d vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tobias\AppData\Local\Temp\OCS\ocs_v71.exe.vir"
sh=9F82BB5DC8D4EC6B8B2BB47CB6C329B8AF1C14CE ft=1 fh=c92ed1f3ca58c043 vn="Win32/InstallCore.AZ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tobias\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Zip Opener Packages\uninstaller.exe.vir"
sh=B0C94A0205BBCBAA960B9086B15A4CC1BF476042 ft=1 fh=c4ae5d8c6ae6fa38 vn="Variante von Win32/RiskWare.Astori.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tobias\AppData\Roaming\InetStat\inetstat.exe.vir"
sh=D84249CE051B0513391DECC5419C0F27AEC7F645 ft=0 fh=0000000000000000 vn="Win32/Adware.Yontoo Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\5kqzl4du.default\Extensions\plugin@yontoo.com\content\overlay.js.vir"
sh=6142FBC4611F4F940427987193EEDDA221D332A7 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\5kqzl4du.default\Extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\chrome\nch_en.jar.vir"
sh=8E6A6992A3C7FEC4000FA1A4D764DD597109E0B5 ft=1 fh=c71c0011cd00713e vn="Win32/NextLive.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tobias\AppData\Roaming\newnext.me\nengine.dll.vir"
sh=122D3A31E6DE61FFF658BC1A6A30BB4084869D4F ft=1 fh=d875ea997b1c8376 vn="Win32/AdWare.Snoozer.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tobias\AppData\Roaming\Snz\Snz.exe.vir"
sh=C307169B03CEC17E4D612431FEC97D8966F4C636 ft=1 fh=a38c5df5482fc9b8 vn="Variante von Win32/Toolbar.Conduit.AM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tobias\AppData\Roaming\ValueApps\CH\TBVerifier.dll.vir"
sh=9CE5F659BDD89907624541CB98681224CA75D886 ft=1 fh=9b9a5086efdbb0a1 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=DAD6859391272695248C3D34F72FB3FBA00F05FD ft=0 fh=0000000000000000 vn="HTML/Iframe.B.Gen Virus" ac=I fn="C:\bberg\Susanne B\Lokale Einstellungen\Temporary Internet Files\Content.IE5\OLQF4H6N\bildungswerk-haeuser[1].htm"
sh=6EDA4285A495C1A690CDD9A93BD440DCB275C970 ft=1 fh=6cd9e736b83741ee vn="Variante von Win32/InstallCore.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\PDFCreator\message.exe"
sh=03211D12CD41802DF2EC6AA54AB53085378AF041 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eilnchcpoologanbfpgdpaalmcknbepj\2.1\OH_37oM9.js.vir"
sh=03211D12CD41802DF2EC6AA54AB53085378AF041 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eilnchcpoologanbfpgdpaalmcknbepj\2.1\OH_37oM9.js.vir"
sh=03211D12CD41802DF2EC6AA54AB53085378AF041 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eilnchcpoologanbfpgdpaalmcknbepj\2.1\OH_37oM9.js.vir"
sh=03211D12CD41802DF2EC6AA54AB53085378AF041 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eilnchcpoologanbfpgdpaalmcknbepj\2.1\OH_37oM9.js.vir"
sh=03211D12CD41802DF2EC6AA54AB53085378AF041 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eilnchcpoologanbfpgdpaalmcknbepj\2.1\OH_37oM9.js.vir"
sh=03211D12CD41802DF2EC6AA54AB53085378AF041 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eilnchcpoologanbfpgdpaalmcknbepj\2.1\OH_37oM9.js.vir"
sh=03211D12CD41802DF2EC6AA54AB53085378AF041 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Tobias\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eilnchcpoologanbfpgdpaalmcknbepj\2.1\OH_37oM9.js.vir"
sh=FC91E80B0210B099F6D027EC2F62F27DDD5E70C1 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EK Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\5kqzl4du.default\extensions\staged\hlc-5oioe@wqbpwpyiui.net\content\bg.js.vir"
sh=AE4FEF90B79EC983B36A06AEF027DAAB7434F948 ft=0 fh=0000000000000000 vn="Win32/AlteredSoftware.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tobias\AppData\Local\Facebook\Update\1.2.205.0\FacebookUpdateHelper.msi"
sh=9FC27D35536A004A97C12A04B70F4632BFACB4AD ft=1 fh=474950f6a59a9bec vn="Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tobias\Desktop\Sonstige\FreeYouTubeDownload-3.0.16.exe"
sh=71E0591D87546EA9D90D5A131CEFE2AD0B1F0FDF ft=1 fh=a4487f4ca2eca410 vn="Variante von Win32/WinloadSDA.J evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tobias\Downloads\Assassins-Creed-Revelations-Demo-Setup (1).exe"
sh=A6477595AA305A7F3AC677E8FCDABE627D220155 ft=1 fh=289f021ea2eca410 vn="Variante von Win32/WinloadSDA.J evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tobias\Downloads\Assassins-Creed-Revelations-Demo-Setup.exe"
sh=7D024F4DC532137A0A0DF80D68D51219FFC0A8BE ft=1 fh=6d5190999455e22b vn="Variante von Win32/WinloadSDA.J evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tobias\Downloads\Battlefield-3-Demo-Setup.exe"
sh=686FFA84B518F63667B17939C4F8B475226C06C6 ft=1 fh=ef34117524fb94cb vn="Variante von Win32/CNETInstaller.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tobias\Downloads\cbsidlm-cbsi176-Speedy_Eggbert-ORG-10560307.exe"
sh=19876B0C21073CE7AC4725124851FC36B7EA7301 ft=1 fh=31b372839de59c7b vn="Variante von Win32/CNETInstaller.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tobias\Downloads\cbsidlm-cbsi188-Speedy_Eggbert-SEO-10560307.exe"
sh=D7BD71F8AAB003F6F7F1CBAB397079C3E6C6AE60 ft=1 fh=bb1f3b8f7f290435 vn="Variante von Win32/InstallCore.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tobias\Downloads\cnet2_teamarenademo_exe.exe"
sh=71E62C2711AD1043D2DDE76ADC0A53C9652A3A09 ft=1 fh=1d82a577fbc1c31f vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tobias\Downloads\cod2demo.exe"
sh=FD2E6A96D8D1CED3EADE5678809B526723DC0BA6 ft=1 fh=f0c5bbdf39576248 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tobias\Downloads\CPU Z - CHIP-Downloader.exe"
sh=E9ADBE0526FFA374216D542E0D602E5533482114 ft=1 fh=df26b92e9b512772 vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tobias\Downloads\debutsetup.exe"
sh=ADF4B1ABD11130539A2D8DA9DDE39A63D9E07C86 ft=1 fh=e1af97ffad0e8393 vn="Variante von Win32/Systweak evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tobias\Downloads\dffsetup-openal32.exe"
sh=F4143930A9D59D4CA226F932B133016194672569 ft=1 fh=d338ea0cbdaaf16d vn="Variante von Win32/WinloadSDA.J evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tobias\Downloads\Driver--San-Francisco-Demo-Setup.exe"
sh=7336EEB27416A7F6A03F92979BCC619CF550EBBD ft=1 fh=32ad90c470794ca7 vn="Variante von MSIL/DownloadGuide.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tobias\Downloads\free-system-utilities-DE.exe"
sh=846D95D63EDE9508EFC7CEEE1D145D7CE62988C3 ft=1 fh=ec23a4ae3310ce50 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tobias\Downloads\FreeYouTubeToMP3Converter (1).exe"
sh=F7260CE69E39008609AC6570C2013A39315C46F5 ft=1 fh=c8129b0266621a88 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tobias\Downloads\FreeYouTubeToMP3Converter (3).exe"
sh=3308BEBA5E02E49A1363583BB8CEA8AAA26B9D85 ft=1 fh=7b4073d88eb8119f vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tobias\Downloads\FreeYouTubeToMP3Converter.exe"
sh=C2BD463845CFF168315094CEE59883A98D38BB04 ft=1 fh=c904b112d3bd37a6 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tobias\Downloads\FreeYouTubeToMP3Converter31121.exe"
sh=C94774E2CE0D3860F9E85EF69CACEE0684FE1D26 ft=1 fh=172f91202e4e5736 vn="Variante von Win32/Toolbar.SearchSuite.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tobias\Downloads\iMeshV11.exe"
sh=AC0B1A9671E97AAC7488943067EB0DA908C6E7A3 ft=1 fh=768d3b64a5316dfa vn="Variante von Win32/Toolbar.Iminent.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tobias\Downloads\IminentSetup{0.26buILVP}.exe"
sh=BCF43267B4416C6DDEFAAD5AE0A63E3F682C5BB0 ft=1 fh=905be375e5c80006 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tobias\Downloads\PDFCreator-1_6_2_2_setup.exe"
sh=6125BDBFABC8EAE425A864FEF8A3D92485C665EC ft=1 fh=49cc905e7ef5ec1b vn="Win32/SpeedUpMyPC evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tobias\Downloads\powersuite.exe"
sh=53E52C4F37F0B5F708514C6813F2437ECEBBE9FE ft=1 fh=a21368a93e64f196 vn="Variante von Win32/Systweak evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tobias\Downloads\rcpsetup_addon2vb.exe"
sh=CFBF06CF4F0A05EBF67AB927286AD2EA58E8CB11 ft=1 fh=ae37f404072bc5e8 vn="Win32/Adware.Bundlore Anwendung" ac=I fn="C:\Users\Tobias\Downloads\setup (1).exe"
sh=CFBF06CF4F0A05EBF67AB927286AD2EA58E8CB11 ft=1 fh=ae37f404072bc5e8 vn="Win32/Adware.Bundlore Anwendung" ac=I fn="C:\Users\Tobias\Downloads\setup (2).exe"
sh=CFBF06CF4F0A05EBF67AB927286AD2EA58E8CB11 ft=1 fh=ae37f404072bc5e8 vn="Win32/Adware.Bundlore Anwendung" ac=I fn="C:\Users\Tobias\Downloads\setup (3).exe"
sh=C0E28878041F7708BC82DD28153719E88A91C1BA ft=1 fh=0e746c2d3c3fdba6 vn="Win32/Systweak evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tobias\Downloads\Setup_WinThruster_2015.exe"
sh=385C541C20BD5BE0A40065F448C837B25FEE63FA ft=1 fh=304a4de85ffef59b vn="Variante von Win32/Toolbar.SearchSuite.Z evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tobias\Downloads\ShareazaV8de.exe"
sh=F4514643C87B0EA336E4E552C72D3B102B855B63 ft=1 fh=f532746a3f5db6fe vn="Variante von Win32/Adware.Trymedia.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tobias\Downloads\Singles-Flirt-Up-Your-Life.exe"
sh=A974747FEC79BBCBCED1D9F599E89CF15557098F ft=1 fh=1e2c726d3474ac28 vn="Variante von Win32/Adware.Trymedia.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tobias\Downloads\SinglesSetup-dm.exe"
sh=C961047CE2287553F7612E73EC54A310701029F6 ft=1 fh=8c5411acd6ecd7bb vn="Variante von Win32/SlowPCfighter evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tobias\Downloads\slow-pcfighter_Web.exe"
sh=D0A2B41E6FEA5EB228CAB9A38B4B8A34C357C0B7 ft=1 fh=ec4fc7b231155bd5 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tobias\Downloads\Typing of the Dead - CHIP-Installer.exe"
sh=AD5E8C9719C112E9C50FFED13530FFA1AF8031A5 ft=0 fh=0000000000000000 vn="Win32/RegistryBooster evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tobias\Downloads\Uniblue Power Suite 2011 (1).rar"
sh=AD5E8C9719C112E9C50FFED13530FFA1AF8031A5 ft=0 fh=0000000000000000 vn="Win32/RegistryBooster evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tobias\Downloads\Uniblue Power Suite 2011.rar"
sh=0CB4F7775DC3A1963637C6ED953C51A4F204E659 ft=0 fh=0000000000000000 vn="Variante von Win32/RegistryBooster evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tobias\Downloads\Uniblue PowerSuite 2011 (1).rar"
sh=0CB4F7775DC3A1963637C6ED953C51A4F204E659 ft=0 fh=0000000000000000 vn="Variante von Win32/RegistryBooster evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tobias\Downloads\Uniblue PowerSuite 2011.rar"
sh=0BFF84AA6CC4CCF580EAE2FBF4C129FA6EA612C4 ft=1 fh=9fe1a4845276fe8f vn="Win32/Adware.ADON evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tobias\Downloads\Unlocker1.9.1-x64.exe"
sh=6E45431B698CDB7BE8F1A41266BE7B327F33AD38 ft=1 fh=e5f91a3476785862 vn="Win32/Adware.ADON evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tobias\Downloads\Unlocker1.9.1.exe"
sh=F7164A6FE89A03D6934D473EE6D7CFD8BE263027 ft=1 fh=4d817b2c00942d08 vn="Variante von Win32/InstallCore.AG evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tobias\Downloads\VideoConverterSetup (1).exe"
sh=A1280B1F085B8284DC157EC359BD1ADA091CFE7E ft=1 fh=d8aa3384d1249a40 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\DVDVideoSoftTB_DE\ldrtbDVDV.dll"
sh=92E84D2216A7763D580E42FA2493CCF67D0D0560 ft=1 fh=e8efc42494afd9f6 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\DVDVideoSoftTB_DE\tbDVDV.dll"
sh=D0ED81A632CE3D57C8B76105DA25F471D47B3E75 ft=1 fh=fc399cefd8e91d81 vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\DVDvideoSoft_2.0\hktbDVD0.dll"
sh=2AA1E2644D392689B767F9208ABD40C8CF9A0830 ft=1 fh=6a69b43ed4700d25 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\DVDvideoSoft_2.0\ldrtbDVD0.dll"
sh=9D2D4D6F4434A89BCEEE7132C24890550E01479C ft=1 fh=2a05e04e6030aaf6 vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\DVDvideoSoft_2.0\tbDVD0.dll"
sh=A1280B1F085B8284DC157EC359BD1ADA091CFE7E ft=1 fh=d8aa3384d1249a40 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Winload\ldrtbWinl.dll"
sh=92E84D2216A7763D580E42FA2493CCF67D0D0560 ft=1 fh=e8efc42494afd9f6 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Winload\tbWinl.dll"
sh=A1280B1F085B8284DC157EC359BD1ADA091CFE7E ft=1 fh=d8aa3384d1249a40 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\DVDVideoSoftTB_DE\ldrtbDVDV.dll"
sh=92E84D2216A7763D580E42FA2493CCF67D0D0560 ft=1 fh=e8efc42494afd9f6 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\DVDVideoSoftTB_DE\tbDVDV.dll"
sh=D0ED81A632CE3D57C8B76105DA25F471D47B3E75 ft=1 fh=fc399cefd8e91d81 vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\DVDvideoSoft_2.0\hktbDVD0.dll"
sh=2AA1E2644D392689B767F9208ABD40C8CF9A0830 ft=1 fh=6a69b43ed4700d25 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\DVDvideoSoft_2.0\ldrtbDVD0.dll"
sh=9D2D4D6F4434A89BCEEE7132C24890550E01479C ft=1 fh=2a05e04e6030aaf6 vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\DVDvideoSoft_2.0\tbDVD0.dll"
sh=A1280B1F085B8284DC157EC359BD1ADA091CFE7E ft=1 fh=d8aa3384d1249a40 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Winload\ldrtbWinl.dll"
sh=92E84D2216A7763D580E42FA2493CCF67D0D0560 ft=1 fh=e8efc42494afd9f6 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Winload\tbWinl.dll"
|
|
21.04.2015, 13:18
| #13 |
| | conhost.exe-Prozess unterbricht ausgewähltes FensterCode:
ATTFilter Results of screen317's Security Check version 1.00
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 31
Java-Editor 12.2, 2013.10.2
Java version 32-bit out of Date!
Adobe Reader XI
Mozilla Firefox (7.0.1)
Google Chrome (41.0.2272.118)
Google Chrome (42.0.2311.90)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2015
Ran by Tobias (administrator) on TOBIAS-PC on 21-04-2015 14:13:44
Running from C:\Users\Tobias\Downloads
Loaded Profiles: Tobias (Available profiles: Tobias)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\System32\PnkBstrA.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
(ITE Tech. Inc.) C:\Windows\System32\IRMonitor.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(FNet Co., Ltd.) C:\Program Files (x86)\XFastUsb\XFastUsb.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaUI.exe
(Creative Technology Ltd) C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe
(Macrovision Europe Ltd.) C:\Users\Tobias\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001
(Creative Labs) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Dropbox, Inc.) C:\Users\Tobias\AppData\Roaming\Dropbox\bin\Dropbox.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(BitLeader) C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunes.exe
() C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.243\deploy\LoLLauncher.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.27\deploy\LoLPatcher.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.140\deploy\LolClient.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Tobias\Downloads\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Farbar) C:\Users\Tobias\Downloads\FRST64 (4).exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\wermgr.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-28] (Realtek Semiconductor)
HKLM\...\Run: [RunDLLEntry] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [5889816 2011-12-07] (Logitech Inc.)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-15] (Logitech Inc.)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2011-09-16] (LogMeIn, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [XFastUsb] => C:\Program Files (x86)\XFastUsb\XFastUsb.exe [4942336 2011-03-22] (FNet Co., Ltd.)
HKLM-x32\...\Run: [CTSyncService] => C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe [1233195 2009-07-08] (Creative Technology Ltd)
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe [241789 2009-05-04] (Creative Technology Ltd)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [619008 2010-05-25] (Nikon Corporation)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-12-15] (CyberLink)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [LGODDFU] => C:\Program Files (x86)\lg_fwupdate\lgfw.exe [27760 2013-02-04] (Bitleader)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [78352 2012-08-27] (cyberlink)
HKU\S-1-5-21-2387981973-1238528810-796836218-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-03-04] (Hewlett-Packard Company)
HKU\S-1-5-21-2387981973-1238528810-796836218-1000\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-08-27] (TomTom)
HKU\S-1-5-21-2387981973-1238528810-796836218-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk [2012-08-15]
ShortcutTarget: Ralink Wireless Utility.lnk -> C:\Program Files (x86)\Ralink\Common\RaUI.exe (Ralink Technology, Corp.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TMMonitor.lnk [2012-02-19]
ShortcutTarget: TMMonitor.lnk -> C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.)
Startup: C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-08-28]
ShortcutTarget: Dropbox.lnk -> C:\Users\Tobias\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2387981973-1238528810-796836218-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2387981973-1238528810-796836218-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM -> {22633736-B2C9-4843-8EFD-319E1867AE65} URL = hxxp://www.bing.com/?cc=de
SearchScopes: HKLM-x32 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> {5ED137D3-8CB5-4F0B-95C8-747231816CD2} URL = hxxp://www.bing.com/?cc=de
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2387981973-1238528810-796836218-1000 -> DefaultScope {9760B4B3-1E0E-4b7b-A342-C5FCA4FC60A3} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5480255188&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2387981973-1238528810-796836218-1000 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2387981973-1238528810-796836218-1000 -> {5ED137D3-8CB5-4F0B-95C8-747231816CD2} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
SearchScopes: HKU\S-1-5-21-2387981973-1238528810-796836218-1000 -> {9760B4B3-1E0E-4b7b-A342-C5FCA4FC60A3} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5480255188&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}
BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll [2009-08-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-25] (Oracle Corporation)
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-25] (Oracle Corporation)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-25] (Oracle Corporation)
BHO-x32: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-25] (Oracle Corporation)
BHO-x32: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-02] (Google Inc.)
Toolbar: HKU\.DEFAULT -> No Name - {04A8DD1A-4754-48FE-A703-99846646EF04} - No File
Toolbar: HKU\.DEFAULT -> No Name - {40C3CC16-7269-4B32-9531-17F2950FB06F} - No File
Toolbar: HKU\S-1-5-21-2387981973-1238528810-796836218-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-2387981973-1238528810-796836218-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: HKLM {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-02] (Google Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\5kqzl4du.default
FF NewTab: about:newtab
FF Homepage: about:home
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\system32\npDeployJava1.dll [2013-10-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-25] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2012-06-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Windows\SysWOW64\npdeployJava1.dll [2015-01-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-25] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-04-08] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-04-08] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2387981973-1238528810-796836218-1000: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF Plugin HKU\S-1-5-21-2387981973-1238528810-796836218-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Tobias\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-2387981973-1238528810-796836218-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Tobias\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File
FF Plugin HKU\S-1-5-21-2387981973-1238528810-796836218-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-11-09] ()
FF SearchPlugin: C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\5kqzl4du.default\searchplugins\search_the_web.xml [2013-07-17]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-06-23]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-03]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-10-22]
FF Extension: No Name - C:\Program Files (x86)\AmiExt\flashEnhancer\ff [Not Found]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR StartupUrls: Default -> "https://www.google.de/"
CHR Profile: C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-11]
CHR Extension: (Google Docs) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-11]
CHR Extension: (Google Drive) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-11]
CHR Extension: (YouTube) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-11]
CHR Extension: (GeoGebra) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnbaboaihhkjoaolfnfoablhllahjnee [2014-09-11]
CHR Extension: (Adblock Plus) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-07-20]
CHR Extension: (Google Search) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-11]
CHR Extension: (Google Sheets) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-11]
CHR Extension: (AdBlock) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-07-20]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
CHR Extension: (Gmail) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-11]
CHR HKU\S-1-5-21-2387981973-1238528810-796836218-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [oolkekjjhnaeaahibbnfebmogackofpf] - C:\Users\Tobias\AppData\Local\CRE\oolkekjjhnaeaahibbnfebmogackofpf.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [oolkekjjhnaeaahibbnfebmogackofpf] - C:\Users\Tobias\AppData\Local\CRE\oolkekjjhnaeaahibbnfebmogackofpf.crx [Not Found]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [243728 2012-08-27] (CyberLink)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2011-03-22] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2011-03-22] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [File not signed]
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-28] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed]
S4 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2014-07-21] (LogMeIn, Inc.)
S4 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2011-09-16] (LogMeIn, Inc.)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-28] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-03-01] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-11-24] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-06-05] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-07-02] () [File not signed]
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP2a\RpcAgentSrv.exe [72344 2008-05-19] (SiSoftware) [File not signed]
R3 Sound Blaster X-Fi MB Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [79360 2011-03-22] (Creative Labs) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2011-09-05] ()
S3 Cardex; C:\Windows\SysWOW64\drivers\TBPANELX64.SYS [15648 2007-03-16] (Windows (R) Server 2003 DDK provider)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [31808 2011-03-22] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2011-03-22] (FNet Co., Ltd.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-01-25] ()
S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [113280 2012-02-19] (ITE )
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2011-09-05] ()
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-31] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-28] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 SaiK1705; C:\Windows\System32\DRIVERS\SaiK1705.sys [180584 2012-09-20] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
R3 SaiU1705; C:\Windows\System32\DRIVERS\SaiU1705.sys [47208 2012-09-20] (Saitek)
S3 TBPanel; No ImagePath
R0 tclondrv; C:\Windows\System32\DRIVERS\tclondrv.sys [26856 2011-10-19] (TuneClone Software)
R1 vmm; C:\Windows\system32\Treiber\vmm.sys [296816 2007-02-18] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz132; \??\C:\Users\Tobias\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [X]
S3 cpuz136; \??\C:\Users\Tobias\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-21 14:13 - 2015-04-21 14:13 - 02099712 _____ (Farbar) C:\Users\Tobias\Downloads\FRST64 (4).exe
2015-04-21 14:06 - 2015-04-21 14:06 - 00852616 _____ () C:\Users\Tobias\Downloads\SecurityCheck.exe
2015-04-20 19:09 - 2015-04-20 19:10 - 02347384 _____ (ESET) C:\Users\Tobias\Downloads\esetsmartinstaller_deu (2).exe
2015-04-20 16:39 - 2015-04-20 16:39 - 02347384 _____ (ESET) C:\Users\Tobias\Downloads\esetsmartinstaller_deu (1).exe
2015-04-20 16:39 - 2015-04-20 16:39 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-04-17 20:33 - 2015-04-17 20:34 - 02097664 _____ (Farbar) C:\Users\Tobias\Downloads\FRST64 (3).exe
2015-04-17 20:31 - 2015-04-17 20:31 - 00000601 _____ () C:\Users\Tobias\Desktop\JRT.txt
2015-04-17 20:28 - 2015-04-17 20:28 - 02686254 _____ (Thisisu) C:\Users\Tobias\Downloads\JRT (3).exe
2015-04-17 20:24 - 2015-04-17 20:27 - 00001355 _____ () C:\Users\Tobias\Desktop\Adw.txt
2015-04-17 20:17 - 2015-04-17 20:17 - 02217984 _____ () C:\Users\Tobias\Downloads\AdwCleaner_4.201 (1).exe
2015-04-17 19:56 - 2015-04-17 19:56 - 00001316 _____ () C:\Users\Tobias\Desktop\mbam.txt
2015-04-17 19:24 - 2015-04-17 19:26 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Tobias\Downloads\mbam-setup-2.1.4.1018 (1).exe
2015-04-16 17:51 - 2015-04-16 17:51 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2015-04-15 11:04 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 11:04 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 11:04 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 11:04 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 11:04 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 11:04 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 11:04 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 11:04 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 11:04 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 11:04 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 11:04 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 11:04 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-15 11:04 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-15 11:04 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-15 11:04 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-15 11:04 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-15 11:04 - 2015-03-23 05:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 11:04 - 2015-03-23 05:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 11:04 - 2015-03-23 05:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 11:04 - 2015-03-23 05:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-15 11:04 - 2015-03-23 05:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 11:04 - 2015-03-23 05:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-15 11:04 - 2015-03-23 05:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 11:04 - 2015-03-23 05:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-15 11:04 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 11:04 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-15 11:04 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-15 11:04 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-15 11:04 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 11:04 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-15 11:04 - 2015-01-31 05:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-04-15 11:04 - 2015-01-31 05:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-04-15 11:04 - 2015-01-31 01:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-04-15 11:03 - 2015-04-02 02:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-15 11:03 - 2015-04-02 01:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-15 11:03 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 11:03 - 2015-03-17 07:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-15 11:03 - 2015-03-17 07:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-15 11:03 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 11:03 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-15 11:03 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-15 11:03 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-15 11:03 - 2015-03-17 07:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-15 11:03 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-15 11:03 - 2015-03-17 07:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-15 11:03 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-15 11:03 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-15 11:03 - 2015-03-17 07:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-15 11:03 - 2015-03-17 07:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-15 11:03 - 2015-03-17 07:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-15 11:03 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-15 11:03 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-15 11:03 - 2015-03-17 07:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-15 11:03 - 2015-03-17 07:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-15 11:03 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-15 11:03 - 2015-03-17 07:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-15 11:03 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-15 11:03 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-15 11:03 - 2015-03-17 07:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-15 11:03 - 2015-03-17 07:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-15 11:03 - 2015-03-17 07:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-15 11:03 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-15 11:03 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-15 11:03 - 2015-03-17 07:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-15 11:03 - 2015-03-17 07:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-15 11:03 - 2015-03-17 07:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-15 11:03 - 2015-03-17 07:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-15 11:03 - 2015-03-17 07:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-15 11:03 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-15 11:03 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-15 11:03 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-15 11:03 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-15 11:03 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-15 11:03 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-15 11:03 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-15 11:03 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-15 11:03 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-15 11:03 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-15 11:03 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-15 11:03 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-15 11:03 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-15 11:03 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-15 11:03 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-15 11:03 - 2015-03-17 06:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-15 11:03 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-15 11:03 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-15 11:03 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-15 11:03 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-15 11:03 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-15 11:03 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-15 11:03 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-15 11:03 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-15 11:03 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-15 11:03 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-15 11:03 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 11:03 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-15 11:03 - 2015-03-13 06:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 11:03 - 2015-03-13 06:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-15 11:03 - 2015-03-13 06:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-15 11:03 - 2015-03-13 06:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-15 11:03 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 11:03 - 2015-03-13 05:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-15 11:03 - 2015-03-13 05:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-15 11:03 - 2015-03-13 05:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-15 11:03 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-15 11:03 - 2015-03-13 05:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-15 11:03 - 2015-03-13 05:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 11:03 - 2015-03-13 05:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-15 11:03 - 2015-03-13 05:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-15 11:03 - 2015-03-13 05:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-15 11:03 - 2015-03-13 05:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 11:03 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-15 11:03 - 2015-03-13 05:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-15 11:03 - 2015-03-13 05:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-15 11:03 - 2015-03-13 05:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-15 11:03 - 2015-03-13 05:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-15 11:03 - 2015-03-13 05:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-15 11:03 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-15 11:03 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 11:03 - 2015-03-13 05:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-15 11:03 - 2015-03-13 05:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 11:03 - 2015-03-13 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-15 11:03 - 2015-03-13 04:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-15 11:03 - 2015-03-13 04:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-15 11:03 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-15 11:03 - 2015-03-13 04:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-15 11:03 - 2015-03-13 04:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-15 11:03 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-15 11:03 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 11:03 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-15 11:03 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-15 11:03 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-15 11:03 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-15 11:03 - 2014-12-11 19:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-04-15 11:02 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 11:02 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 11:02 - 2015-03-13 06:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 11:02 - 2015-03-13 06:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-15 11:02 - 2015-03-13 06:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 11:02 - 2015-03-13 05:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 11:02 - 2015-03-13 05:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 11:02 - 2015-03-13 05:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-15 11:02 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 11:02 - 2015-03-13 05:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 11:02 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-15 11:02 - 2015-03-13 05:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-15 11:02 - 2015-03-13 05:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-15 11:02 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 11:02 - 2015-03-13 05:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-15 11:02 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 11:02 - 2015-03-13 04:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-15 11:02 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-15 11:02 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 11:02 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-15 11:00 - 2014-09-05 04:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-04-15 11:00 - 2014-09-05 03:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-04-15 10:58 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 10:58 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 10:58 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-14 18:52 - 2015-04-08 22:32 - 00560968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-04-14 18:49 - 2015-04-09 02:58 - 30397072 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-04-14 18:49 - 2015-04-09 02:58 - 25375048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-04-14 18:49 - 2015-04-09 02:58 - 24053576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-04-14 18:49 - 2015-04-09 02:58 - 15818528 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-04-14 18:49 - 2015-04-09 02:58 - 15716232 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-04-14 18:49 - 2015-04-09 02:58 - 14006752 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-04-14 18:49 - 2015-04-09 02:58 - 12852784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-04-14 18:49 - 2015-04-09 02:58 - 11380728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-04-14 18:49 - 2015-04-09 02:58 - 10423952 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-04-14 18:49 - 2015-04-09 02:58 - 02935416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-04-14 18:49 - 2015-04-09 02:58 - 02896528 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-04-14 18:49 - 2015-04-09 02:58 - 02573456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-04-14 18:49 - 2015-04-09 02:58 - 01895568 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435012.dll
2015-04-14 18:49 - 2015-04-09 02:58 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435012.dll
2015-04-14 18:49 - 2015-04-09 02:58 - 01086424 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-04-14 18:49 - 2015-04-09 02:58 - 01047368 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-04-14 18:49 - 2015-04-09 02:58 - 01037640 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-04-14 18:49 - 2015-04-09 02:58 - 00970568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-04-14 18:49 - 2015-04-09 02:58 - 00962192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-04-14 18:49 - 2015-04-09 02:58 - 00927440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-04-14 18:49 - 2015-04-09 02:58 - 00499344 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-04-14 18:49 - 2015-04-09 02:58 - 00402576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-04-14 18:49 - 2015-04-09 02:58 - 00390472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-04-14 18:49 - 2015-04-09 02:58 - 00346256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-04-14 18:49 - 2015-04-09 02:58 - 00175880 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-04-14 18:49 - 2015-04-09 02:58 - 00154256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-04-14 18:49 - 2015-04-09 02:58 - 00150648 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-04-14 18:49 - 2015-04-09 02:58 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-04-14 18:33 - 2015-04-14 18:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-04-14 18:32 - 2015-04-14 18:33 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-04-14 18:32 - 2015-04-14 18:33 - 00000000 ____D () C:\Program Files\iTunes
2015-04-14 18:32 - 2015-04-14 18:32 - 00000000 ____D () C:\Program Files\iPod
2015-04-14 18:32 - 2015-04-14 18:32 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-04-14 18:25 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2015-04-14 18:25 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-04-14 18:25 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-04-14 18:25 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2015-04-14 18:25 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2015-04-14 18:25 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-04-14 18:25 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2015-04-14 18:25 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-04-14 18:25 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2015-04-14 18:25 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2015-04-14 18:25 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-04-14 18:25 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-04-14 18:25 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-04-14 18:25 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-04-14 18:25 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-04-14 18:22 - 2012-08-23 16:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-04-14 18:22 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2015-04-14 18:22 - 2012-08-23 12:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2015-04-13 20:59 - 2015-04-13 20:59 - 00038693 _____ () C:\ComboFix.txt
2015-04-13 20:50 - 2015-04-13 20:50 - 05617275 ____R (Swearware) C:\Users\Tobias\Desktop\ComboFix.exe
2015-04-13 20:50 - 2015-04-13 20:50 - 05617275 _____ (Swearware) C:\Users\Tobias\Downloads\ComboFix.exe
2015-04-13 20:45 - 2015-04-13 20:47 - 05617275 ____N (Swearware) C:\Users\Tobias\Downloads\ComboFix (1).exe
2015-04-13 14:15 - 2015-04-13 14:17 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Tobias\Downloads\tdsskiller (1).exe
2015-04-13 13:32 - 2015-04-13 13:34 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Tobias\Downloads\mbar-1.09.1.1004 (1).exe
2015-04-12 17:49 - 2015-04-12 17:49 - 00058161 _____ () C:\Users\Tobias\Desktop\Addition.txt
2015-04-12 17:49 - 2015-04-12 17:49 - 00052435 _____ () C:\Users\Tobias\Desktop\FRST.txt
2015-04-12 17:48 - 2015-04-12 17:48 - 02096640 _____ (Farbar) C:\Users\Tobias\Downloads\FRST64 (2).exe
2015-04-12 17:48 - 2015-04-12 17:48 - 02096640 _____ (Farbar) C:\Users\Tobias\Desktop\FRST64 (2).exe
2015-04-12 16:44 - 2015-04-12 16:44 - 00000000 ____D () C:\Users\Tobias\Desktop\Neuer Ordner
2015-04-12 16:43 - 2015-04-12 16:43 - 00380416 _____ () C:\Users\Tobias\Downloads\Gmer-19357.exe
2015-04-12 16:40 - 2015-04-12 16:40 - 02095616 _____ (Farbar) C:\Users\Tobias\Downloads\FRST64 (1).exe
2015-04-12 16:38 - 2015-04-12 16:39 - 00000246 _____ () C:\Users\Tobias\Downloads\defogger_enable.log
2015-04-12 16:37 - 2015-04-12 16:39 - 00000474 _____ () C:\Users\Tobias\Downloads\defogger_disable.log
2015-04-12 16:37 - 2015-04-12 16:37 - 00050477 _____ () C:\Users\Tobias\Downloads\Defogger.exe
2015-04-12 16:24 - 2015-04-12 16:25 - 03894696 _____ (solvusoft Corporation ) C:\Users\Tobias\Downloads\Setup_WinThruster_2015.exe
2015-04-11 22:47 - 2015-04-11 22:47 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-TOBIAS-PC-Windows-7-Home-Premium-(64-bit).dat
2015-04-11 22:47 - 2015-04-11 22:47 - 00000000 ____D () C:\RegBackup
2015-04-11 22:46 - 2015-04-11 22:47 - 02686959 _____ (Thisisu) C:\Users\Tobias\Downloads\JRT (2).exe
2015-04-11 22:33 - 2015-04-11 22:33 - 02217984 _____ () C:\Users\Tobias\Downloads\AdwCleaner_4.201.exe
2015-04-11 22:01 - 2015-04-17 19:26 - 00001108 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-11 22:01 - 2015-04-17 19:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-04-11 22:01 - 2015-04-17 19:26 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-04-11 22:01 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-11 22:01 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-11 21:59 - 2015-04-11 22:00 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Tobias\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-11 21:35 - 2015-04-13 20:59 - 00000000 ____D () C:\Qoobox
2015-04-11 21:35 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-04-11 21:35 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-11 21:35 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-04-11 21:35 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-11 21:35 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-11 21:35 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-11 21:35 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-11 21:35 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-11 21:34 - 2015-04-11 21:56 - 00000000 ____D () C:\Windows\erdnt
2015-04-11 21:30 - 2015-04-11 21:30 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Tobias\Downloads\tdsskiller.exe
2015-04-11 20:46 - 2015-04-17 19:26 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-11 20:46 - 2015-04-13 14:14 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-04-11 20:45 - 2015-04-13 14:14 - 00000000 ____D () C:\Users\Tobias\Desktop\mbar
2015-04-11 20:45 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-11 20:44 - 2015-04-11 20:45 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Tobias\Downloads\mbar-1.09.1.1004.exe
2015-04-11 20:43 - 2015-04-11 20:43 - 00065554 _____ () C:\Users\Tobias\Downloads\Addition.txt
2015-04-11 20:42 - 2015-04-21 14:13 - 00033912 _____ () C:\Users\Tobias\Downloads\FRST.txt
2015-04-11 20:42 - 2015-04-21 14:13 - 00000000 ____D () C:\FRST
2015-04-11 20:41 - 2015-04-11 20:41 - 02095616 _____ (Farbar) C:\Users\Tobias\Downloads\FRST64.exe
2015-04-08 02:02 - 2015-04-08 02:02 - 00307200 _____ () C:\Users\Tobias\AppData\Local\5D515C96_stp.CIS
2015-04-08 02:02 - 2015-04-08 02:02 - 00000220 _____ () C:\Users\Tobias\AppData\Local\5D515C96_stp.CIS.part
2015-04-06 15:42 - 2015-04-06 15:42 - 00000000 ____D () C:\temp
2015-04-06 15:40 - 2015-04-09 02:58 - 00029329 _____ () C:\Windows\system32\nvinfo.pb
2015-04-06 15:40 - 2015-03-13 21:41 - 01896136 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434788.dll
2015-04-06 15:40 - 2015-03-13 21:41 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434788.dll
2015-04-06 02:56 - 2015-04-06 02:56 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-06 02:56 - 2015-04-06 02:56 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-05 19:10 - 2015-04-05 19:10 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\.mono
2015-04-05 19:10 - 2015-04-05 19:10 - 00000000 ____D () C:\Users\Tobias\AppData\Local\Colossal Order
2015-04-05 19:10 - 2015-04-05 19:10 - 00000000 ____D () C:\ProgramData\.mono
2015-04-05 18:33 - 2015-04-05 18:33 - 00000222 _____ () C:\Users\Tobias\Desktop\Cities Skylines.url
2015-03-25 23:03 - 2015-03-25 23:03 - 00000000 ____D () C:\Users\Tobias\Desktop\2015-03-25 Scan 2
2015-03-25 23:02 - 2015-03-25 23:02 - 00000000 ____D () C:\Users\Tobias\Desktop\2015-03-25 Scan 1
2015-03-23 19:24 - 2015-03-23 19:24 - 00000845 _____ () C:\Users\Tobias\AppData\Local\recently-used.xbel
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-21 14:14 - 2012-06-05 19:32 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-21 13:44 - 2011-09-05 02:36 - 01335401 _____ () C:\Windows\WindowsUpdate.log
2015-04-21 13:28 - 2014-05-20 16:50 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-21 13:28 - 2012-08-14 21:41 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2387981973-1238528810-796836218-1000UA.job
2015-04-21 13:28 - 2012-02-14 22:56 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-20 23:42 - 2011-10-12 21:08 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{19B58C30-1D25-4CDA-88D5-F3956277D39E}
2015-04-20 21:46 - 2012-08-14 21:41 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2387981973-1238528810-796836218-1000Core.job
2015-04-20 18:19 - 2012-02-14 22:56 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-20 13:57 - 2011-09-06 20:12 - 00000000 ____D () C:\Users\Tobias\AppData\Local\CrashDumps
2015-04-20 13:45 - 2009-07-14 06:45 - 00023520 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-20 13:45 - 2009-07-14 06:45 - 00023520 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-20 13:32 - 2014-08-28 20:35 - 00000000 ___RD () C:\Users\Tobias\Dropbox
2015-04-20 13:31 - 2014-08-28 20:01 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\Dropbox
2015-04-20 13:30 - 2013-02-04 17:14 - 00000344 _____ () C:\Windows\lgfwup.ini
2015-04-20 13:30 - 2013-02-04 17:14 - 00000000 ____D () C:\Program Files (x86)\lg_fwupdate
2015-04-20 13:29 - 2012-02-19 20:13 - 00000048 _____ () C:\monitor.log
2015-04-20 13:29 - 2011-03-22 02:08 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-20 13:29 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-20 13:29 - 2009-07-14 06:51 - 00273482 _____ () C:\Windows\setupact.log
2015-04-18 16:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-04-17 20:20 - 2014-01-25 12:26 - 00000000 ____D () C:\AdwCleaner
2015-04-17 20:20 - 2011-03-22 01:45 - 00744610 _____ () C:\Windows\PFRO.log
2015-04-17 20:02 - 2009-07-14 19:58 - 00701134 _____ () C:\Windows\system32\perfh007.dat
2015-04-17 20:02 - 2009-07-14 19:58 - 00150314 _____ () C:\Windows\system32\perfc007.dat
2015-04-17 20:02 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-16 17:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-16 17:45 - 2014-12-10 20:14 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-16 17:45 - 2014-04-30 11:17 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-16 17:45 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-16 00:11 - 2011-09-20 17:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-16 00:10 - 2011-09-20 19:17 - 01597976 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-16 00:07 - 2013-08-14 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 23:58 - 2011-09-22 18:43 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-15 16:24 - 2014-05-20 16:50 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-15 16:24 - 2014-05-20 16:50 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-15 16:24 - 2011-09-20 16:52 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-15 15:21 - 2013-11-07 15:00 - 00002181 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-15 09:43 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-14 18:53 - 2012-11-19 13:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-04-14 18:33 - 2014-05-20 17:04 - 00001759 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-04-14 18:32 - 2014-05-21 18:18 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-04-13 20:57 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-04-12 16:39 - 2011-09-04 19:48 - 00000000 ____D () C:\Users\Tobias
2015-04-11 22:37 - 2014-06-23 14:05 - 00000000 ____D () C:\Windows\system32\log
2015-04-11 22:27 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\L2Schemas
2015-04-11 21:57 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-04-11 21:47 - 2012-08-20 19:35 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\convert
2015-04-11 20:46 - 2014-01-25 12:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-10 12:43 - 2014-08-28 20:35 - 00001029 _____ () C:\Users\Tobias\Desktop\Dropbox.lnk
2015-04-10 12:43 - 2014-08-28 20:05 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-10 03:08 - 2012-08-14 19:35 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\Skype
2015-04-09 02:58 - 2014-11-19 22:18 - 14617288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-04-09 02:58 - 2014-08-19 22:15 - 31570064 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-04-09 02:58 - 2014-08-19 22:15 - 17176128 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-04-09 02:58 - 2014-08-19 22:14 - 12689592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-04-09 02:58 - 2014-08-19 22:14 - 03317344 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-04-08 23:30 - 2011-01-13 23:02 - 06841488 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-04-08 23:30 - 2011-01-13 23:02 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-04-08 23:30 - 2011-01-13 23:02 - 00936264 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-04-08 23:30 - 2011-01-13 23:02 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-04-08 23:30 - 2011-01-13 23:02 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-04-08 23:30 - 2011-01-13 23:01 - 03478344 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-04-08 19:52 - 2012-11-18 23:45 - 04336074 _____ () C:\Windows\system32\nvcoproc.bin
2015-04-07 18:16 - 2014-03-31 21:44 - 00011950 _____ () C:\Users\Tobias\Documents\TombRaider.log
2015-04-06 15:41 - 2011-03-22 02:07 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-04-05 22:34 - 2013-09-02 15:19 - 00001383 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
2015-03-28 05:44 - 2014-06-03 11:42 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-03-28 05:44 - 2013-12-09 22:14 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-03-28 05:43 - 2014-06-03 11:42 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-03-28 05:43 - 2013-12-09 22:14 - 01570672 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-03-23 22:22 - 2012-01-03 20:55 - 00000000 ____D () C:\Users\Tobias\Documents\Schule
2015-03-23 20:25 - 2012-06-23 22:24 - 00000000 ____D () C:\Users\Tobias\.gimp-2.8
2015-03-23 15:04 - 2015-02-06 15:16 - 00001247 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2015-03-23 15:04 - 2015-02-06 15:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-03-23 15:04 - 2015-02-06 15:14 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2015-03-23 15:02 - 2015-02-06 15:14 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack
2015-03-23 15:02 - 2011-11-14 17:02 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\DVDVideoSoft
==================== Files in the root of some directories =======
2013-08-13 23:25 - 2013-08-13 23:35 - 4188160 _____ () C:\Program Files (x86)\GUT3D69.tmp
2013-08-13 23:31 - 2013-08-13 23:35 - 4188160 _____ () C:\Program Files (x86)\GUT7CF8.tmp
2011-12-25 01:00 - 2011-12-25 01:00 - 0000268 ___RH () C:\Users\Tobias\AppData\Roaming\BookService
2011-12-25 01:00 - 2011-12-25 01:00 - 0000268 ___RH () C:\Users\Tobias\AppData\Roaming\Booms
2011-12-25 01:00 - 2011-12-25 01:00 - 0000268 ___RH () C:\Users\Tobias\AppData\Roaming\Breath Pad
2014-05-27 21:59 - 2014-08-31 21:29 - 14155776 _____ () C:\Users\Tobias\AppData\Roaming\Sandra.mdb
2013-08-15 17:14 - 2014-01-25 02:14 - 0000179 _____ () C:\Users\Tobias\AppData\Roaming\WB.CFG
2013-08-17 01:14 - 2014-01-03 01:49 - 0000005 _____ () C:\Users\Tobias\AppData\Roaming\WBPU-Q5-TTL.DAT
2013-08-15 17:14 - 2014-01-25 02:14 - 0000005 _____ () C:\Users\Tobias\AppData\Roaming\WBPU-TTL.DAT
2015-04-08 02:02 - 2015-04-08 02:02 - 0307200 _____ () C:\Users\Tobias\AppData\Local\5D515C96_stp.CIS
2015-04-08 02:02 - 2015-04-08 02:02 - 0000220 _____ () C:\Users\Tobias\AppData\Local\5D515C96_stp.CIS.part
2015-03-23 19:24 - 2015-03-23 19:24 - 0000845 _____ () C:\Users\Tobias\AppData\Local\recently-used.xbel
2011-09-04 23:16 - 2014-12-17 17:01 - 0007622 _____ () C:\Users\Tobias\AppData\Local\Resmon.ResmonCfg
2011-12-25 01:00 - 2011-12-25 01:00 - 0000268 ___RH () C:\ProgramData\Bubble Noise
2011-12-25 01:00 - 2011-12-25 01:00 - 0000268 ___RH () C:\ProgramData\Bundle
2011-12-25 01:00 - 2011-12-25 01:00 - 0000268 ___RH () C:\ProgramData\CIOSupport
2011-12-25 01:00 - 2011-12-25 01:00 - 0000012 ___RH () C:\ProgramData\Clips
2011-12-25 01:00 - 2011-12-25 01:00 - 0000012 ___RH () C:\ProgramData\Colors
2011-12-25 01:00 - 2011-12-25 01:00 - 0000012 ___RH () C:\ProgramData\ColorSync
2014-12-07 12:14 - 2015-02-02 00:03 - 0003868 _____ () C:\ProgramData\flcd_proxy.log
2011-12-25 01:00 - 2012-01-10 18:05 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2011-12-25 01:00 - 2012-07-30 11:35 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2011-12-25 01:00 - 2011-12-25 01:00 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT
Some content of TEMP:
====================
C:\Users\Tobias\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp75g0fa.dll
C:\Users\Tobias\AppData\Local\Temp\Quarantine.exe
C:\Users\Tobias\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-15 18:46
==================== End Of Log ============================
--- --- --- --- --- --- Nein ist leider immer noch vorhanden  Geändert von Tobi44718 (21.04.2015 um 13:18 Uhr) Grund: Nein ist leider immer noch vorhanden :( |
|
22.04.2015, 07:30
| #14 |
| /// the machine /// TB-Ausbilder | conhost.exe-Prozess unterbricht ausgewähltes Fenster Java updaten. Und ich würde mal schleunigst mein Downloadverhalten überdenken: CHIP-Installer - was ist das? - Anleitungen Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\bberg\Susanne B\Lokale Einstellungen\Temporary Internet Files\Content.IE5\OLQF4H6N\bildungswerk-haeuser[1].htm
C:\Program Files (x86)\PDFCreator\message.exe
C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eilnchcpoologanbfpgdpaalmcknbepj\2.1\OH_37oM9.js.vir
C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eilnchcpoologanbfpgdpaalmcknbepj\2.1\OH_37oM9.js.vir
C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eilnchcpoologanbfpgdpaalmcknbepj\2.1\OH_37oM9.js.vir
C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eilnchcpoologanbfpgdpaalmcknbepj\2.1\OH_37oM9.js.vir
C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eilnchcpoologanbfpgdpaalmcknbepj\2.1\OH_37oM9.js.vir
C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eilnchcpoologanbfpgdpaalmcknbepj\2.1\OH_37oM9.js.vir
C:\Qoobox\Quarantine\C\Users\Tobias\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eilnchcpoologanbfpgdpaalmcknbepj\2.1\OH_37oM9.js.vir
C:\Qoobox\Quarantine\C\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\5kqzl4du.default\extensions\staged\hlc-5oioe@wqbpwpyiui.net\content\bg.js.vir
C:\Users\Tobias\AppData\Local\Facebook\Update\1.2.205.0\FacebookUpdateHelper.msi
C:\Users\Tobias\Desktop\Sonstige\FreeYouTubeDownload-3.0.16.exe
C:\Users\Tobias\Downloads\Assassins-Creed-Revelations-Demo-Setup (1).exe
C:\Users\Tobias\Downloads\Assassins-Creed-Revelations-Demo-Setup.exe
C:\Users\Tobias\Downloads\Battlefield-3-Demo-Setup.exe
C:\Users\Tobias\Downloads\cbsidlm-cbsi176-Speedy_Eggbert-ORG-10560307.exe
C:\Users\Tobias\Downloads\cbsidlm-cbsi188-Speedy_Eggbert-SEO-10560307.exe
C:\Users\Tobias\Downloads\cnet2_teamarenademo_exe.exe
C:\Users\Tobias\Downloads\cod2demo.exe
C:\Users\Tobias\Downloads\CPU Z - CHIP-Downloader.exe
C:\Users\Tobias\Downloads\debutsetup.exe
C:\Users\Tobias\Downloads\dffsetup-openal32.exe
C:\Users\Tobias\Downloads\Driver--San-Francisco-Demo-Setup.exe
C:\Users\Tobias\Downloads\free-system-utilities-DE.exe
C:\Users\Tobias\Downloads\FreeYouTubeToMP3Converter (1).exe
C:\Users\Tobias\Downloads\FreeYouTubeToMP3Converter (3).exe
C:\Users\Tobias\Downloads\FreeYouTubeToMP3Converter.exe
C:\Users\Tobias\Downloads\FreeYouTubeToMP3Converter31121.exe
C:\Users\Tobias\Downloads\iMeshV11.exe
C:\Users\Tobias\Downloads\IminentSetup{0.26buILVP}.exe
C:\Users\Tobias\Downloads\PDFCreator-1_6_2_2_setup.exe
C:\Users\Tobias\Downloads\powersuite.exe
C:\Users\Tobias\Downloads\rcpsetup_addon2vb.exe
C:\Users\Tobias\Downloads\setup (1).exe
C:\Users\Tobias\Downloads\setup (2).exe
C:\Users\Tobias\Downloads\setup (3).exe
C:\Users\Tobias\Downloads\Setup_WinThruster_2015.exe
C:\Users\Tobias\Downloads\ShareazaV8de.exe
C:\Users\Tobias\Downloads\Singles-Flirt-Up-Your-Life.exe
C:\Users\Tobias\Downloads\SinglesSetup-dm.exe
C:\Users\Tobias\Downloads\slow-pcfighter_Web.exe
C:\Users\Tobias\Downloads\Typing of the Dead - CHIP-Installer.exe
C:\Users\Tobias\Downloads\Uniblue Power Suite 2011 (1).rar
C:\Users\Tobias\Downloads\Uniblue Power Suite 2011.rar
C:\Users\Tobias\Downloads\Uniblue PowerSuite 2011 (1).rar
C:\Users\Tobias\Downloads\Uniblue PowerSuite 2011.rar
C:\Users\Tobias\Downloads\Unlocker1.9.1-x64.exe
C:\Users\Tobias\Downloads\Unlocker1.9.1.exe
C:\Users\Tobias\Downloads\VideoConverterSetup (1).exe
C:\Windows\System32\config\systemprofile\AppData\LocalLow\DVDVideoSoftTB_DE\ldrtbDVDV.dll
C:\Windows\System32\config\systemprofile\AppData\LocalLow\DVDVideoSoftTB_DE\tbDVDV.dll
C:\Windows\System32\config\systemprofile\AppData\LocalLow\DVDvideoSoft_2.0\hktbDVD0.dll
C:\Windows\System32\config\systemprofile\AppData\LocalLow\DVDvideoSoft_2.0\ldrtbDVD0.dll
C:\Windows\System32\config\systemprofile\AppData\LocalLow\DVDvideoSoft_2.0\tbDVD0.dll
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Winload\ldrtbWinl.dll
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Winload\tbWinl.dll
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\DVDVideoSoftTB_DE\ldrtbDVDV.dll
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\DVDVideoSoftTB_DE\tbDVDV.dll
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\DVDvideoSoft_2.0\hktbDVD0.dll
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\DVDvideoSoft_2.0\ldrtbDVD0.dll
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\DVDvideoSoft_2.0\tbDVD0.dll
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Winload\ldrtbWinl.dll
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Winload\tbWinl.dll
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Windows Repair Tool laufen lassen: Windows reparieren - so geht's - Anleitungen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
22.04.2015, 15:31
| #15 |
| | conhost.exe-Prozess unterbricht ausgewähltes FensterCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-04-2015
Ran by Tobias at 2015-04-22 16:23:10 Run:1
Running from C:\Users\Tobias\Desktop
Loaded Profiles: Tobias (Available profiles: Tobias)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\bberg\Susanne B\Lokale Einstellungen\Temporary Internet Files\Content.IE5\OLQF4H6N\bildungswerk-haeuser[1].htm
C:\Program Files (x86)\PDFCreator\message.exe
C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eilnchcpoologanbfpgdpaalmcknbepj\2.1\OH_37oM9.js.vir
C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eilnchcpoologanbfpgdpaalmcknbepj\2.1\OH_37oM9.js.vir
C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eilnchcpoologanbfpgdpaalmcknbepj\2.1\OH_37oM9.js.vir
C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eilnchcpoologanbfpgdpaalmcknbepj\2.1\OH_37oM9.js.vir
C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eilnchcpoologanbfpgdpaalmcknbepj\2.1\OH_37oM9.js.vir
C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eilnchcpoologanbfpgdpaalmcknbepj\2.1\OH_37oM9.js.vir
C:\Qoobox\Quarantine\C\Users\Tobias\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eilnchcpoologanbfpgdpaalmcknbepj\2.1\OH_37oM9.js.vir
C:\Qoobox\Quarantine\C\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\5kqzl4du.default\extensions\staged\hlc-5oioe@wqbpwpyiui.net\content\bg.js.vir
C:\Users\Tobias\AppData\Local\Facebook\Update\1.2.205.0\FacebookUpdateHelper.msi
C:\Users\Tobias\Desktop\Sonstige\FreeYouTubeDownload-3.0.16.exe
C:\Users\Tobias\Downloads\Assassins-Creed-Revelations-Demo-Setup (1).exe
C:\Users\Tobias\Downloads\Assassins-Creed-Revelations-Demo-Setup.exe
C:\Users\Tobias\Downloads\Battlefield-3-Demo-Setup.exe
C:\Users\Tobias\Downloads\cbsidlm-cbsi176-Speedy_Eggbert-ORG-10560307.exe
C:\Users\Tobias\Downloads\cbsidlm-cbsi188-Speedy_Eggbert-SEO-10560307.exe
C:\Users\Tobias\Downloads\cnet2_teamarenademo_exe.exe
C:\Users\Tobias\Downloads\cod2demo.exe
C:\Users\Tobias\Downloads\CPU Z - CHIP-Downloader.exe
C:\Users\Tobias\Downloads\debutsetup.exe
C:\Users\Tobias\Downloads\dffsetup-openal32.exe
C:\Users\Tobias\Downloads\Driver--San-Francisco-Demo-Setup.exe
C:\Users\Tobias\Downloads\free-system-utilities-DE.exe
C:\Users\Tobias\Downloads\FreeYouTubeToMP3Converter (1).exe
C:\Users\Tobias\Downloads\FreeYouTubeToMP3Converter (3).exe
C:\Users\Tobias\Downloads\FreeYouTubeToMP3Converter.exe
C:\Users\Tobias\Downloads\FreeYouTubeToMP3Converter31121.exe
C:\Users\Tobias\Downloads\iMeshV11.exe
C:\Users\Tobias\Downloads\IminentSetup{0.26buILVP}.exe
C:\Users\Tobias\Downloads\PDFCreator-1_6_2_2_setup.exe
C:\Users\Tobias\Downloads\powersuite.exe
C:\Users\Tobias\Downloads\rcpsetup_addon2vb.exe
C:\Users\Tobias\Downloads\setup (1).exe
C:\Users\Tobias\Downloads\setup (2).exe
C:\Users\Tobias\Downloads\setup (3).exe
C:\Users\Tobias\Downloads\Setup_WinThruster_2015.exe
C:\Users\Tobias\Downloads\ShareazaV8de.exe
C:\Users\Tobias\Downloads\Singles-Flirt-Up-Your-Life.exe
C:\Users\Tobias\Downloads\SinglesSetup-dm.exe
C:\Users\Tobias\Downloads\slow-pcfighter_Web.exe
C:\Users\Tobias\Downloads\Typing of the Dead - CHIP-Installer.exe
C:\Users\Tobias\Downloads\Uniblue Power Suite 2011 (1).rar
C:\Users\Tobias\Downloads\Uniblue Power Suite 2011.rar
C:\Users\Tobias\Downloads\Uniblue PowerSuite 2011 (1).rar
C:\Users\Tobias\Downloads\Uniblue PowerSuite 2011.rar
C:\Users\Tobias\Downloads\Unlocker1.9.1-x64.exe
C:\Users\Tobias\Downloads\Unlocker1.9.1.exe
C:\Users\Tobias\Downloads\VideoConverterSetup (1).exe
C:\Windows\System32\config\systemprofile\AppData\LocalLow\DVDVideoSoftTB_DE\ldrtbDVDV.dll
C:\Windows\System32\config\systemprofile\AppData\LocalLow\DVDVideoSoftTB_DE\tbDVDV.dll
C:\Windows\System32\config\systemprofile\AppData\LocalLow\DVDvideoSoft_2.0\hktbDVD0.dll
C:\Windows\System32\config\systemprofile\AppData\LocalLow\DVDvideoSoft_2.0\ldrtbDVD0.dll
C:\Windows\System32\config\systemprofile\AppData\LocalLow\DVDvideoSoft_2.0\tbDVD0.dll
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Winload\ldrtbWinl.dll
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Winload\tbWinl.dll
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\DVDVideoSoftTB_DE\ldrtbDVDV.dll
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\DVDVideoSoftTB_DE\tbDVDV.dll
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\DVDvideoSoft_2.0\hktbDVD0.dll
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\DVDvideoSoft_2.0\ldrtbDVD0.dll
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\DVDvideoSoft_2.0\tbDVD0.dll
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Winload\ldrtbWinl.dll
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Winload\tbWinl.dll
Emptytemp:
*****************
C:\bberg\Susanne B\Lokale Einstellungen\Temporary Internet Files\Content.IE5\OLQF4H6N\bildungswerk-haeuser[1].htm => Moved successfully.
C:\Program Files (x86)\PDFCreator\message.exe => Moved successfully.
C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eilnchcpoologanbfpgdpaalmcknbepj\2.1\OH_37oM9.js.vir => Moved successfully.
C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eilnchcpoologanbfpgdpaalmcknbepj\2.1\OH_37oM9.js.vir => Moved successfully.
C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eilnchcpoologanbfpgdpaalmcknbepj\2.1\OH_37oM9.js.vir => Moved successfully.
C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eilnchcpoologanbfpgdpaalmcknbepj\2.1\OH_37oM9.js.vir => Moved successfully.
C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eilnchcpoologanbfpgdpaalmcknbepj\2.1\OH_37oM9.js.vir => Moved successfully.
C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eilnchcpoologanbfpgdpaalmcknbepj\2.1\OH_37oM9.js.vir => Moved successfully.
C:\Qoobox\Quarantine\C\Users\Tobias\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eilnchcpoologanbfpgdpaalmcknbepj\2.1\OH_37oM9.js.vir => Moved successfully.
C:\Qoobox\Quarantine\C\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\5kqzl4du.default\extensions\staged\hlc-5oioe@wqbpwpyiui.net\content\bg.js.vir => Moved successfully.
C:\Users\Tobias\AppData\Local\Facebook\Update\1.2.205.0\FacebookUpdateHelper.msi => Moved successfully.
C:\Users\Tobias\Desktop\Sonstige\FreeYouTubeDownload-3.0.16.exe => Moved successfully.
C:\Users\Tobias\Downloads\Assassins-Creed-Revelations-Demo-Setup (1).exe => Moved successfully.
C:\Users\Tobias\Downloads\Assassins-Creed-Revelations-Demo-Setup.exe => Moved successfully.
C:\Users\Tobias\Downloads\Battlefield-3-Demo-Setup.exe => Moved successfully.
C:\Users\Tobias\Downloads\cbsidlm-cbsi176-Speedy_Eggbert-ORG-10560307.exe => Moved successfully.
C:\Users\Tobias\Downloads\cbsidlm-cbsi188-Speedy_Eggbert-SEO-10560307.exe => Moved successfully.
C:\Users\Tobias\Downloads\cnet2_teamarenademo_exe.exe => Moved successfully.
C:\Users\Tobias\Downloads\cod2demo.exe => Moved successfully.
C:\Users\Tobias\Downloads\CPU Z - CHIP-Downloader.exe => Moved successfully.
C:\Users\Tobias\Downloads\debutsetup.exe => Moved successfully.
C:\Users\Tobias\Downloads\dffsetup-openal32.exe => Moved successfully.
C:\Users\Tobias\Downloads\Driver--San-Francisco-Demo-Setup.exe => Moved successfully.
C:\Users\Tobias\Downloads\free-system-utilities-DE.exe => Moved successfully.
C:\Users\Tobias\Downloads\FreeYouTubeToMP3Converter (1).exe => Moved successfully.
C:\Users\Tobias\Downloads\FreeYouTubeToMP3Converter (3).exe => Moved successfully.
C:\Users\Tobias\Downloads\FreeYouTubeToMP3Converter.exe => Moved successfully.
C:\Users\Tobias\Downloads\FreeYouTubeToMP3Converter31121.exe => Moved successfully.
C:\Users\Tobias\Downloads\iMeshV11.exe => Moved successfully.
C:\Users\Tobias\Downloads\IminentSetup{0.26buILVP}.exe => Moved successfully.
C:\Users\Tobias\Downloads\PDFCreator-1_6_2_2_setup.exe => Moved successfully.
C:\Users\Tobias\Downloads\powersuite.exe => Moved successfully.
C:\Users\Tobias\Downloads\rcpsetup_addon2vb.exe => Moved successfully.
C:\Users\Tobias\Downloads\setup (1).exe => Moved successfully.
C:\Users\Tobias\Downloads\setup (2).exe => Moved successfully.
C:\Users\Tobias\Downloads\setup (3).exe => Moved successfully.
C:\Users\Tobias\Downloads\Setup_WinThruster_2015.exe => Moved successfully.
C:\Users\Tobias\Downloads\ShareazaV8de.exe => Moved successfully.
C:\Users\Tobias\Downloads\Singles-Flirt-Up-Your-Life.exe => Moved successfully.
C:\Users\Tobias\Downloads\SinglesSetup-dm.exe => Moved successfully.
C:\Users\Tobias\Downloads\slow-pcfighter_Web.exe => Moved successfully.
C:\Users\Tobias\Downloads\Typing of the Dead - CHIP-Installer.exe => Moved successfully.
C:\Users\Tobias\Downloads\Uniblue Power Suite 2011 (1).rar => Moved successfully.
C:\Users\Tobias\Downloads\Uniblue Power Suite 2011.rar => Moved successfully.
C:\Users\Tobias\Downloads\Uniblue PowerSuite 2011 (1).rar => Moved successfully.
C:\Users\Tobias\Downloads\Uniblue PowerSuite 2011.rar => Moved successfully.
C:\Users\Tobias\Downloads\Unlocker1.9.1-x64.exe => Moved successfully.
C:\Users\Tobias\Downloads\Unlocker1.9.1.exe => Moved successfully.
C:\Users\Tobias\Downloads\VideoConverterSetup (1).exe => Moved successfully.
"C:\Windows\System32\config\systemprofile\AppData\LocalLow\DVDVideoSoftTB_DE\ldrtbDVDV.dll" => File/Directory not found.
"C:\Windows\System32\config\systemprofile\AppData\LocalLow\DVDVideoSoftTB_DE\tbDVDV.dll" => File/Directory not found.
"C:\Windows\System32\config\systemprofile\AppData\LocalLow\DVDvideoSoft_2.0\hktbDVD0.dll" => File/Directory not found.
"C:\Windows\System32\config\systemprofile\AppData\LocalLow\DVDvideoSoft_2.0\ldrtbDVD0.dll" => File/Directory not found.
"C:\Windows\System32\config\systemprofile\AppData\LocalLow\DVDvideoSoft_2.0\tbDVD0.dll" => File/Directory not found.
"C:\Windows\System32\config\systemprofile\AppData\LocalLow\Winload\ldrtbWinl.dll" => File/Directory not found.
"C:\Windows\System32\config\systemprofile\AppData\LocalLow\Winload\tbWinl.dll" => File/Directory not found.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\DVDVideoSoftTB_DE\ldrtbDVDV.dll => Moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\DVDVideoSoftTB_DE\tbDVDV.dll => Moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\DVDvideoSoft_2.0\hktbDVD0.dll => Moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\DVDvideoSoft_2.0\ldrtbDVD0.dll => Moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\DVDvideoSoft_2.0\tbDVD0.dll => Moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Winload\ldrtbWinl.dll => Moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Winload\tbWinl.dll => Moved successfully.
EmptyTemp: => Removed 1.3 GB temporary data.
The system needed a reboot.
==== End of Fixlog 16:24:06 ====
|
|
| Themen zu conhost.exe-Prozess unterbricht ausgewähltes Fenster |
| aktive, aktiviert, beenden, beschreibung, conhost.exe, dateien, entweder, extrem, fenster, freue, geschieht, hintergrund, klicke, klicken, problem, prozesse, sekunden, sobald, spiele, tagen, tan, task-manager, unterbricht, verschwindet, videos, würde |
WARNUNG an die MITLESER: 
Linear-Darstellung
